www.ctfiot.com Open in urlscan Pro
43.254.217.178 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.ctfiot.com/84447.html
Submission: On February 27 via manual (February 27th 2023, 5:42:08 pm UTC) from HU — Scanned from DE

Summary HTTP 121 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 26 IPs in 6 countries across 19 domains to perform 121 HTTP transactions. The main IP is 43.254.217.178, located in Hong Kong and belongs to CLOUDIE-AS-AP Cloudie Limited, HK. The main domain is www.ctfiot.com.

This is the only time www.ctfiot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	43.254.217.178 43.254.217.178	55933 (CLOUDIE-A...) (CLOUDIE-AS-AP Cloudie Limited)
5	163.181.56.170 163.181.56.170	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
11	59.110.190.229 59.110.190.229	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
13	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3032::ac43:8d18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
2	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
1 2	212.64.63.215 212.64.63.215	45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited)
19	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:2638::c 2a02:2638::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::21 2a02:2638::21	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80d::200a	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1 4	163.181.56.157 163.181.56.157	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	47.246.167.93 47.246.167.93	() ()
121	26

19 43.254.217.178 (Hong Kong)

ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK)

www.ctfiot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 163.181.56.170 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 59.110.190.229 (Beijing, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

ctfiot.oss-cn-beijing.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:8d18 (United States)

ASN13335 (CLOUDFLARENET, US)

sdn.geekzu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.64.63.215 (China) 1 redirects

ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)

iowen.gitee.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::21 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 163.181.56.157 (Frankfurt am Main, Germany) 1 redirects

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

widget.qweather.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.167.93 (None, )

ASN- ()

webapi.amap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 140	445 KB
19	ctfiot.com www.ctfiot.com	348 KB
15	criteo.net static.criteo.net — Cisco Umbrella Rank: 625 pix.eu.criteo.net — Cisco Umbrella Rank: 7936 csm.eu.criteo.net — Cisco Umbrella Rank: 8487	270 KB
12	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	155 KB
11	aliyuncs.com ctfiot.oss-cn-beijing.aliyuncs.com	2 MB
5	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 52245	186 KB
4	qweather.net 1 redirects widget.qweather.net — Cisco Umbrella Rank: 991088	64 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	194 KB
4	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 73 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	gstatic.com www.gstatic.com	28 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 15753 ads.eu.criteo.com — Cisco Umbrella Rank: 8414 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9640	47 KB
2	gitee.io 1 redirects iowen.gitee.io	297 B
2	google.de adservice.google.de — Cisco Umbrella Rank: 8947	696 B
2	baidu.com hm.baidu.com — Cisco Umbrella Rank: 8406	12 KB
2	geekzu.org sdn.geekzu.org — Cisco Umbrella Rank: 749080	4 KB
1	amap.com webapi.amap.com
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	944 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 195	5 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 855	600 B
121	19

	Domain	Requested by
19	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
19	www.ctfiot.com	www.ctfiot.com
13	pagead2.googlesyndication.com	www.ctfiot.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
11	ctfiot.oss-cn-beijing.aliyuncs.com	www.ctfiot.com
9	static.criteo.net	ads.eu.criteo.com
5	cdn.staticfile.org	www.ctfiot.com cdn.staticfile.org
4	widget.qweather.net	1 redirects widget.qweather.net
4	pix.eu.criteo.net	ads.eu.criteo.com
4	www.googletagservices.com	googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	csm.eu.criteo.net	ads.eu.criteo.com
2	iowen.gitee.io	1 redirects www.ctfiot.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	hm.baidu.com	www.ctfiot.com
2	sdn.geekzu.org	www.ctfiot.com
1	webapi.amap.com	widget.qweather.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
121	25

This site contains links to these domains. Also see Links.

Domain
www.chamd5.org

Subject Issuer	Validity	Valid
*.oss-cn-beijing.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-02-15` - `2024-03-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
baidu.com GlobalSign RSA OV SSL CA 2018	`2022-07-05` - `2023-08-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-18` - `2023-05-20`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-22` - `2023-03-26`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
qweather.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-17` - `2023-11-17`	a year	crt.sh
*.alibabacorp.com GlobalSign Organization Validation CA - SHA256 - G2	`2022-04-07` - `2023-05-09`	a year	crt.sh

This page contains 13 frames:

Primary Page: http://www.ctfiot.com/84447.html
Frame ID: 2C61CC84E4EFE5FA35D26A02FA0CAE34
Requests: 57 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20190131/zrt_lookup.html
Frame ID: 154782888A27E1ACADEEDE110A52083C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&adk=1812271804&adf=3025194257&lmt=1677519721&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_r&format=0x0&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&ea=0&pra=5&wgl=1&dt=1677519721084&bpp=5&bdt=1109&idt=256&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2033547941122&frm=20&pv=2&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=282
Frame ID: CFE52040D22C7CB94A89ACB48EEB0D96
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=187&slotname=1613153004&adk=3108791033&adf=2685228617&pi=t.ma~as.1613153004&w=745&fwrn=4&lmt=1677519721&rafmt=11&format=745x187&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&wgl=1&dt=1677519721089&bpp=2&bdt=1114&idt=279&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=288&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=EqdkE0B9ws&p=http%3A//www.ctfiot.com&dtd=283
Frame ID: 06D4F081449A955C046CFF17D9248374
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=447&slotname=6117731570&adk=1968854875&adf=3830709326&pi=t.ma~as.6117731570&w=745&cr_col=4&cr_row=2&fwrn=2&lmt=1677519721&rafmt=9&format=745x447&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&crui=image_stacked&fwr=0&wgl=1&dt=1677519721091&bpp=1&bdt=1116&idt=295&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=1232&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=KQqYy84yvM&p=http%3A//www.ctfiot.com&dtd=297
Frame ID: D3079C75F74DCE55A47A3F71822B2DB8
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=250&slotname=8806081466&adk=440214258&adf=2235027668&pi=t.ma~as.8806081466&w=310&fwrn=4&fwrnh=100&lmt=1677519721&rafmt=1&format=310x250&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1677519721092&bpp=1&bdt=1117&idt=300&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187%2C745x447&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1075&ady=183&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&fsb=1&xpc=jkyXNZXhUp&p=http%3A//www.ctfiot.com&dtd=304
Frame ID: D19A8DEE0A973BDC5D869E550F7C1A17
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y_zraQAGPREIFUtQAAvluYHcg9_J5RG0dVmXHw&u=%7CKtmlAQQB41v9cfg%2B85SOXB7JkTILSKLNI6QmHtoa6cg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANf81tL3VBOagW-2AKkwyj-wwEmIfvs_3T0wwGuyJubt4AIIgXuwRGdOubcFrwOR9IoGpa-vdTJZ07OH9zLueTCXpD9-4Z9IJcZ-Z0mjqTg5_TY3QeD5k6MaPkBEr4P8VPmmJSCtm1Pu8FLUKClwr54KzEP3ZX3hC1q8rVeiPiwSHJFPZ6wJ1ApDyHzoAgVrfyYWFpMnmiDvtsg8OuLVj7h7--01ZxXIPbZY1DonRCK-18xyK7rmqD7Gz21dg6vZwIYHZwAI3jqi1Gomi6RRO7p7W4-l_cQ9lTIj4YYtEuqdU9X9rQ42CnkqGtpE2k-ErwQ027EHgJyVX72GfDO-bgMPG5Gm564AE8Z1qgc0VpxoB9ALgUIOU3pxt-mtUmL0kb9mDtZQ_lGYRc8KcQxNru87E1NadFOZ9p5jhtpkp7VeLt3jrUeV2wBtqYcB7R0C9I1FJRh0gAuxVvDAsL6aKiXoFnLegrLbV1hs3y-ZNMfYOfjhnzNoIYsjESfRQFqE9mhwFTEBreSHOS8sOlzcTk6AbfRE9bxEXiQAoFsRXRm_0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpzJeaev8Y5H6GNCW1fAPucuvqAXJntKxXM2G49aTAcCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi01NzM4NzI1NzAzMjMyNjI2yAEJqQI9rYa2ibixPqgDAaoE4QFP0HihqREHFSbUlSE_EhE1gxaGvudybVrLdt02qVbTD4P-jDS6863ei5O2nZA5ZJsaaaoBxV65Hm-gcvDVlpGN1VunUaH2V2djabBjOQl_avYg1RaJTrhDMTL-jgfl1c5voBPBh7QxwQxefhOp8PoD-82uygpQ_4NzDPHoq3zhAPxnF0nJc25ULO8C8ZLLNLcmPv4OteEmQIKxjINaahOkThnPCUHW3cMD-tHdm5x-4vUnFooc4_xacqGyNNkhlY2YWBD59sZ-WkB9DX8TekRP51wg1k5rjFXag_tArCRbcfWABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YjODrxpOQyunLOcxledT5U-Junw%26client%3Dca-pub-5738725703232626%26adurl%3D
Frame ID: 21B42EFF9DA0694232174281488C7E7B
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4305B29D41AB198CB510476AF3D373D5
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DAEFEB29C92FAEF7476F641B0BE294F9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js
Frame ID: 55919EE06EA7B2C587B247AC3342D77C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js
Frame ID: BFDCB4D77F396AE3F3FA6B39CCACE0E2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1F268538DE789D2FB9E9E10587008462
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 198E94513EE36AE3EDF80FA2F445AA0E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2022-25765-pdfkit-Exploit-Reverse-Shell | CTF导航

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

121
Requests

77 %
HTTPS

68 %
IPv6

19
Domains

25
Subdomains

26
IPs

6
Countries

3426 kB
Transfer

5785 kB
Size

9
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.chamd5.org/
Title: ChaMd5

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

http://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg HTTP 301
https://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg

