www.gaituba.com Open in urlscan Pro
121.41.179.170 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gaituba.com/seal
Submission: On July 10 via api (July 10th 2023, 12:54:07 pm UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 5 countries across 11 domains to perform 50 HTTP transactions. The main IP is 121.41.179.170, located in Hangzhou, China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is www.gaituba.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on September 14th 2022. Valid for: a year.

This is the only time www.gaituba.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	121.41.179.170 121.41.179.170	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
7	47.110.23.105 47.110.23.105	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
8	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
7	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2800:3f0:4001... 2800:3f0:4001:826::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:a::6	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
50	16

2 121.41.179.170 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

www.gaituba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 47.110.23.105 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

gaituba.oss-cn-hangzhou.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2800:3f0:4001:826::2003 (São Paulo, Brazil)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:a::6 (Ireland)

ASN15169 (GOOGLE, US)

rr1---sn-5hnekn7l.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	308 KB
9	gstatic.com www.gstatic.com csi.gstatic.com fonts.gstatic.com	104 KB
7	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57	46 KB
7	aliyuncs.com gaituba.oss-cn-hangzhou.aliyuncs.com	119 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
2	baidu.com hm.baidu.com — Cisco Umbrella Rank: 7415	12 KB
2	gaituba.com www.gaituba.com	60 KB
1	googlevideo.com rr1---sn-5hnekn7l.googlevideo.com — Cisco Umbrella Rank: 60972	730 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	57 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1129	605 B
50	11

	Domain	Requested by
9	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	www.gaituba.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	gaituba.oss-cn-hangzhou.aliyuncs.com	www.gaituba.com
5	csi.gstatic.com	www.gstatic.com
3	www.gstatic.com	googleads.g.doubleclick.net
2	hm.baidu.com	www.gaituba.com
2	www.gaituba.com	www.gaituba.com
1	www.google.com	tpc.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	rr1---sn-5hnekn7l.googlevideo.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
50	15

This site contains links to these domains. Also see Links.

Domain
beian.miit.gov.cn

Subject Issuer	Validity	Valid
www.gaituba.com Encryption Everywhere DV TLS CA - G1	`2022-09-14` - `2023-09-14`	a year	crt.sh
*.oss-cn-hangzhou.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-02-15` - `2024-03-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
baidu.com GlobalSign RSA OV SSL CA 2018	`2022-07-05` - `2023-08-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-06-20` - `2023-08-29`	2 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.gaituba.com/seal
Frame ID: DE5D08263903B09F95A4CC601CCE1120
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230705/r20190131/zrt_lookup.html
Frame ID: C173C7C3C9814AA8CDB1AD95A32BAF36
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&adk=1812271804&adf=3025194257&lmt=1688993641&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x675_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641558&bpp=4&bdt=1314&idt=200&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1077626668625&frm=20&pv=2&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=248
Frame ID: 8D62101C82E2740715009DC0EC14E62B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252
Frame ID: C384CCBADE50A6F034CB2AE76E89BE9B
Requests: 26 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: 5446F8B5F220F23DF437FBBE80065779
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3E2A69F7D0B9FB4264E001CF42CB59EE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DA575678958F115BB62E8B79726D691E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

在线免费生成公章、合同章、私人章 - 改图吧

Detected technologies

Livewire (Web frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]{1,512}\bwire:
livewire(?:\.min)?\.js

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 75%
Detected patterns

<[^>]+[^\w-]x-data[^\w-][^<]+

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

50
Requests

100 %
HTTPS

80 %
IPv6

11
Domains

15
Subdomains

16
IPs

5
Countries

1439 kB
Transfer

2720 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://beian.miit.gov.cn/
Title: 赣ICP备13007629号

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request seal Show response
www.gaituba.com/ 67 KB
15 KB 2812ms
634ms Document
text/html 121.41.179.170
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gaituba.com/seal

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

121.41.179.170 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

37e137454d840405c9ad7926dcf5a27a7e6cebbca3dca9b46c6ad8c93287b2d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, must-revalidate, no-cache, no-store, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Jul 2023 12:53:59 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fxq-95072b05.js Show response
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 4 KB
3 KB 960ms
292ms Script
application/javascript 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/fxq-95072b05.js
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: b1d68facc9f857143f6304a222da4740bd59d7a106666d88e797dd270081f80a