Request Chain 104

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 111

http://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0 HTTP 301
https://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0

121 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 84447.html Show response
www.ctfiot.com/ 59 KB
12 KB 1594ms
925ms Document
text/html 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

14802e61f2cec3035e2cea70e0a4020df3087732c56d1d7da69b80313e44719f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 27 Feb 2023 17:41:59 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Pingback: http://www.ctfiot.com/xmlrpc.php

GET
H/1.1 200
OK classic-themes.min.css
www.ctfiot.com/wp-includes/css/ 217 B
561 B 198ms
197ms Stylesheet
text/css 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 04 Nov 2022 02:54:37 GMT
Server: nginx
ETag: "63647eed-d9"
Content-Type: text/css
Cache-Control: max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 217
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK iconfont.css
www.ctfiot.com/wp-content/themes/onenav/css/ 6 KB
2 KB 200ms
199ms Stylesheet
text/css 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/css/iconfont.css?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

5d84a57ce0022d737a58075ef1c11bb5d7c0e44f295322af3a2ab44624fa777a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-18ce"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK all.min.css
cdn.staticfile.org/font-awesome/5.15.4/css/ 58 KB
14 KB 770ms
9ms Stylesheet
text/css 163.181.56.170
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Server: 163.181.56.170 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log: X-Log
Date: Sun, 26 Feb 2023 23:59:00 GMT
Via: cache26.l2de2[397,397,304-0,M], cache11.l2de2[399,0], ens-cache3.de4[0,0,200-0,H], ens-cache5.de4[1,0]
Content-Encoding: gzip
X-Svr: IO
Content-Md5: 7NUHsxJe3E0qA6pq5dB9qQ==
X-Reqid: n_UAAOGugkhKhUcX
Age: 63780
X-Swift-CacheTime: 86400
X-Cache: HIT TCP_MEM_HIT dirn:8:371986937
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="all.min.css"; filename*=utf-8''all.min.css
Connection: keep-alive
X-Swift-SaveTime: Sun, 26 Feb 2023 23:59:00 GMT
Content-Length: 12832
Last-Modified: Thu, 05 Aug 2021 07:49:51 GMT
Server: Tengine
Etag: "FqV-5o0RYBsP2OUDf8JB_2WnVEc8.gz"
Access-Control-Max-Age: 2592000
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1677455940
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2ff62b1d16775197207096597e

GET
H/1.1 200
OK v4-shims.min.css
cdn.staticfile.org/font-awesome/5.15.4/css/ 26 KB
5 KB 768ms
8ms Stylesheet
text/css 163.181.56.170
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.staticfile.org/font-awesome/5.15.4/css/v4-shims.min.css?ver=3.1424
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Server: 163.181.56.170 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log: X-Log
Date: Sun, 26 Feb 2023 23:59:00 GMT
Via: cache8.l2de2[403,404,304-0,M], cache4.l2de2[405,0], ens-cache6.de4[0,0,200-0,H], ens-cache4.de4[1,0]
Content-Encoding: gzip
X-Svr: IO
Content-Md5: oDTTxxvuVG9iWHfXkykX+A==
X-Reqid: qj4AAKDYy0dKhUcX
Age: 63780
X-Swift-CacheTime: 86400
X-Cache: HIT TCP_MEM_HIT dirn:8:338141862
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="v4-shims.min.css"; filename*=utf-8''v4-shims.min.css
Connection: keep-alive
X-Swift-SaveTime: Sun, 26 Feb 2023 23:59:00 GMT
Content-Length: 4163
Last-Modified: Thu, 19 Aug 2021 05:50:20 GMT
Server: Tengine
Etag: "FvIX1N7QvJ94a9m6HAnOiK7brtdu.gz"
Access-Control-Max-Age: 2592000
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1677455940
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2ff62b1c16775197207104696e

GET
H/1.1 200
OK bootstrap.min.css
www.ctfiot.com/wp-content/themes/onenav/css/ 158 KB
29 KB 375ms
202ms Stylesheet
text/css 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/css/bootstrap.min.css?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

003a5b9f890301ca6d6a16067ba382c677704dbd777962094ceb13cc8e02691f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-278ba"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK jquery.fancybox.min.css
www.ctfiot.com/wp-content/themes/onenav/css/ 12 KB
4 KB 390ms
209ms Stylesheet
text/css 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/css/jquery.fancybox.min.css?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-31fb"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK style.min.css
www.ctfiot.com/wp-content/themes/onenav/css/ 100 KB
25 KB 391ms
210ms Stylesheet
text/css 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/css/style.min.css?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

6973024936e5b30b98046977013de466de5de1708457e2ab9cc2bb44dc09ff72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-19183"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 85 KB
33 KB 395ms
208ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/jquery.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-15283"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK %E6%A8%AA%E7%89%88Logo_360x80_%E4%B8%8D%E9%80%8F%E6%98%8E.png
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/ 17 KB
17 KB 698ms
197ms Image
image/png 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/%E6%A8%AA%E7%89%88Logo_360x80_%E4%B8%8D%E9%80%8F%E6%98%8E.png
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 3b1fa54e2b1020eda18b88565c88b44463adefad297fac2f626d1ee655d95c81

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB695DFDD132369A224A
Content-MD5: OO3InPZ1ChyK0kyq1SHnDA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 16917
x-oss-object-type: Normal
Last-Modified: Thu, 17 Mar 2022 08:01:17 GMT
Server: AliyunOSS
ETag: "38EDC89CF6750A1C8AD24CAAD521E70C"
Content-Type: image/png
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 4884741393747057177
x-oss-server-time: 21

GET
H/1.1 200
OK M-DESIGN-360-x-80-px-1.png
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/ 6 KB
7 KB 679ms
179ms Image
image/png 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/M-DESIGN-360-x-80-px-1.png
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 9b4516ae3b2534cf72366dc9a08cc2b2b4515bc026ee27b1b9b3ae157eba0f75

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB695DFDD133369D224A
Content-MD5: 3ZTfp/pnQ5CbjooEZ7+tdQ==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 6619
x-oss-object-type: Normal
Last-Modified: Thu, 17 Mar 2022 08:01:14 GMT
Server: AliyunOSS
ETag: "DD94DFA7FA6743909B8E8A0467BFAD75"
Content-Type: image/png
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 388601213416782964
x-oss-server-time: 2

GET
H/1.1 200
OK bitbug_favicon-1.ico
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/ 4 KB
5 KB 680ms
179ms Image
image/x-icon 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/bitbug_favicon-1.ico
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 553300264e11fc1c15eb6c77712247af6f3279dd30635e8e18b908cc27773375

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB696AD6D538305A474C
Content-MD5: FBY8gO3+vxztTgaFXfizAg==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 4286
x-oss-object-type: Normal
Last-Modified: Thu, 17 Mar 2022 08:01:09 GMT
Server: AliyunOSS
ETag: "14163C80EDFEBF1CED4E06855DF8B302"
Content-Type: image/x-icon
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 7285855754463750460
x-oss-server-time: 3

GET
H/1.1 200
OK Logo_80x80_%E9%80%8F%E6%98%8E.png
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/ 4 KB
4 KB 702ms
201ms Image
image/png 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2021/10/Logo_80x80_%E9%80%8F%E6%98%8E.png
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 69516c5b557bb540ee7689c3dcdd8b8a4e316e491ffbac7a5b68d9122e1b9bdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB69224F963635B2D6A5
Content-MD5: mhSKWM8aX4RcswhaWk2fZQ==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 3893
x-oss-object-type: Normal
Last-Modified: Thu, 17 Mar 2022 08:01:14 GMT
Server: AliyunOSS
ETag: "9A148A58CF1A5F845CB3085A5A4D9F65"
Content-Type: image/png
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 17247182101233306927
x-oss-server-time: 9

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
49 KB 216ms
75ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5738725703232626

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24200ac3011d540d50fa4b106b7d7235cfa23072219781027043bd27f3c90fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Origin: http://www.ctfiot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49531
x-xss-protection: 0
server: cafe
etag: 6057945738416389177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Feb 2023 17:42:00 GMT

GET
H/1.1 200
OK gravatar.jpg
www.ctfiot.com/wp-content/themes/onenav/images/ 2 KB
2 KB 173ms
173ms Image
image/jpeg 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/images/gravatar.jpg

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

4ad66d2fc22f2a561e0519fde0bd5201adb13638c2e915e1a6a6a718a7bf4dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: "62182a61-7ef"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2031
Expires: Wed, 29 Mar 2023 17:42:01 GMT

GET
H/1.1 200
OK clipboard.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 10 KB
4 KB 178ms
178ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/clipboard.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

8a7739925f4c03586479852df840b7061948832a7fda30c8c812d2ea4dd4c4f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-28d5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK echarts.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 365 KB
142 KB 185ms
185ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/echarts.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

801ebc9c46c6ed651e93f00b2fab16e10313285daa06b4379ea2c01b29508306

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-5b393"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK popper.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 21 KB
8 KB 187ms
186ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/popper.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

67bbcec2522f3b5d3e8a265e3057004fe9c9961bdce0646dcbc9c32bf06e5aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-5283"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 61 KB
18 KB 230ms
227ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/bootstrap.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

5112ac3168dcb0f524c0f4b7fe192ba56498cfced86ba0f43e2317fd203f769c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-f3c5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK theia-sticky-sidebar.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 15 KB
4 KB 228ms
226ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/theia-sticky-sidebar.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

01e105efa6aa2dac21ed4c473d9e4a2d7a4fa9b75dfbf422492b811a90d23381

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-3ca5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK lazyload.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 8 KB
3 KB 187ms
184ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/lazyload.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

3eabaf6acfbd158fa8f9b6c8e2a7f59a93cd3c19ca45e66c709f2170964541de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:00 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-20c1"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:00 GMT

GET
H/1.1 200
OK jquery.fancybox.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 67 KB
25 KB 200ms
199ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/jquery.fancybox.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

ca2427c5350b6c6ee1acd7342ca166a97be33dbae0dc55901774a4de8c6cd706

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-10a94"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:01 GMT

GET
H/1.1 200
OK app.min.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 39 KB
14 KB 183ms
183ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/app.min.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

e12c6e6b042870857fb07f66c9fc2358a428a07f1690b4d8af56d0142b340f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-9def"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:01 GMT

GET
H/1.1 200
OK comment-reply.min.js Show response
www.ctfiot.com/wp-includes/js/ 3 KB
2 KB 208ms
207ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-includes/js/comment-reply.min.js?ver=6.1.1

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Sat, 25 Jun 2022 09:18:40 GMT
Server: nginx
ETag: W/"62b6d2f0-ba5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:01 GMT

GET
H/1.1 200
OK comments-ajax.js Show response
www.ctfiot.com/wp-content/themes/onenav/js/ 2 KB
1 KB 184ms
184ms Script
application/javascript 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/js/comments-ajax.js?ver=3.1424

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

d08ce327aecaf9346df404c646d7888923fe28749ed47a094a2dfa7785a77809

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/84447.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: W/"62182a61-829"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200
Connection: keep-alive
Expires: Tue, 28 Feb 2023 05:42:01 GMT

GET
H/1.1 200
OK fa-brands-400.woff2
cdn.staticfile.org/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 23ms
12ms Font
application/octet-stream 163.181.56.170
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.staticfile.org/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
Requested by: Host: cdn.staticfile.org
URL: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Protocol: HTTP/1.1
Server: 163.181.56.170 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Request headers

Referer: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Origin: http://www.ctfiot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log: X-Log
Date: Mon, 27 Feb 2023 06:23:13 GMT
Via: cache15.l2de2[0,0,304-0,H], cache4.l2de2[1,0], ens-cache10.de4[0,0,200-0,H], ens-cache3.de4[0,0]
X-Svr: IO
Content-Md5: 7TEcegremnW7Pr9adnDzHQ==
X-Reqid: eXAAAM3o0MBBmkcX
Age: 40727
X-Swift-CacheTime: 85606
X-Cache: HIT TCP_MEM_HIT dirn:8:169378462
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="fa-brands-400.woff2"; filename*=utf-8''fa-brands-400.woff2
Connection: keep-alive
X-Swift-SaveTime: Mon, 27 Feb 2023 06:36:27 GMT
Content-Length: 76736
Last-Modified: Mon, 09 Aug 2021 14:51:14 GMT
Server: Tengine
Etag: "FgYTx-u6Ve5H7zAsD3dmMkaS-Jmn"
Vary: Origin
Access-Control-Max-Age: 2592000
Content-Type: application/octet-stream; charset=utf-8
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1677478993
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2ff62b1b16775197207556778e

GET
H/1.1 200
OK fa-solid-900.woff2
cdn.staticfile.org/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 31ms
20ms Font
application/octet-stream 163.181.56.170
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.staticfile.org/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
Requested by: Host: cdn.staticfile.org
URL: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Protocol: HTTP/1.1
Server: 163.181.56.170 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Request headers

Referer: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Origin: http://www.ctfiot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log: X-Log
Date: Mon, 27 Feb 2023 06:00:39 GMT
Via: cache14.l2de2[0,0,304-0,H], cache1.l2de2[1,0], ens-cache6.de4[0,0,200-0,H], ens-cache2.de4[10,0]
X-Svr: IO
Content-Md5: 2CTffrLiaGJqLdmmp0GsTg==
X-Reqid: pE0AAAalK2kGmUcX
Age: 42081
X-Swift-CacheTime: 86027
X-Cache: HIT TCP_MEM_HIT dirn:10:417746128
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="fa-solid-900.woff2"; filename*=utf-8''fa-solid-900.woff2
Connection: keep-alive
X-Swift-SaveTime: Mon, 27 Feb 2023 06:06:52 GMT
Content-Length: 78268
Last-Modified: Thu, 05 Aug 2021 05:48:24 GMT
Server: Tengine
Etag: "FgzLLIFKfkyhLEd4ghYzgJywNh6q"
Vary: Origin
Access-Control-Max-Age: 2592000
Content-Type: application/octet-stream; charset=utf-8
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1677477639
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2ff62b1a16775197207571474e

GET
H/1.1 200
OK iconfont.woff2
www.ctfiot.com/wp-content/themes/onenav/css/fonts/ 18 KB
18 KB 317ms
173ms Font
font/woff2 43.254.217.178
CLOUDIE-AS-AP Clo...

General

Check archive.org

Show headers Download Go to

Full URL

http://www.ctfiot.com/wp-content/themes/onenav/css/fonts/iconfont.woff2?t=1627493826118

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/wp-content/themes/onenav/css/iconfont.css?ver=3.1424

Protocol

HTTP/1.1

Server

43.254.217.178 , Hong Kong, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK),

Reverse DNS

Software

nginx /

Resource Hash

b00e1b2de916ebd46dabc76a63345844e4cf92f194552c2657b50f1c11cc2be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://www.ctfiot.com/wp-content/themes/onenav/css/iconfont.css?ver=3.1424
Origin: http://www.ctfiot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 25 Feb 2022 01:01:21 GMT
Server: nginx
ETag: "62182a61-46d8"
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18136

GET
H/1.1 200
OK fa-regular-400.woff2
cdn.staticfile.org/font-awesome/5.15.4/webfonts/ 13 KB
14 KB 20ms
9ms Font
application/octet-stream 163.181.56.170
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.staticfile.org/font-awesome/5.15.4/webfonts/fa-regular-400.woff2
Requested by: Host: cdn.staticfile.org
URL: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Protocol: HTTP/1.1
Server: 163.181.56.170 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 3e072a40ac7b8d13ac916ea7414702ef308c98d0b3d53835a361ffff11a4fcaa

Request headers

Referer: http://cdn.staticfile.org/font-awesome/5.15.4/css/all.min.css?ver=3.1424
Origin: http://www.ctfiot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log: X-Log
Date: Mon, 27 Feb 2023 06:43:50 GMT
Via: cache6.l2de2[410,410,304-0,M], cache12.l2de2[411,0], ens-cache6.de4[0,0,200-0,H], ens-cache3.de4[1,0]
X-Svr: IO
Content-Md5: uR03a412RtZxzYIJUNX38Q==
X-Reqid: 5aIAABf9YrZhm0cX
Age: 39490
X-Swift-CacheTime: 86400
X-Cache: HIT TCP_MEM_HIT dirn:10:403613411
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="fa-regular-400.woff2"; filename*=utf-8''fa-regular-400.woff2
Connection: keep-alive
X-Swift-SaveTime: Mon, 27 Feb 2023 06:43:50 GMT
Content-Length: 13224
Last-Modified: Sat, 07 Aug 2021 17:26:33 GMT
Server: Tengine
Etag: "FhNRdSmv-jniWFxZGsrm3DNraqkX"
Access-Control-Max-Age: 2592000
Vary: Origin
Content-Type: application/octet-stream; charset=utf-8
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1677480230
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2ff62b1b16775197207646806e

GET
H/1.1 200
OK 55cbcfe920516e4e54bd3aba2f30e585
sdn.geekzu.org/avatar/ 837 B
2 KB 796ms
528ms Image
image/jpeg 2606:4700:3032::ac43:8d18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://sdn.geekzu.org/avatar/55cbcfe920516e4e54bd3aba2f30e585?s=20&d=mm&r=g
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Server: 2606:4700:3032::ac43:8d18 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2b94f353fafcae37092fdd244b0c1af1c80d050c614dc3c1f9bcd7ff2d1bdd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Disposition: inline; filename="55cbcfe920516e4e54bd3aba2f30e585.png"
Connection: keep-alive
Server-Timing: cf-q-config;dur=6.0000002122251e-06
Geekzu-Cache: EXPIRED from JP-HND-1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 837
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpZmeyJbOQCnX1wWwXwsKjGde5I%2FNjBAV76Dcj86fcPLJKzgmVHQTFDsalgQMIoAgaEkznlIPAA7Mgyu9ADqyGx2wJdsH5jp8y4004s6%2BhzGXsTYxd2Asm0NCnQxdYM1jaX23YNBUZtA%2FpLN9A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600
Accept-Ranges: bytes
CF-RAY: 7a02b6f12eeb2c63-FRA
Expires: Mon, 13 Mar 2023 17:42:01 GMT

GET
H/1.1 200
OK 55cbcfe920516e4e54bd3aba2f30e585
sdn.geekzu.org/avatar/ 1 KB
2 KB 775ms
522ms Image
image/jpeg 2606:4700:3032::ac43:8d18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://sdn.geekzu.org/avatar/55cbcfe920516e4e54bd3aba2f30e585?s=80&d=mm&r=g
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Server: 2606:4700:3032::ac43:8d18 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Disposition: inline; filename="55cbcfe920516e4e54bd3aba2f30e585.png"
Connection: keep-alive
Server-Timing: cf-q-config;dur=4.9999998736894e-06
Geekzu-Cache: EXPIRED from JP-HND-1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1323
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMlRpqzbOr2qMKvkrBUes9mRFPC8LDMdK7x7O2lOgX7yFzvqiMWeJNQSmyT%2FXXxnImuzKfcm0h%2BhCnJPkunq%2B7NvFWp1O4%2BELay%2FAP7X6GT09qQ%2BE8zSq0qpcCdOY1wJotvwcayMkDdUHCAs6w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=1209600
Accept-Ranges: bytes
CF-RAY: 7a02b6f12e959ba0-FRA
Expires: Mon, 13 Mar 2023 17:42:01 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/ 366 KB
120 KB 149ms
89ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5738725703232626&plah=www.ctfiot.com&bust=31072479