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
Content-Encoding: gzip
x-oss-request-id: 64ABFF69DC44E0323412B255
Content-MD5: ddemJD6SB/Dv2l3/kgvK8Q==
Transfer-Encoding: chunked
Connection: keep-alive
x-oss-object-type: Normal
Last-Modified: Tue, 04 Jul 2023 06:12:11 GMT
Server: AliyunOSS
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 16259564861308927781
x-oss-server-time: 7

GET
H/1.1 200
OK utils-4e550c8d.js Show response
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 2 KB
2 KB 974ms
299ms Script
application/javascript 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/utils-4e550c8d.js
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: b79a935ebc1c7397c66b4ef034cb006fdbcd768c1df03216cf3a0a6cc53273eb

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
Content-Encoding: gzip
x-oss-request-id: 64ABFF69716A9C3431B36BE1
Content-MD5: sZpLbePKbaJoSDQ+vQRRrA==
Transfer-Encoding: chunked
Connection: keep-alive
x-oss-object-type: Normal
Last-Modified: Tue, 04 Jul 2023 06:12:28 GMT
Server: AliyunOSS
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 4417945646222064529
x-oss-server-time: 9

GET
H/1.1 200
OK app-8b9d7f5c.css
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 224 KB
32 KB 962ms
295ms Stylesheet
text/css 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/app-8b9d7f5c.css
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 8b9d7f5c7b64be976b40144f47d5cac85fd0797a277db83f3209da04ef5b1b03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-oss-object-type: Normal
Date: Mon, 10 Jul 2023 12:54:01 GMT
Content-Encoding: gzip
x-oss-request-id: 64ABFF691AFF653337B9FA81
Last-Modified: Tue, 04 Jul 2023 06:12:07 GMT
Server: AliyunOSS
Content-MD5: dDX/1Wry5e/m9TIJnmwaUg==
Transfer-Encoding: chunked
Vary: Accept-Encoding, Origin
Content-Type: text/css
x-oss-storage-class: Standard
Connection: keep-alive
x-oss-hash-crc64ecma: 2681801156826173570
x-oss-server-time: 8

GET
H/1.1 200
OK app-eb086502.js Show response
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 119 KB
44 KB 995ms
316ms Script
application/javascript 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/app-eb086502.js
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 65ccea3cd81d140e4947102183bbcfc76b9a219a102ed6fdc5583c9612a46f89

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
Content-Encoding: gzip
x-oss-request-id: 64ABFF69A966993136FED883
Content-MD5: FuUiQXwBz8I7Nqn+AwkNsg==
Transfer-Encoding: chunked
Connection: keep-alive
x-oss-object-type: Normal
Last-Modified: Tue, 04 Jul 2023 06:12:07 GMT
Server: AliyunOSS
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 542416629770129455
x-oss-server-time: 25

GET
H/1.1 200
OK _commonjsHelpers-725317a4.js Show response
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 236 B
844 B 1006ms
303ms Script
application/javascript 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/_commonjsHelpers-725317a4.js
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 9625379badd4849610dfe6c15453cdf0c0071264c90eef177307fac094d2aa6c

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
x-oss-request-id: 64ABFF6938492232304E453D
Content-MD5: FG6vhcNEzuAIyR8mhdv4Lw==
Connection: keep-alive
Content-Length: 236
x-oss-object-type: Normal
Last-Modified: Tue, 04 Jul 2023 06:12:05 GMT
Server: AliyunOSS
ETag: "146EAF85C344CEE008C91F2685DBF82F"
Vary: Origin
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 13924384173712314115
x-oss-server-time: 1

GET
H/1.1 200
OK index-6ed23fac.js Show response
gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/ 102 KB
35 KB 1107ms
344ms Script
application/javascript 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/build/assets/index-6ed23fac.js
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 478a465468e121f72d905ad2437f097aea89ca5f71d498e014c4a0faa0aace39

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
Content-Encoding: gzip
x-oss-request-id: 64ABFF696A91E53833F8F822
Content-MD5: AY2+xuR6keundn0dBzP8Ag==
Transfer-Encoding: chunked
Connection: keep-alive
x-oss-object-type: Normal
Last-Modified: Tue, 04 Jul 2023 06:12:16 GMT
Server: AliyunOSS
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 13969437583373758229
x-oss-server-time: 8

GET
H/1.1 200
OK logo.png
gaituba.oss-cn-hangzhou.aliyuncs.com/images/ 3 KB
4 KB 296ms
295ms Image
image/png 47.110.23.105
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gaituba.oss-cn-hangzhou.aliyuncs.com/images/logo.png
Requested by: Host: www.gaituba.com
URL: https://www.gaituba.com/seal
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.110.23.105 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: a5015fb8d81c7afb71bab91f97fbdf52cece67ad37067b728bf9e13f94187ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:01 GMT
x-oss-request-id: 64ABFF6909E59835391870B7
Content-MD5: lt/X6fxfOypSaFuzAunf1g==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 3104
x-oss-object-type: Normal
Last-Modified: Mon, 03 Apr 2023 13:02:10 GMT
Server: AliyunOSS
ETag: "96DFD7E9FC5F3B2A52685BB302E9DFD6"
Vary: Origin
Content-Type: image/png
x-oss-ec: 0048-00000105
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 17673463307734512786
x-oss-server-time: 8

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
48 KB 132ms
66ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4063868898867139

Requested by

Host: www.gaituba.com
URL: https://www.gaituba.com/seal

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a46ec81b4ae658aa66df590a01d9ab13a3415b992b587da37784c434b3877939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gaituba.com/
Origin: https://www.gaituba.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48604
x-xss-protection: 0
server: cafe
etag: 9413241332286542082
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 10 Jul 2023 12:54:00 GMT

GET
H/1.1 200
OK livewire.js Show response
www.gaituba.com/vendor/livewire/ 171 KB
44 KB 312ms
300ms Script
application/javascript 121.41.179.170
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gaituba.com/vendor/livewire/livewire.js?id=90730a3b0e7144480175

Requested by

Host: www.gaituba.com
URL: https://www.gaituba.com/seal

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

121.41.179.170 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

38a4dc885f9d1267bbfaf361e24fbf51994bd7f6743784ec3e4a267bbe74a0be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/seal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Apr 2023 02:53:39 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: W/"644b3533-2aae3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=604800
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 17 Jul 2023 12:54:00 GMT

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 1286ms
293ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?7c335da75eaec4e87d6a35d5b7405ac5

Requested by

Host: www.gaituba.com
URL: https://www.gaituba.com/seal

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

9a3a26f7fb00babe03bf26de96d995ab6557a510ccff16514f8a69b3e53130bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 12:54:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: 405a92f2a6d1ec45dad41a9652454d2c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11259

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/ 344 KB
118 KB 107ms
79ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4063868898867139&plah=www.gaituba.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4063868898867139

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b9d3fdddfe5e9c595aa167380db0f20f708a3ead5c40cf1aa8ddb22adb6636

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121043
x-xss-protection: 0
server: cafe
etag: 13109522603423263557
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 10 Jul 2023 12:54:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230705/r20190131/ Frame C173 10 KB
5 KB 51ms
14ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230705/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4063868898867139

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gaituba.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 09 Jul 2023 19:57:29 GMT
etag: 12368291122986407432
expires: Sun, 23 Jul 2023 19:57:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
605 B 79ms
40ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.gaituba.com&callback=_gfp_s_&client=ca-pub-4063868898867139

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4063868898867139&plah=www.gaituba.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b46ba8c7dcbf1ea10ee6e94d7a0d518df0cf518586d3865ba2fd749963cac40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 94ms
25ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.gaituba.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8D62 0
188 B 70ms
69ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&adk=1812271804&adf=3025194257&lmt=1688993641&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x675_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641558&bpp=4&bdt=1314&idt=200&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1077626668625&frm=20&pv=2&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=248

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gaituba.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 12:54:01 GMT
expires: Mon, 10 Jul 2023 12:54:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C384 123 KB
41 KB 1500ms
1498ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad02adacb5fcb2cbf0c46813a95e95e7c4751db0c6394514803402b8c521ff3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gaituba.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41436
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 12:54:03 GMT
expires: Mon, 10 Jul 2023 12:54:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 93 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 859790d507acd06e12295953099b5025fc6d49d41683e0af085c5f8513f3c3c7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 294ms
294ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=851178103&si=7c335da75eaec4e87d6a35d5b7405ac5&v=1.3.0&lv=1&sn=25623&r=0&ww=1600&u=https%3A%2F%2Fwww.gaituba.com%2Fseal&tt=%E5%9C%A8%E7%BA%BF%E5%85%8D%E8%B4%B9%E7%94%9F%E6%88%90%E5%85%AC%E7%AB%A0%E3%80%81%E5%90%88%E5%90%8C%E7%AB%A0%E3%80%81%E7%A7%81%E4%BA%BA%E7%AB%A0%20-%20%E6%94%B9%E5%9B%BE%E5%90%A7