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5738725703232626

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acffe1f922a2f176a4380234fe6f127d8e1f60d9ac1af14062c36900e04a9f9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123271
x-xss-protection: 0
server: cafe
etag: 655403513344467121
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Feb 2023 17:42:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230222/r20190131/ Frame 1547 10 KB
5 KB 177ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230222/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5738725703232626

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 65640
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Feb 2023 23:28:01 GMT
etag: 10353107486223812946
expires: Sun, 12 Mar 2023 23:28:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 1384ms
352ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?bfb1bae1f7c3200e814dc48812eadb24

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

888180f949ce3256b7645c096982387db53ba52b9fc3021e6915b1a206451ddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: 4d27e01ec7d6be1f60725d904bb145a2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11302

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 387 B
600 B 64ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.ctfiot.com&callback=_gfp_s_&client=ca-pub-5738725703232626

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5738725703232626&plah=www.ctfiot.com&bust=31072479

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13ad8d0b21c0abd385cd9a22bdfadb629ff2c61dac8ed078d253fbff86a24960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 88ms
27ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.ctfiot.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 134ms
51ms Script
application/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ctfiot.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
63ms Image
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=sidebar&cls=sticky%20sidebar-nav%20fade%20mini-sidebar&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 17:42:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
64ms Image
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=sidebar&cls=sticky%20sidebar-nav%20fade%20mini-sidebar&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 17:42:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CFE5 153 KB
42 KB 654ms
654ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&adk=1812271804&adf=3025194257&lmt=1677519721&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_r&format=0x0&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&ea=0&pra=5&wgl=1&dt=1677519721084&bpp=5&bdt=1109&idt=256&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2033547941122&frm=20&pv=2&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=282

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc2268b0683385b78e72a7f2e0f99bdb12a04447ea71e0f40b5fcbeb4575053b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42739
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:02 GMT
expires: Mon, 27 Feb 2023 17:42:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 06D4 23 KB
10 KB 214ms
213ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=187&slotname=1613153004&adk=3108791033&adf=2685228617&pi=t.ma~as.1613153004&w=745&fwrn=4&lmt=1677519721&rafmt=11&format=745x187&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&wgl=1&dt=1677519721089&bpp=2&bdt=1114&idt=279&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=288&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=EqdkE0B9ws&p=http%3A//www.ctfiot.com&dtd=283

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58231b220fb9f219879e59d429d1f296e0ccfbabafc64d8770cbaab9556a64bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 9970
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:01 GMT
expires: Mon, 27 Feb 2023 17:42:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

404
Not Found

wHoOcfQGhqvlUkd.jpg
iowen.gitee.io/ioimg/banner/
Redirect Chain

http://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg
https://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg

0
0

998ms
385ms

Image
text/html

212.64.63.215
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Server: 212.64.63.215 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Redirect headers

Date: Mon, 27 Feb 2023 17:42:02 GMT
Server: openresty
Content-Type: text/html
Location: https://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 182
Expires: Tue, 28 Feb 2023 17:42:02 GMT

GET
H/1.1 200
OK 0-1677504005.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 33 KB
34 KB 252ms
179ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/0-1677504005.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 088e314361c62bba78a80c8a564afdeee8816ca6190b0e75ff8728b69483458a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB696AD6D538307D474C
Content-MD5: GYVEuuBJsKsGMtu0a9+VKA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 33859
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 13:20:05 GMT
Server: AliyunOSS
ETag: "198544BAE049B0AB0632DBB46BDF9528"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 2025719934127961621
x-oss-server-time: 2

GET
H/1.1 200
OK 1-1677504043.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 190 KB
190 KB 322ms
227ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/1-1677504043.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 0b76beda1d8f89cc0238e7d142204c58ffcf13a805e46b1180965576b86a831a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB69224F963635E2D6A5
Content-MD5: 3MheeBmlL94RmvvFJQmntA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 194376
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 13:20:43 GMT
Server: AliyunOSS
ETag: "DCC85E7819A52FDE119AFBC52509A7B4"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 13321193154141897708
x-oss-server-time: 34

GET
H/1.1 200
OK 2-1677503971.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 108 KB
108 KB 265ms
194ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/2-1677503971.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: df2dfa82bf583e4ced392fa74c2fe4278611e3df6cc89f91bfff78259f7274cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB695DFDD13336C0224A
Content-MD5: khSU/+wyIeOZ7vC5BnfcNA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 110111
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 13:19:31 GMT
Server: AliyunOSS
ETag: "921494FFEC3221E399EEF0B90677DC34"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 18124406591162227960
x-oss-server-time: 18

GET
H/1.1 200
OK 5-1677504058.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 25 KB
25 KB 385ms
193ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/5-1677504058.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: a98ec3f69f36e318ea735bc23c706d082af381647b2568b0d0db383ccee91c1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB695DFDD13236EC224A
Content-MD5: uRyRAcnIMSaGHFIiSChfQA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 25313
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 13:20:58 GMT
Server: AliyunOSS
ETag: "B91C9101C9C83126861C522248285F40"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 426923856141818360
x-oss-server-time: 14

GET
H/1.1 200
OK 6-1677504066.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 94 KB
95 KB 464ms
204ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/6-1677504066.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 174883adcbfae2d24f1961f1188d2d4cf6a376f7d76c897deeae6ae73d9f9187

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB695423BA343641DF5B
Content-MD5: SSzN9NgWi+nPzOSkEeDlIA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 96481
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 13:21:07 GMT
Server: AliyunOSS
ETag: "492CCDF4D8168BE9CFCCE4A411E0E520"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 147564106666470785
x-oss-server-time: 27

GET
H/1.1 200
OK img_63fc1521dbb6b.png
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 1 MB
1 MB 640ms
485ms Image
image/png 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/img_63fc1521dbb6b.png
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 2af80fa01149593a6c149453e9122cb26be25727871b6ddb3a6c54f7d0a0a93b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:02 GMT
x-oss-request-id: 63FCEB6A5C8CDB3137BFA0BC
Content-MD5: F+EpaqkKhf/O7pC4V8jBXA==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 1167830
x-oss-object-type: Normal
Last-Modified: Mon, 27 Feb 2023 02:27:47 GMT
Server: AliyunOSS
ETag: "17E1296AA90A85FFCEEE90B857C8C15C"
Content-Type: image/png
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 5777055315043603564
x-oss-server-time: 2

GET
H/1.1 200
OK 6-1677418557.jpeg
ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/ 40 KB
40 KB 182ms
182ms Image
image/jpeg 59.110.190.229
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctfiot.oss-cn-beijing.aliyuncs.com/uploads/2023/02/6-1677418557.jpeg
Requested by: Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 59.110.190.229 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: bcbfb497acfc129d549983bc6babf0114d712f321c937fa03b2dc597faf58415

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Mon, 27 Feb 2023 17:42:01 GMT
x-oss-request-id: 63FCEB696AD6D53830DD474C
Content-MD5: qlBg9Xtk+GwNSINFgd6sag==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 40900
x-oss-object-type: Normal
Last-Modified: Sun, 26 Feb 2023 13:35:57 GMT
Server: AliyunOSS
ETag: "AA5060F57B64F86C0D48834581DEAC6A"
Content-Type: image/jpeg
x-oss-ec: 0048-00000104
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 6588529646822436598
x-oss-server-time: 3

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D307 81 KB
23 KB 512ms
512ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=447&slotname=6117731570&adk=1968854875&adf=3830709326&pi=t.ma~as.6117731570&w=745&cr_col=4&cr_row=2&fwrn=2&lmt=1677519721&rafmt=9&format=745x447&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&crui=image_stacked&fwr=0&wgl=1&dt=1677519721091&bpp=1&bdt=1116&idt=295&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=1232&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=KQqYy84yvM&p=http%3A//www.ctfiot.com&dtd=297

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85835768d6794f80035b29fff038a04fa42825ce0544b02dd2b4f55092adb99f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 23426
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:01 GMT
expires: Mon, 27 Feb 2023 17:42:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D19A 74 KB
30 KB 762ms
761ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=250&slotname=8806081466&adk=440214258&adf=2235027668&pi=t.ma~as.8806081466&w=310&fwrn=4&fwrnh=100&lmt=1677519721&rafmt=1&format=310x250&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1677519721092&bpp=1&bdt=1117&idt=300&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187%2C745x447&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1075&ady=183&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&fsb=1&xpc=jkyXNZXhUp&p=http%3A//www.ctfiot.com&dtd=304

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3611b386116e7e438c02481fba54e23b2664b7f2f3dd272294ea666abfbcf975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30312
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:02 GMT
expires: Mon, 27 Feb 2023 17:42:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 06D4 3 KB
1 KB 53ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=187&slotname=1613153004&adk=3108791033&adf=2685228617&pi=t.ma~as.1613153004&w=745&fwrn=4&lmt=1677519721&rafmt=11&format=745x187&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&wgl=1&dt=1677519721089&bpp=2&bdt=1114&idt=279&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=288&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=EqdkE0B9ws&p=http%3A//www.ctfiot.com&dtd=283