Requested by

Host: www.gaituba.com
URL: https://www.gaituba.com/seal

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 Jul 2023 12:54:03 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H2 200 90cda0d4b2e9798013d5ae8e8588fe0b.js Show response
www.gstatic.com/mysidia/ Frame C384 9 KB
4 KB 57ms
14ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/90cda0d4b2e9798013d5ae8e8588fe0b.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa7074f9a3c53a17de894245299386751108ee411500d2548aaf09c30fc1e555

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:33:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 588020
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3972
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 17:33:43 GMT

GET
H2 200 aa6a167bd8722375e709a581ef5a1517.js Show response
www.gstatic.com/mysidia/ Frame C384 140 KB
51 KB 58ms
15ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7270954ecf0b92ec43e1d679bde8d3a66beedb5dfb98c5704abaa4161d90450b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:30:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 354210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52456
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 16:59:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 10:30:33 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C384 21 KB
2 KB 59ms
25ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d888389dfe8da504b233c3698d941ebbf649bfd865d100e4f5b18c28b95a944a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 10 Jul 2023 12:54:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 11:23:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 10 Jul 2023 12:54:03 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/ Frame C384 2 KB
975 B 15ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 17:15:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70705
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 17:15:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/ Frame C384 23 KB
9 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 17:15:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70725
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 17:15:18 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/ Frame C384 3 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:23:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5408
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 11:23:55 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/ Frame C384 20 KB
9 KB 52ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 17:15:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70704
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 17:15:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C384 179 KB
57 KB 62ms
24ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57266
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688579601580341"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Jul 2023 12:54:03 GMT

GET
H2 200 5f03bef6f00b7a8cf9d43233a2aa7e67.js Show response
www.gstatic.com/mysidia/ Frame C384 33 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5f03bef6f00b7a8cf9d43233a2aa7e67.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:04:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14183
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 10:04:54 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/16457134294963513439/ Frame C384 661 B
1010 B 14ms
13ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16457134294963513439/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c8685fda352a65ec544115b552258e69917024538a6cfe2713e1f408aa37219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 08:05:10 GMT
x-content-type-options: nosniff
age: 103733
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 661
x-xss-protection: 0
last-modified: Sat, 25 Jun 2022 17:27:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jul 2024 08:05:10 GMT

GET
DATA 200
OK truncated
/ Frame C384 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81cacd6b187878c8eb795e61e66c648ee76c410dafc63852de35290c1e56f9f1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 csi
csi.gstatic.com/ Frame C384 0
234 B 841ms
328ms Ping
image/gif 2800:3f0:4001:826::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~ljwv7fyq&c=4229800261253&slotId=2114900130626.5&qqid=CI6Nt9CXhIADFbD95wMdacIHaA&sei=44730425%2C44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=rda&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2800:3f0:4001:826::2003 São Paulo, Brazil, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/3344884604067737764/ Frame C384 69 KB
69 KB 15ms
15ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3344884604067737764/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

035cd8059f7f27b32d8a24e260e081e19c5681ab6ed69dcb6de7513011545afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 19:45:53 GMT
x-content-type-options: nosniff
age: 320890
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71041
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 20:32:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 05 Jul 2024 19:45:53 GMT

GET
H/1.1 206
Partial Content videoplayback
rr1---sn-5hnekn7l.googlevideo.com/ Frame C384 730 KB
730 KB 96ms
18ms Media
video/mp4 2a00:1450:400e:a::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr1---sn-5hnekn7l.googlevideo.com/videoplayback?expire=1689022443&ei=a_-rZNLNCum8n88PvZiF6AM&ip=2a00:c98:2050:a007:2::2&id=be401b8bad2a4953&itag=18&source=youtube&requiressl=yes&mh=Cn&mm=31&mn=sn-5hnekn7l&ms=au&mv=m&mvi=1&pl=44&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=13.525&lmt=1682085161867756&mt=1688993377&txp=5310224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJnbvgOm5v7AKr01rVzgF8eRDE1JDfmlSIe8z5vjY5DGAiEA2fuvn9aE_owWdzOmv4el15gFUhIBmU-FSJhxtqbE-M4=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgX4PAGkM7fZkeNCDyT5JCE3IrSZW3mSWHESWzjJL7a-sCIGFY9EgoRnUuX90weMG0NScOpTJ_wyukiqrl3nq5b3lY&cpn=j-pB9Oe7ehbjuBWY

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:a::6 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

34c83218ed73ee1c86992f2032b34eb10b242c992b9f11fd4abd45d59f892f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

Date: Mon, 10 Jul 2023 12:54:03 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 21 Apr 2023 13:52:41 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-747360/747361
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 747361
Expires: Mon, 10 Jul 2023 12:54:03 GMT

GET
DATA 200
OK truncated
/ Frame C384 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4f88e7ab1f04ff420e17f8c48b043a099b5c43d1434c651a109d0f082f7ea09

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C384 0
23 B 59ms
59ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6goGaf-rZM60N7D7n88P6YSfwAbsjazEcYb2_aTIEejW-_3_MBABINn-kDdglYKAgLAHoAGhxvCsAcgBCakCnF5Mi3Zfsj6oAwHIA8sEqgTTAU_QqtmGBBmHV1rv2WX6-uNNcIupMK7g2FXeM48Nx6OCQMpjKx9pq3BFuBkZh3BHk2Q9mNA9dQYjq6lrx8Kq3GhgXHCCoVDLKEzLYyxC8y7Zz7n-KkR8D5dkQTp9s0-v-9mclzci9-iQ1Mae_WOR5KMDV88Rcpfqxgj7TuoFMwbcEi2EuUC82u5z7ayw-GgYX6UIn4kcJanU2cCsIfUWVy_fYGaOxxCP2eTJ14OjZywuGPFf-o0SNddneNvnvB33HIOM6y5FQU2_OaUkKEC1bfZAmlLABPa7lq3_A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfHuY_TAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEILSLNIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgHICwGiDAgqBgoEw7CxArgTnBvYEwzQFQGAFwGyFxwKGggAEhRwdWItNDA2Mzg2ODg5ODg2NzEzORgA&sigh=EvvgRAVXofY&uach_m=[UACH]&cid=CAQSGwBygQiD3ZqzyI8YtYoJNdfyxEkKkr1oJzIYHBgB&template_id=3484&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 10 Jul 2023 12:54:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Jul 2023 12:54:03 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C384 0
54 B 761ms
329ms Ping
image/gif 2800:3f0:4001:826::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~ljwv7fz0&c=4229800261253&slotId=2114900130626.5&qqid=CI6Nt9CXhIADFbD95wMdacIHaA&umsem=0&ape=1&ple=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F90cda0d4b2e9798013d5ae8e8588fe0b.js%253Ftag%253Dclient_fast_engine_2019&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2800:3f0:4001:826::2003 São Paulo, Brazil, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C384 0
54 B 760ms
328ms Ping
image/gif 2800:3f0:4001:826::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~ljwv7g1a&c=4229800261253&slotId=2114900130626.5&qqid=CI6Nt9CXhIADFbD95wMdacIHaA&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252Faa6a167bd8722375e709a581ef5a1517.js%253Ftag%253Dvideo_mra%252Fweb_raspberry_ms_cta_adjustment&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2800:3f0:4001:826::2003 São Paulo, Brazil, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C384 0
54 B 760ms
329ms Ping
image/gif 2800:3f0:4001:826::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~ljwv7g1a&c=4229800261253&slotId=2114900130626.5&qqid=CI6Nt9CXhIADFbD95wMdacIHaA&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fwww.gstatic.com%252Fmysidia%252F5f03bef6f00b7a8cf9d43233a2aa7e67.js%253Ftag%253Dmysidia_one_click_handler_one_afma_2019&encoded_body_size=0&transfer_size=0
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2800:3f0:4001:826::2003 São Paulo, Brazil, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame C384 33 KB
34 KB 50ms
14ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 02:43:59 GMT
x-content-type-options: nosniff
age: 123004
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jul 2024 02:43:59 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 75ms
74ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230705&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3118ef2dca628fb83ffdb8c94a8082e336486301191948d2e17e4968c5e2e0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11818
x-xss-protection: 0