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 16:17:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 06D4 20 KB
8 KB 51ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06D4 158 KB
49 KB 108ms
49ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 17:42:01 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 06D4 0
0 62ms
61ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNH1Caev8Y5H6GNCW1fAPucuvqAXJntKxXM2G49aTAcCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi01NzM4NzI1NzAzMjMyNjI2yAEJqQI9rYa2ibixPqgDAaoE3gFP0HihqREHFSbUlSE_EhE1gxaGvudybVrLdt02qVbTD4P-jDS6863ei5O2nZA5ZJsaaaoBxV65Hm-gcvDVlpGN1VunUaH2V2djabBjOQl_avYg1RaJTrhDMTL-jgfl1c5voBPBh7QxwQxefhOp8PoD-82uygpQ_4NzDPHoq3zhAPxnF0nJc25ULO8C8ZLLNLcmPv4OteEmQIKxjINaahOkThnPCUHW3cMD-tHdm5x-4vUnFooc4_xaMKOTpl6uCZ4nxARaJvvYoklpB8kZVFzNU5QdcLzUknnCBlHEv5uABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3Mzg3MjU3MDMyMzI2MjYYAA&sigh=hZqiAq7nigU&uach_m=[UACH]&cid=CAQSGwDUE5ymrhToI3FLuQQLR3w5ItkRHmwnFtA0_xgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=187&slotname=1613153004&adk=3108791033&adf=2685228617&pi=t.ma~as.1613153004&w=745&fwrn=4&lmt=1677519721&rafmt=11&format=745x187&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&wgl=1&dt=1677519721089&bpp=2&bdt=1114&idt=279&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=288&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=EqdkE0B9ws&p=http%3A//www.ctfiot.com&dtd=283
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Feb 2023 17:42:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Feb 2023 17:42:01 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 06D4 0
0 95ms
23ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kqW_EMz6ROkFuwGdg2ICAgAAAKfUjCHyh9_ZK-WvnBBp6_xjooBl22PBUSPqBAAAEgAACg5BUVVEQlFZQkJRRUJCUQ&wp=Y_zraQAGPREIFUtQAAvluYHcg9_J5RG0dVmXHw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 5762088
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 21B4 140 KB
46 KB 196ms
105ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y_zraQAGPREIFUtQAAvluYHcg9_J5RG0dVmXHw&u=%7CKtmlAQQB41v9cfg%2B85SOXB7JkTILSKLNI6QmHtoa6cg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANf81tL3VBOagW-2AKkwyj-wwEmIfvs_3T0wwGuyJubt4AIIgXuwRGdOubcFrwOR9IoGpa-vdTJZ07OH9zLueTCXpD9-4Z9IJcZ-Z0mjqTg5_TY3QeD5k6MaPkBEr4P8VPmmJSCtm1Pu8FLUKClwr54KzEP3ZX3hC1q8rVeiPiwSHJFPZ6wJ1ApDyHzoAgVrfyYWFpMnmiDvtsg8OuLVj7h7--01ZxXIPbZY1DonRCK-18xyK7rmqD7Gz21dg6vZwIYHZwAI3jqi1Gomi6RRO7p7W4-l_cQ9lTIj4YYtEuqdU9X9rQ42CnkqGtpE2k-ErwQ027EHgJyVX72GfDO-bgMPG5Gm564AE8Z1qgc0VpxoB9ALgUIOU3pxt-mtUmL0kb9mDtZQ_lGYRc8KcQxNru87E1NadFOZ9p5jhtpkp7VeLt3jrUeV2wBtqYcB7R0C9I1FJRh0gAuxVvDAsL6aKiXoFnLegrLbV1hs3y-ZNMfYOfjhnzNoIYsjESfRQFqE9mhwFTEBreSHOS8sOlzcTk6AbfRE9bxEXiQAoFsRXRm_0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpzJeaev8Y5H6GNCW1fAPucuvqAXJntKxXM2G49aTAcCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi01NzM4NzI1NzAzMjMyNjI2yAEJqQI9rYa2ibixPqgDAaoE4QFP0HihqREHFSbUlSE_EhE1gxaGvudybVrLdt02qVbTD4P-jDS6863ei5O2nZA5ZJsaaaoBxV65Hm-gcvDVlpGN1VunUaH2V2djabBjOQl_avYg1RaJTrhDMTL-jgfl1c5voBPBh7QxwQxefhOp8PoD-82uygpQ_4NzDPHoq3zhAPxnF0nJc25ULO8C8ZLLNLcmPv4OteEmQIKxjINaahOkThnPCUHW3cMD-tHdm5x-4vUnFooc4_xacqGyNNkhlY2YWBD59sZ-WkB9DX8TekRP51wg1k5rjFXag_tArCRbcfWABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YjODrxpOQyunLOcxledT5U-Junw%26client%3Dca-pub-5738725703232626%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8624e47fbc98da71a8a527c43448425ce8beef821df0a90734f32a5158a8600e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=87pzguuw_5jmVNbSWYZf72BaZxGTyOa9cYZ2fawd5YQvWHAonelkFAZ1zwRN0PA7TMAaN6KZDt3tHQVQkBqpZDOznn1THvy_Vfzfbn3O0hgI1a2tDjS9XYG3w3m_xhb6AxqQfRaFgt8f1xh6JoRgSQ0ZJubmWmvWwwVm-7SA7YzMIOxzfWSzgm30YCGdp2Ouzbu2PJnPOi_sPbgz9bkRoLHvWcG-ko7eLNsvIddxwYilR-K3LEUbqIfLCS8qWl6Ic20T5A"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 78632867
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 06D4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9f78cf64a78524116f35fd026869be8eedf06ef0a049ef9b2fb4284fd20943c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 21B4 2 KB
1 KB 86ms
18ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y_zraQAGPREIFUtQAAvluYHcg9_J5RG0dVmXHw&u=%7CKtmlAQQB41v9cfg%2B85SOXB7JkTILSKLNI6QmHtoa6cg%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANf81tL3VBOagW-2AKkwyj-wwEmIfvs_3T0wwGuyJubt4AIIgXuwRGdOubcFrwOR9IoGpa-vdTJZ07OH9zLueTCXpD9-4Z9IJcZ-Z0mjqTg5_TY3QeD5k6MaPkBEr4P8VPmmJSCtm1Pu8FLUKClwr54KzEP3ZX3hC1q8rVeiPiwSHJFPZ6wJ1ApDyHzoAgVrfyYWFpMnmiDvtsg8OuLVj7h7--01ZxXIPbZY1DonRCK-18xyK7rmqD7Gz21dg6vZwIYHZwAI3jqi1Gomi6RRO7p7W4-l_cQ9lTIj4YYtEuqdU9X9rQ42CnkqGtpE2k-ErwQ027EHgJyVX72GfDO-bgMPG5Gm564AE8Z1qgc0VpxoB9ALgUIOU3pxt-mtUmL0kb9mDtZQ_lGYRc8KcQxNru87E1NadFOZ9p5jhtpkp7VeLt3jrUeV2wBtqYcB7R0C9I1FJRh0gAuxVvDAsL6aKiXoFnLegrLbV1hs3y-ZNMfYOfjhnzNoIYsjESfRQFqE9mhwFTEBreSHOS8sOlzcTk6AbfRE9bxEXiQAoFsRXRm_0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpzJeaev8Y5H6GNCW1fAPucuvqAXJntKxXM2G49aTAcCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi01NzM4NzI1NzAzMjMyNjI2yAEJqQI9rYa2ibixPqgDAaoE4QFP0HihqREHFSbUlSE_EhE1gxaGvudybVrLdt02qVbTD4P-jDS6863ei5O2nZA5ZJsaaaoBxV65Hm-gcvDVlpGN1VunUaH2V2djabBjOQl_avYg1RaJTrhDMTL-jgfl1c5voBPBh7QxwQxefhOp8PoD-82uygpQ_4NzDPHoq3zhAPxnF0nJc25ULO8C8ZLLNLcmPv4OteEmQIKxjINaahOkThnPCUHW3cMD-tHdm5x-4vUnFooc4_xacqGyNNkhlY2YWBD59sZ-WkB9DX8TekRP51wg1k5rjFXag_tArCRbcfWABtyKgb2Ag8b3tgGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YjODrxpOQyunLOcxledT5U-Junw%26client%3Dca-pub-5738725703232626%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 21B4 2 KB
1 KB 85ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 21B4 308 B
636 B 85ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 21B4 293 B
622 B 83ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 21B4 43 B
348 B 244ms
18ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=20QZyFpK7UNOzZVT8RZfYtdX4rCF8kVVTjvlrrvCngwm_GjVoy1sTXmsTMKW9SecL9y3ab-2viWwljphCRzSrEJ1A_e2M11BkIjyMBZIOUE-CcnoBO2_tGqB1qrHin2WAWsnouclFYGuZ-dpjHSWemKrVluhbYgXo-mVsR4-HtXG0fgjNSi0eyNPJ9dLJ1gj5fwG0YffLmE-zaNUr3c5Egt8u74DrNXDt-99pY6oeBmDXlV3rQtFjNYn4ThsXyFsuKT2UNSDug-F2vSDO1KhzcbDb5iEatXVwcRKPIyruUa-2MTmO1mX_Tn6HoWS3Szq8g5R8tkPuTbJ05fRlm0QSg4uXt2VamYWpp66GVsZeVb9o0zKOPBMB0tLPGjQWKFyJ4dOzevm-g6pjm-9HX5Nt5CyeD1vz3JxIRqLkmwnF2cVU1zU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2779011
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 21B4 12 KB
5 KB 38ms
15ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 941546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BozPanxfUEPCqZI%2BKI1WoxDxI1qhtpTLrh%2BKCTC8IaFpZvFTv9OU7mn6sTuu1XBIvUNIS%2Bz2ScZISjo7Pj0pd9Ukn07TwhNa5lKzr8Iy0oDXp%2FeN%2BTMg%2B%2FBeQXcm4RywVU%2B5TvWLz7zY4Hop2pSAMVfE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a02b6f589003630-FRA
expires: Sat, 17 Feb 2024 17:42:01 GMT

GET
H2 200 0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff
static.criteo.net/design/dt/ Frame 21B4 38 KB
38 KB 89ms
32ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-97a8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff
static.criteo.net/design/dt/ Frame 21B4 46 KB
46 KB 86ms
28ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-b778"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 21B4 12 KB
6 KB 22ms
21ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 21B4 48 KB
48 KB 173ms
29ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=370&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F3018%2F190121%2F8ee840d4a3ed46b29e29bc1b9545348c_stardardcon.png&v=3&w=376&s=WKejQDs8XvCdE04OhwrwcL-b

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

bc28fe6766e5031d146e88c56c66c9c6f7b4109a1acf8eac8ea183b171d7326d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28287907
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 49182
expires: Sun, 21 Jan 2024 03:27:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 21B4 101 KB
102 KB 192ms
48ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F1726%2F230220%2F5ce1bd8800df452ebdb0b82d38693530_img_horizontal_1.jpg&v=3&w=1200&s=omxv5DTpmXHb6654v4UY_ifj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

7d8cb0bab3d38083ea1c2a74cb0e7afae629ecfbfa94ee54082e757c2e5ce6f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30475215
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 103764
expires: Thu, 15 Feb 2024 11:02:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 21B4 13 KB
13 KB 206ms
61ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F22253882-s0hsweiv.jpg&v=3&w=400&s=dbL4GMsgbrUDQ0bwhK5C2DFw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

de2eaeb68648a3e566d547f241f0c083964914077cd3d4e6d9e8b15b7d881d53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=222825
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13090
expires: Thu, 02 Mar 2023 07:35:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 21B4 9 KB
10 KB 196ms
53ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1636377736%2F21281174-HVHJmUxH.jpg&v=3&w=400&s=XAsSnROCkSNFTEUyDb4K9oYt&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

6fd835f91513bdeeefe407562f5c83472fb230a2da64c0c3b251a4c405f5b75a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=89582
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9524
expires: Tue, 28 Feb 2023 18:35:04 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 21B4 0
128 B 222ms
19ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=87pzguuw_5jmVNbSWYZf72BaZxGTyOa9cYZ2fawd5YQvWHAonelkFAZ1zwRN0PA7TMAaN6KZDt3tHQVQkBqpZDOznn1THvy_Vfzfbn3O0hgI1a2tDjS9XYG3w3m_xhb6AxqQfRaFgt8f1xh6JoRgSQ0ZJubmWmvWwwVm-7SA7YzMIOxzfWSzgm30YCGdp2Ouzbu2PJnPOi_sPbgz9bkRoLHvWcG-ko7eLNsvIddxwYilR-K3LEUbqIfLCS8qWl6Ic20T5A&sds=2&rev=84953&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 27 Feb 2023 17:42:01 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 21B4 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 21B4 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 22 Feb 2024 17:42:01 GMT

GET
H2 200 030db783cd93f01ccad1528166361a91.js Show response
www.gstatic.com/mysidia/ Frame D307 9 KB
5 KB 78ms
14ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/030db783cd93f01ccad1528166361a91.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=447&slotname=6117731570&adk=1968854875&adf=3830709326&pi=t.ma~as.6117731570&w=745&cr_col=4&cr_row=2&fwrn=2&lmt=1677519721&rafmt=9&format=745x447&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&crui=image_stacked&fwr=0&wgl=1&dt=1677519721091&bpp=1&bdt=1116&idt=295&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=1232&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=KQqYy84yvM&p=http%3A//www.ctfiot.com&dtd=297

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3deda25f1d4dacb2dcb6291e32e305b3390f6225a657f45ce798101dcfcb9865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 04:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4099
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 18:15:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 24 May 2023 04:40:35 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D307 2 KB
846 B 40ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:04 GMT

GET
H2 200 b2770a93abfcbcd94743862f84b31d3a.js Show response
www.gstatic.com/mysidia/ Frame D307 22 KB
9 KB 79ms
15ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b2770a93abfcbcd94743862f84b31d3a.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36efc755f05780deaf89959e5c2b204aa9a350f4a3b4e5a60a65b4c1fa919758

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 13:29:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15155
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9526
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:30:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 28 May 2023 13:29:27 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame D307 22 KB
9 KB 30ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D307 3 KB
1 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 16:17:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D307 20 KB
8 KB 32ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D307 158 KB
48 KB 42ms
26ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 17:42:01 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/9883134956453197377/ Frame D307 35 KB
36 KB 20ms
18ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9883134956453197377/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

879d7f01dd3917ecbb14ad61f7a7fb2459eb8e64696ff8490f4e2b9e516e1ac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 11:38:29 GMT
x-content-type-options: nosniff
age: 281013
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36344
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 13:35:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 11:38:29 GMT

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame D307 42 KB
42 KB 600ms
599ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=447&slotname=6117731570&adk=1968854875&adf=3830709326&pi=t.ma~as.6117731570&w=745&cr_col=4&cr_row=2&fwrn=2&lmt=1677519721&rafmt=9&format=745x447&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&crui=image_stacked&fwr=0&wgl=1&dt=1677519721091&bpp=1&bdt=1116&idt=295&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=1232&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=KQqYy84yvM&p=http%3A//www.ctfiot.com&dtd=297
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29125
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D307 0
0 64ms
62ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChcKzaev8Y8ecIfaHid4Pqq6dgAap9qGTb4-syZXaEYfLvfzHARABILLWqJcBYJWKnoKwB6ABldf30APIAQapAtBP_A4PuLE-qAMByAMCqgTuAU_QTKtA--XMVjpNw6oQhxrHHMrMzJl-FMiBWpTFmabxb9pLth0Lem1OZt5-XcdOuyZlIIyOvtc6K37BfcZ8KeasrceHyxikcRuSrM9miF8Owlq6BK0sjEQNQt2d0HKfa8oszLGLm6MGZ0ZrDWEgNCy_Zlsf4w_947q2zE_cNSt6Azl_nWqZljmezT5DYkMxKsxY04c1D3hYDVMY-5bZtiY4jZso7J6Ln0p-_5CSEBM648jJUjIVLcQYb4efXjKe3SbKjBwcxRjqGoMOABfXI-MN72O7QIbrpAe9zxMK0D1BcsI_VuAd1wQbsot7mYPABNrguJesBJIFBAgEGAGSBQQIBRgEoAY3gAeXtY6LAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDEOIz0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNTczODcyNTcwMzIzMjYyNhgA&sigh=i3H2G_Xx_jQ&uach_m=[UACH]&cid=CAQSGwDUE5ymNV565x3UFceC4yR8DDVtN9OamxpMehgB&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=447&slotname=6117731570&adk=1968854875&adf=3830709326&pi=t.ma~as.6117731570&w=745&cr_col=4&cr_row=2&fwrn=2&lmt=1677519721&rafmt=9&format=745x447&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&crui=image_stacked&fwr=0&wgl=1&dt=1677519721091&bpp=1&bdt=1116&idt=295&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=1232&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=KQqYy84yvM&p=http%3A//www.ctfiot.com&dtd=297
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Feb 2023 17:42:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D307 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b7020c1101560a4c6f12849bcc65f9d73082d45cb3797a94e419f66b089c7fd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/ 150 KB
51 KB 75ms
74ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/reactive_library_fy2021.js?bust=31072479

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29a31520bc903656c1e3a0b7cec4e9bd09c08be77bcfc81cfae651cff20d88fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52044
x-xss-protection: 0
server: cafe
etag: 17886674801358397372
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Feb 2023 17:42:02 GMT

GET
H3 200 8139268077014324245
tpc.googlesyndication.com/simgad/ Frame D19A 46 KB
46 KB 17ms
16ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8139268077014324245?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlcHL9OIbpVpnoVuBgxlOWqXPwm7w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=250&slotname=8806081466&adk=440214258&adf=2235027668&pi=t.ma~as.8806081466&w=310&fwrn=4&fwrnh=100&lmt=1677519721&rafmt=1&format=310x250&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1677519721092&bpp=1&bdt=1117&idt=300&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187%2C745x447&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1075&ady=183&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&fsb=1&xpc=jkyXNZXhUp&p=http%3A//www.ctfiot.com&dtd=304

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90ed64a9f35760e4c0d9cc589fe8bbb1907c5cc6532f57b23f7034ea76c3c9bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 11:18:40 GMT
x-content-type-options: nosniff
age: 282202
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47549
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 09:16:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 11:18:40 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame D19A 22 KB
9 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D19A 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 16:17:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D19A 20 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D19A 158 KB
48 KB 34ms
32ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 17:42:02 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame D19A 33 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea488b4ce9e192ce45a4da3bccae3141a3b7ded30dccc39c09923c3b0dbf6105