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame C384 42 B
64 B 56ms
56ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CviDvaf-rZM60N7D7n88P6YSfwAbsjazEcYb2_aTIEejW-_3_MBABINn-kDdglYKAgLAHoAGhxvCsAcgBCakCnF5Mi3Zfsj6oAwHIA8sEqgTWAU_QqtmGBBmHV1rv2WX6-uNNcIupMK7g2FXeM48Nx6OCQMpjKx9pq3BFuBkZh3BHk2Q9mNA9dQYjq6lrx8Kq3GhgXHCCoVDLKEzLYyxC8y7Zz7n-KkR8D5dkQTp9s0-v-9mclzci9-iQ1Mae_WOR5KMDV88Rcpfqxgj7TuoFMwbcEi2EuUC82u5z7ayw-GgYX6UIn4kcJanU2cCsIfUWVy_fYGaOxxCP2eTJ14OjJS4PimKvP7Pg8Omqi_IvZwjRFi6GxTbUqaaW8XScBGyt_COdpKCgjxfABPa7lq3_A6AGLoAHx7mP0wKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAfKqbECqAfrpbEC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOrEJ9F0wFi_PNzaACgGYCwHICwGADAGiDAgqBgoEw7CxArgMAdoMEAoKEKC_08mXkZ3tBhICAQOqDQJERbgTnBvYEwzQFQH4FgGAFwE&sigh=90BIrvoeimM&cid=CAQSGwBygQiD3ZqzyI8YtYoJNdfyxEkKkr1oJzIYHA&label=adresume

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 5446 38 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 441366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 12:54:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3E2A 13 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gaituba.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 12:44:08 GMT
expires: Tue, 09 Jul 2024 12:44:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DA57 783 B
1 KB 82ms
24ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c4bded3c1cf87cc74c9958c7751220fe1bb68b85046a9c9a09e4c94ed99fac75

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4gud005CQcwv41wAuIZzdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gaituba.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-4gud005CQcwv41wAuIZzdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 12:54:03 GMT
expires: Mon, 10 Jul 2023 12:54:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E2A 38 KB
14 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 441366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DA57 0
0 47ms
47ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230705&jk=1870309291013968&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3E2A 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?gq2oIg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:54:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame C384 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 53ms
52ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230705&jk=1870309291013968&bg=!eXqlei7NAAb90kgr3dI7ADkAdvg8WgcsozqnD91uy_xRygUe8yC01IRZDI0_Yy4kmGOiG-m3kJo2aiBwVmJOYVoV3pediBoqmNYCAAAAS1IAAAALaAEHmQKlO_mwdW55FonjSbuHJ7jb6BiVVQfI2hEIun4o-HwPfhg7cgjEqDV9Ogel5qVLoN-ivf54evnvq6hARX9sWd5tmKTodn11X-d1Y0pLriKEVnGdWXbFDgrlpeWZZ8PHUY4gDonny6qsFVwgOEp9TAv2Md2FWImx6IAd-tQ1uc8KJadSmhVGBofD4WarAPWdNCevTNiWK55vpqBbUdoPJOvoAb-y9Sgo0HY_skiNQ91kvt-D4fFR9OmPo9F6p-SIlqlnTBSa4CI6cty2JBaKP2dGzGwiClbVPaLIvh6Qf1FrYMwOLjLVFQSWH6MRi688y7o_t-yNzW7crmv8tSPuZ9-2PdKjRo7CJ9fXUve6pdBUENsDvIgBEZKF9iz6Pa6lFGxJ7uzzmU-_h01Xvk6y-mJzo1lEyXijb8Al4CWspm80doX1LcmEVu-ftPXIY2-DcG8ZTQxCelbxZTdeCsdxM9JllBWAtNOmEd5cbnz-A8c2igEg_US8hZeoV5io3oTTIKupQoShGKmyssV9gXEf84Fjhj0SXRBiO4-DzhqmatFFsYT_sioTpxwb1N5nEgxw82hkBN-KBEp6H441a0FU4xwSzeppEXUb2iDksrD3uAsUPSNcs1SuKjRfOD7yjCMa7t-yLeuGNDHzZZXcZlw0lK4U86jIUaQgnbzpBFk_402HAO48pUI0ZIwdbaMNgbE0uh4H58vxaLIK7TVT3RZ-9yaWsrfctyjKUyYpB8ZBl6b625NWZV55kGwzLRHX46lnXnUZviRjr_4jlVtcvZiprBmwu1ALT3SIadysbVxr2XO2qNIYsHY3Iy97VpC8vhYqEenCuDJiik85oTYvc_rTW7F8Rjv3DOgiK4nnJsH2nRtwOAr3FTj3N0mIHYVvmp0uKQnRspEHh8s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gaituba.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C384 42 B
64 B 52ms
52ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst82Vic4j1HFMqc7WniEzL_0EiKyKqK_FxNR_6YfgoYCXY8d9lS_aAI58sFaorFZBqypQpk5sq4JeD09ljr6tkqbIQ_9JzdMPHVXMxlQ553gy-NWBVpE63SP7-i3ajcJbNEoO0dgXvmOu9Y&sai=AMfl-YTNRYsXR6tj7hcafOFCVjB5WtumEeHfL4pF40kiZaSDVPsEzdiWqc5o22gI4Oq0J1qCDwFD-oHQGDPX&sig=Cg0ArKJSzPxsQ__5d4SDEAE&cid=CAQSGwBygQiD3ZqzyI8YtYoJNdfyxEkKkr1oJzIYHBgB&id=lidar2&mcvt=1000&p=0,0,250,304&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230705&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2003263824&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688993641815&rpt=1774&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C384 0
45 B 278ms
278ms Ping
image/gif 2800:3f0:4001:826::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=5~ljwv7g1b&c=4229800261253&slotId=2114900130626.5&qqid=CI6Nt9CXhIADFbD95wMdacIHaA&dm=13501&event_name=first_play&asset_bytes=94639&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=10&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=3&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.ljwv7g3g~vfl.ljwv7g6l~ff.ljwv7gae
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/aa6a167bd8722375e709a581ef5a1517.js?tag=video_mra/web_raspberry_ms_cta_adjustment
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2800:3f0:4001:826::2003 São Paulo, Brazil, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame C384 42 B
64 B 52ms
52ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063868898867139&output=html&h=250&slotname=8897312585&adk=2003263824&adf=596187433&pi=t.ma~as.8897312585&w=304&fwrn=4&fwrnh=100&lmt=1688993641&rafmt=1&format=304x250&url=https%3A%2F%2Fwww.gaituba.com%2Fseal&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688993641562&bpp=3&bdt=1318&idt=247&shv=r20230705&mjsv=m202306290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1077626668625&frm=20&pv=1&ga_vid=1750783150.1688993642&ga_sid=1688993642&ga_hid=566534037&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1143&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31075758%2C44788441%2C44796826%2C31061690&oid=2&pvsid=1870309291013968&tmod=143182728&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=eRAiqU4tR2&p=https%3A//www.gaituba.com&dtd=252
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 12:54:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.gaituba.com/	1970-01-20 13:10:00	Name: XSRF-TOKEN Value: eyJpdiI6InU1b1NsOGpuRCtPUWxQd1R0ZGsxalE9PSIsInZhbHVlIjoiOTUvaFNVZ3JTd0FJVTlDZDRIL3B3UnJRYWZFVFZNR2MwaWEwWkc0WjdET0R1eG5hVzZHSEVodzZ6YXpLUGkvakF3UGpjTnpLdlhxd3NBOWkzM0txUFlwbmNYVTJBaVdjdDNjRW5JL204WngzdEFldGQrejdKOU1USVVSZ1YyNXkiLCJtYWMiOiJjNTg3MThkYjAxNzQyZGE4NDE1Yzk0MTNlZDhmMTFmOGVlNDIyZWZjNmZmOGQ1MjdiMjIxMjk3ODdmMWQyYjIwIiwidGFnIjoiIn0%3D
www.gaituba.com/	1970-01-20 13:10:00	Name: _session Value: eyJpdiI6Ikpnd3BsTCs2Ly9Sb3ppUGJrSVZ0c2c9PSIsInZhbHVlIjoiUGh6MVZ5aU9Famk3dnM5aElHeUFTcUlVRy9pTjBIWDJTdnVNU0R4TDJWOTRwR2plNHNmalNFQ3Fqdk9mVDZmclFsSXpPT0V0ZWVFQWhrYWdxOTMvazJ4RGFyVFRSVnhqbUhYOWIxY3hvWkZnUE1USnFibmdaZDh6eGJ5R3hxdlgiLCJtYWMiOiJkNGNiODUxYmE4ZDNhZDA0MGE5ODVlZTc2YTEyMTAxOWMzMzA5YTE3NGQzMmNhYjgzNjFhYjMwYzk1YjkzZjc2IiwidGFnIjoiIn0%3D
.gaituba.com/	1970-01-20 22:31:29	Name: __gads Value: ID=1321abcb52ae27ee-22907ffb25de0044:T=1688993641:RT=1688993641:S=ALNI_MYKG1hI4EEl8KVH2J_0Q-ILsqrlPw
.gaituba.com/	1970-01-20 22:31:29	Name: __gpi Value: UID=00000c3b7baeb408:T=1688993641:RT=1688993641:S=ALNI_MbzOK8R54YmW3Ue1KJLVUoq1UgswA
.hm.baidu.com/	1970-01-20 22:45:53	Name: HMACCOUNT_BFESS Value: 284EA41C307D0E6E
.gaituba.com/	1970-01-20 21:55:29	Name: Hm_lvt_7c335da75eaec4e87d6a35d5b7405ac5 Value: 1688993643
.gaituba.com/	1969-12-31 23:59:59	Name: Hm_lpvt_7c335da75eaec4e87d6a35d5b7405ac5 Value: 1688993643
.doubleclick.net/	1970-01-20 22:31:29	Name: IDE Value: AHWqTUmbrewRABIcdIk2Ilksxf5_G4YVaRB-ywGqez_d-aoKTNnlQrWYTc4K1RRxi2M