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13432
x-xss-protection: 0
server: cafe
etag: 14260516833774306430
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D19A 0
0 65ms
64ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSaekaev8Y_-5IZyKid4P56aU0AG-nurvbL2ZxM35EMPk8_0IEAEgstaolwFglYqegrAHoAHNhZPzAsgBAqgDAcgDyQSqBO4BT9AAR_Z5Dbt9rFBYabgu4X-3Gj48-sSBdf1IZp1d6LXb1Rdj1aym3LkgPJJOd2Vr4waf3meQpCqvwg3IxDlxaSJJlZMr2mIy95_YTDjHZPPcBW8AJ8XOGeWyTOhSbobXMgmJhoumk-fywoTfm9-7i6HexLyITZBXDvJ3NxH8yoRKfvstzqaJwG5OpdB1GSFww1hgTIZPaMe3XtxuQB1i3CyBfeBoG2aRuyKHHOBTl3ZNy3wq4FpQ3mGZGMEIkw-EVnvMrvSIbnOhL_V6Uci6rQO6VUMRptfL7rCqzo57OIeaBPCU9opKg5dkMrHLfsAExZfJvfsDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB8WirJkDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQpM0M0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNTczODcyNTcwMzIzMjYyNhgA&sigh=y_bm2rYC_Dc&uach_m=[UACH]&cid=CAQSGwDUE5ymH1mAxgMH3a258EoerqJFxRCJ-w8DIhgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=250&slotname=8806081466&adk=440214258&adf=2235027668&pi=t.ma~as.8806081466&w=310&fwrn=4&fwrnh=100&lmt=1677519721&rafmt=1&format=310x250&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1677519721092&bpp=1&bdt=1117&idt=300&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187%2C745x447&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1075&ady=183&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&fsb=1&xpc=jkyXNZXhUp&p=http%3A//www.ctfiot.com&dtd=304
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Feb 2023 17:42:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 25ms
24ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.ctfiot.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 55ms
54ms Script
application/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ctfiot.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/ Frame 4305 10 KB
4 KB 24ms
23ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 47944
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 04:22:58 GMT
etag: 10353107486223812946
expires: Mon, 13 Mar 2023 04:22:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DAEF 143 B
166 B 28ms
16ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=250&slotname=8806081466&adk=440214258&adf=2235027668&pi=t.ma~as.8806081466&w=310&fwrn=4&fwrnh=100&lmt=1677519721&rafmt=1&format=310x250&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1677519721092&bpp=1&bdt=1117&idt=300&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C745x187%2C745x447&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=1075&ady=183&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=4&uci=a!4&fsb=1&xpc=jkyXNZXhUp&p=http%3A//www.ctfiot.com&dtd=304
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:08:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D19A 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3081fe6cbc7629465d03afdbbc16a7451b4e97a974352f3abbf937d370f611c4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 4305 2 KB
944 B 136ms
51ms Stylesheet
text/css 2a00:1450:400d:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Feb 2023 16:35:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Feb 2023 17:42:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 4305 2 KB
765 B 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame 4305 22 KB
9 KB 24ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8814
x-xss-protection: 0
server: cafe
etag: 11378319237421819138
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 4305 3 KB
1 KB 22ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 16:17:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 16:17:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 4305 20 KB
8 KB 23ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 14:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Mar 2023 14:01:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4305 158 KB
48 KB 42ms
35ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 17:42:02 GMT

GET
H2 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame 4305 33 KB
14 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 20:36:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 421506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:30:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 23 May 2023 20:36:56 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DAEF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
32ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:02 GMT
expires: Mon, 27 Feb 2023 17:42:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 5591 36 KB
14 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 12:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Feb 2024 12:47:00 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame BFDC 36 KB
14 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 12:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Feb 2024 12:47:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 06D4 42 B
174 B 64ms
63ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQgPsyOPaaD5miVSSEz6zx4oEHzkj6MB9L2waJB3XqbR5GjRfHsbnqmoua0tWt6Lnjurk87bTj8zlIUzGVFYjwUHSx&sig=Cg0ArKJSzGg_vOyZkdsWEAE&id=lidar2&mcvt=1000&p=0,0,187,745&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230222&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3108791033&rs=2&la=0&cr=0&vs=4&r=v&rst=1677519721373&rpt=388&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 17:42:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 21B4 0
127 B 22ms
21ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 27 Feb 2023 17:42:02 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 343ms
342ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1717292417&si=bfb1bae1f7c3200e814dc48812eadb24&v=1.3.0&lv=1&sn=20328&r=0&ww=1600&u=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&tt=CVE-2022-25765-pdfkit-Exploit-Reverse-Shell%20%7C%20CTF%E5%AF%BC%E8%88%AA

Requested by

Host: www.ctfiot.com
URL: http://www.ctfiot.com/84447.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Feb 2023 17:42:03 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D19A 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvjwajQ-uXB7LVEQd0B56V-RKEt2oedx6C0iEJTKdNwFlqVm0-7QQXwMzZxofIsBRKa5gP1GL7Y_4gyQizwj5J-pGUwBO3zG86Rs8D5ELXvM3MvPhAgC3AvvDqVM552PyjVYqpdUA&sai=AMfl-YTLzLRZRCrbFFtk0iCncWzHnXSPY2HwFyI54xG4IFi5pY1tgQ28g8NjrL-7PHktyndn4NhvWW0EqyOY&sig=Cg0ArKJSzC0VZINlY3AbEAE&cid=CAQSGwDUE5ymH1mAxgMH3a258EoerqJFxRCJ-w8DIhgB&id=lidar2&mcvt=1000&p=0,5,250,305&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230222&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=440214258&rs=2&la=0&cr=0&vs=4&r=v&rst=1677519721397&rpt=853&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Feb 2023 17:42:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

he-simple-common.js Show response
widget.qweather.net/simple/static/js/
Redirect Chain

http://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0
https://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0

400 B
991 B

29ms
8ms

Script
application/javascript

163.181.56.157
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0
Protocol: H2
Server: 163.181.56.157 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 89204a080269f635d11ee5d9954f75a059304b0c63447563d7af8f5703100620

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 06:34:40 GMT
via: cache3.l2de2[1184,1184,304-0,M], cache6.l2de2[1185,0], ens-cache4.de4[0,0,200-0,H], ens-cache8.de4[1,0]
x-oss-request-id: 63FC4F00C15E3435313D1E9D
content-md5: NF7XU9uyKG/OHjNNbTHykw==
age: 40045
x-swift-cachetime: 604800
x-cache: HIT TCP_MEM_HIT dirn:10:171268106
x-oss-cdn-auth: success
x-swift-savetime: Mon, 27 Feb 2023 06:34:40 GMT
content-length: 400
x-oss-object-type: Normal
last-modified: Fri, 20 May 2022 02:31:21 GMT
server: Tengine
etag: "345ED753DBB2286FCE1E334D6D31F293"
ali-swift-global-savetime: 1677479680
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
x-oss-storage-class: Standard
accept-ranges: bytes
timing-allow-origin: *
x-oss-hash-crc64ecma: 7812729354021640612
eagleid: 2ff62b2016775197256932391e
x-oss-server-time: 3

Redirect headers

Date: Mon, 27 Feb 2023 17:42:05 GMT
Via: ens-cache2.de4[,0]
Server: Tengine
Content-Type: text/html
Location: https://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 262
EagleId: 2ff62b1a16775197256625668e

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 81ms
80ms XHR
application/json 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230222&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6dd1118d02d34312560c0f0ba37ea97e99dc72b3acd7d0f43eff2a18532dcc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11268
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 17:42:05 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1F26 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1010
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:25:15 GMT
expires: Tue, 27 Feb 2024 17:25:15 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 198E 783 B
968 B 27ms
25ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

82a2035073e3fa275a56a11c64eb9b2b1fb3f555c838a42078106d5ce88e570a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LiKseJWSWTRKDHqtA-dk0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.ctfiot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-LiKseJWSWTRKDHqtA-dk0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 17:42:05 GMT
expires: Mon, 27 Feb 2023 17:42:05 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F26 36 KB
14 KB 30ms
30ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 12:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Feb 2024 12:47:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 198E 0
0 63ms
62ms Image
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230222&jk=2486803866210066&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1F26 0
10 B 17ms
16ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?sIHumw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 he-simple.css
widget.qweather.net/simple/static/css/ 9 KB
2 KB 29ms
29ms Stylesheet
text/css 163.181.56.157
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.qweather.net/simple/static/css/he-simple.css?v=1.4.0
Requested by: Host: widget.qweather.net
URL: http://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 163.181.56.157 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 555a32719a765814ed74707dab579134cbc81165f78cda3d4b18384db9fb1dad

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 06:34:40 GMT
via: cache6.l2de2[317,317,304-0,H], cache17.l2de2[318,0], ens-cache9.de4[0,0,200-0,H], ens-cache8.de4[2,0]
content-encoding: gzip
x-oss-request-id: 63FC4F007E6EEB32378F2722
content-md5: pgP9B04rMTmmqhQNCgZ6oQ==
age: 40045
x-swift-cachetime: 604800
x-cache: HIT TCP_MEM_HIT dirn:10:34493070
x-oss-cdn-auth: success
x-swift-savetime: Mon, 27 Feb 2023 06:34:40 GMT
content-length: 1942
x-oss-object-type: Normal
last-modified: Sun, 26 Dec 2021 02:47:24 GMT
server: Tengine
etag: "A603FD074E2B3139A6AA140D0A067AA1"
vary: Accept-Encoding
ali-swift-global-savetime: 1677479680
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
x-oss-storage-class: Standard
accept-ranges: bytes
timing-allow-origin: *
x-oss-hash-crc64ecma: 5991946234440923657
eagleid: 2ff62b2016775197257052424e
x-oss-server-time: 4

GET
H2 200 he-simple.js Show response
widget.qweather.net/simple/static/js/ 181 KB
60 KB 10ms
9ms Script
application/javascript 163.181.56.157
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.qweather.net/simple/static/js/he-simple.js?v=1.4.0
Requested by: Host: widget.qweather.net
URL: http://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 163.181.56.157 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: ed21007455ea27799318d438dcc6d6c5de589abc3d7c9563bf6f7b848b94ffe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 06:34:40 GMT
via: cache6.l2de2[503,503,304-0,H], cache11.l2de2[505,0], ens-cache3.de4[0,0,200-0,H], ens-cache8.de4[1,0]
content-encoding: gzip
x-oss-request-id: 63FC4F004050BF3735F70014
content-md5: 6NN45kcZxRkTy4LrJ+e7sg==
age: 40045
x-swift-cachetime: 604800
x-cache: HIT TCP_MEM_HIT dirn:10:299244958
x-oss-cdn-auth: success
x-swift-savetime: Mon, 27 Feb 2023 06:34:40 GMT
content-length: 61381
x-oss-object-type: Normal
last-modified: Mon, 20 Feb 2023 06:29:29 GMT
server: Tengine
etag: "E8D378E64719C51913CB82EB27E7BBB2"
vary: Accept-Encoding
ali-swift-global-savetime: 1677479680
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
x-oss-storage-class: Standard
accept-ranges: bytes
timing-allow-origin: *
x-oss-hash-crc64ecma: 14773418918307687536
eagleid: 2ff62b2016775197257052425e
x-oss-server-time: 9