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gaituba.oss-cn-hangzhou.aliyuncs.com
googleads.g.doubleclick.net
hm.baidu.com
pagead2.googlesyndication.com
partner.googleadservices.com
rr1---sn-5hnekn7l.googlevideo.com
tpc.googlesyndication.com
www.gaituba.com
www.google.com
www.googletagservices.com
www.gstatic.com
103.235.46.191
121.41.179.170
2800:3f0:4001:826::2003
2a00:1450:4001:801::200a
2a00:1450:4001:806::2004
2a00:1450:4001:809::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:400e:a::6
47.110.23.105
00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
035cd8059f7f27b32d8a24e260e081e19c5681ab6ed69dcb6de7513011545afc
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7
3118ef2dca628fb83ffdb8c94a8082e336486301191948d2e17e4968c5e2e0c4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34c83218ed73ee1c86992f2032b34eb10b242c992b9f11fd4abd45d59f892f48
37e137454d840405c9ad7926dcf5a27a7e6cebbca3dca9b46c6ad8c93287b2d9
38a4dc885f9d1267bbfaf361e24fbf51994bd7f6743784ec3e4a267bbe74a0be
3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
478a465468e121f72d905ad2437f097aea89ca5f71d498e014c4a0faa0aace39
53b9d3fdddfe5e9c595aa167380db0f20f708a3ead5c40cf1aa8ddb22adb6636
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65ccea3cd81d140e4947102183bbcfc76b9a219a102ed6fdc5583c9612a46f89
7270954ecf0b92ec43e1d679bde8d3a66beedb5dfb98c5704abaa4161d90450b
7c8685fda352a65ec544115b552258e69917024538a6cfe2713e1f408aa37219
81cacd6b187878c8eb795e61e66c648ee76c410dafc63852de35290c1e56f9f1
859790d507acd06e12295953099b5025fc6d49d41683e0af085c5f8513f3c3c7
8b9d7f5c7b64be976b40144f47d5cac85fd0797a277db83f3209da04ef5b1b03
9625379badd4849610dfe6c15453cdf0c0071264c90eef177307fac094d2aa6c
9a3a26f7fb00babe03bf26de96d995ab6557a510ccff16514f8a69b3e53130bc
a46ec81b4ae658aa66df590a01d9ab13a3415b992b587da37784c434b3877939
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5015fb8d81c7afb71bab91f97fbdf52cece67ad37067b728bf9e13f94187ef5
aa7074f9a3c53a17de894245299386751108ee411500d2548aaf09c30fc1e555
ad02adacb5fcb2cbf0c46813a95e95e7c4751db0c6394514803402b8c521ff3a
b1d68facc9f857143f6304a222da4740bd59d7a106666d88e797dd270081f80a
b46ba8c7dcbf1ea10ee6e94d7a0d518df0cf518586d3865ba2fd749963cac40f
b79a935ebc1c7397c66b4ef034cb006fdbcd768c1df03216cf3a0a6cc53273eb
c4bded3c1cf87cc74c9958c7751220fe1bb68b85046a9c9a09e4c94ed99fac75
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d888389dfe8da504b233c3698d941ebbf649bfd865d100e4f5b18c28b95a944a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f88e7ab1f04ff420e17f8c48b043a099b5c43d1434c651a109d0f082f7ea09
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.gaituba.com Open in urlscan Pro 121.41.179.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

80 %IPv6

11 Domains

15 Subdomains

16 IPs

5 Countries

1439 kBTransfer

2720 kBSize

8 Cookies

1 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.gaituba.com Open in urlscan Pro
121.41.179.170 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

80 %
IPv6

11
Domains

15
Subdomains

16
IPs

5
Countries

1439 kB
Transfer

2720 kB
Size

8
Cookies

50 HTTP transactions
3 data transactions