GET
H2 200 maps
webapi.amap.com/ 20 KB
0 2093ms
327ms Script
application/javascript 47.246.167.93

General

Check archive.org

Show headers Download Go to

Full URL

https://webapi.amap.com/maps?v=1.4.14&key=e2b04289e870b005374ee030148d64fd

Requested by

Host: widget.qweather.net
URL: https://widget.qweather.net/simple/static/js/he-simple.js?v=1.4.0

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

47.246.167.93 -, , ASN (),

Reverse DNS

Software

Tengine/Aserver /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 17:42:07 GMT
content-encoding: gzip
strict-transport-security: max-age=0
server: Tengine/Aserver
etag: W/1dfe0b3bb774579027cf313270449c6c
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-server-id: 72446e765a0ee479614554419edfe3ec72b0fcb2c26a1f3bd428e1ca834837f484a5d848ba9f3278a30891e97ac3cbae
cache-control: max-age=0
x-readtime: 2
timing-allow-origin: *
access-control-allow-headers: *
eagleeye-traceid: 2102f5dc16775197276406687e300e

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 208ms
208ms Image
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230222&jk=2486803866210066&bg=!8vGl8aXNAAZYlHKzeJQ7ADkAdvg8Wu8W0ouDLUXHk7bfxtrJm_ce2MDqpx9VQTdLAiXR4oQGbsIkMowonwqeZIXGJS7ovayvufkCAAAAb1IAAAAGaAEHCgDQbbqGsfgOPA5MGH0vjLoWoM0tXicxcNxiZ4HHYVjAq5ONxfDpyAlkPCs0fWmtVjDAT2GkTs508iYmQPdAzkU_u3Hv4QbWydRUdD4mirgP5vq_IY-hHHO5HEUrg5fUgxVmMzVyzZ53ClE37koFN9aHuZH4qbpD2DRW7x5e6-06UtuU_h0_7zJZmubuQG_B92RDEF-dr7WZLBuhTcxoHMbVH1F5B3CJrsNT4QfTjQwLeqLchLMkEBqW4U8Mp3xvuT38ntcQv5_MNfSGW_eNVq_U35kCsJfAyCXoyaN281qLAeSJSaTnzzmY_kdCSXjPR4yT6gYFlZYbbft4oida8MSYy8ck3gOA22f5aHzI9QdwlnL4m5-A87hHPzJMEDwG19J8RZa_9Ic93czem2FWaUzEph20ckAUcrO1tDVal8tstsdHaiy38HPwJje1aMRYkALpvHA7lDR6rO97A2tIAgmLe5dkodqY9ogk7IedXdcFt6CJKroEf-k84lLK4VcrCGm2Lc6zw1jvC9WeNBJty6ZzWXPllnk_jJ8j3IH7oPFKJtP69rkGzvzYcPmOzDi-foPCaayqw9JA8VCKqxfN4XZkVuYXU7Gx7cPUVRphGM4dythpVleVtqu11NiU2VonoT9QHsFoLjqpamvQmobI0j4bH8ROZsg2Xw0iymNDk-KZ9zfh88Z1zALL6EKZ5WREaJ73SIzUpGMVmkcDDxA45IQZDtlPbmRyl4ajHBiQ5xY6UzQDgyLiJJeda2YIHGWA03xjIjUIu3DbIGN3WPYHeCI21Bpaz4JWAUTpFO4YPCmjf9ORB5PwAsMa24GYJqfSsy94wps1KDJDF5Rnukw-xqOy01NWc2a8UEa69oQrpMYRODameyFmMslsqyWQG4M9iziGjmLvK-hjAaUFNbMloYPwoKI96lrwj9gjvXWtUiUukaS153rEB8Ao3O6aVdA3PZmCrRTCE8LSCLKnoOY6J5Ba6HSLFBaXo0s6my5RspWPl69MxQ__twKNv1xDIg2wjrqS-mpsD8IuzLbZDAm33fjDhA_afAnkRoZOEuceCLcEW_jD8jQ8LABsnmCShffLXLrzBwVJWoTvBQoxQ_vnYx1T6ZPSqvioH0gZ4P8C-NfqbvOYld3MxOMOcYOh282LI_q1cty03DB3ER3P19uX3jTDfo49ejh5s7VrdYoqQAsjSFfFqUQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.ctfiot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ctfiot.com/	1970-01-20 19:34:39	Name: X_CACHE_KEY Value: 0fb62dbe226745d5af165aa5b1396bf2
.ctfiot.com/	1970-01-20 19:20:15	Name: __gads Value: ID=c928d0ade4b36720-2247e59e26dd0075:T=1677519721:RT=1677519721:S=ALNI_MbbaVL8EzRrYmmRTYdIxUiFT3S10Q
.ctfiot.com/	1970-01-20 19:20:15	Name: __gpi Value: UID=00000bbd022d08d5:T=1677519721:RT=1677519721:S=ALNI_MboTb1G2wqVyJ_Es-nADfj60b50QQ
.doubleclick.net/	1970-01-20 19:20:15	Name: IDE Value: AHWqTUkgs2f0b1KyX94HBHiPb99lCf1EVO303E0N5d-8jFtyylgqeZEhI3Aq7niH7WE
.doubleclick.net/	1970-01-20 09:58:40	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 09:58:43	Name: DSID Value: NO_DATA
.hm.baidu.com/	1970-01-20 19:34:39	Name: HMACCOUNT_BFESS Value: 70B484FF53306EC2
.ctfiot.com/	1970-01-20 18:44:15	Name: Hm_lvt_bfb1bae1f7c3200e814dc48812eadb24 Value: 1677519723
.ctfiot.com/	1969-12-31 23:59:59	Name: Hm_lpvt_bfb1bae1f7c3200e814dc48812eadb24 Value: 1677519723

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5738725703232626&output=html&h=187&slotname=1613153004&adk=3108791033&adf=2685228617&pi=t.ma~as.1613153004&w=745&fwrn=4&lmt=1677519721&rafmt=11&format=745x187&url=http%3A%2F%2Fwww.ctfiot.com%2F84447.html&wgl=1&dt=1677519721089&bpp=2&bdt=1114&idt=279&shv=r20230222&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2033547941122&frm=20&pv=1&ga_vid=748044950.1677519721&ga_sid=1677519721&ga_hid=2000006046&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=295&ady=288&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44777876%2C44759926%2C44759875%2C31071755%2C31072479&oid=2&pvsid=2486803866210066&tmod=1398381272&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=EqdkE0B9ws&p=http%3A//www.ctfiot.com&dtd=283 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://iowen.gitee.io/ioimg/banner/wHoOcfQGhqvlUkd.jpg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230222/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=1812271804&client=ca-pub-5738725703232626&fa=4&ifi=5&uci=a!5&btvi=2&xpc=9qU2FxLMKx&p=http%3A//www.ctfiot.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.fr.eu.criteo.com
cdn.staticfile.org
cdnjs.cloudflare.com
csm.eu.criteo.net
ctfiot.oss-cn-beijing.aliyuncs.com
fonts.googleapis.com
googleads.g.doubleclick.net
hm.baidu.com
iowen.gitee.io
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
rtb.fr.eu.criteo.com
sdn.geekzu.org
static.criteo.net
tpc.googlesyndication.com
webapi.amap.com
widget.qweather.net
www.ctfiot.com
www.google.com
www.googletagservices.com
www.gstatic.com
103.235.46.191
163.181.56.157
163.181.56.170
178.250.0.160
212.64.63.215
2606:4700:3032::ac43:8d18
2606:4700::6811:190e
2a00:1450:4001:803::2002
2a00:1450:4001:806::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:812::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:831::2004
2a00:1450:400d:806::2002
2a00:1450:400d:80a::2002
2a00:1450:400d:80d::200a
2a02:2638::2
2a02:2638::21
2a02:2638::3
2a02:2638::b
2a02:2638::c
43.254.217.178
47.246.167.93
59.110.190.229
003a5b9f890301ca6d6a16067ba382c677704dbd777962094ceb13cc8e02691f
01e105efa6aa2dac21ed4c473d9e4a2d7a4fa9b75dfbf422492b811a90d23381
088e314361c62bba78a80c8a564afdeee8816ca6190b0e75ff8728b69483458a
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b76beda1d8f89cc0238e7d142204c58ffcf13a805e46b1180965576b86a831a
0ceb563d6ce39ba6ab2e90a1d7e6a39d737a2fa59db1914b115f784bbf97fa5f
13ad8d0b21c0abd385cd9a22bdfadb629ff2c61dac8ed078d253fbff86a24960
14802e61f2cec3035e2cea70e0a4020df3087732c56d1d7da69b80313e44719f
174883adcbfae2d24f1961f1188d2d4cf6a376f7d76c897deeae6ae73d9f9187
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
24200ac3011d540d50fa4b106b7d7235cfa23072219781027043bd27f3c90fd3
29a31520bc903656c1e3a0b7cec4e9bd09c08be77bcfc81cfae651cff20d88fc
2af80fa01149593a6c149453e9122cb26be25727871b6ddb3a6c54f7d0a0a93b
3081fe6cbc7629465d03afdbbc16a7451b4e97a974352f3abbf937d370f611c4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3611b386116e7e438c02481fba54e23b2664b7f2f3dd272294ea666abfbcf975
36efc755f05780deaf89959e5c2b204aa9a350f4a3b4e5a60a65b4c1fa919758
3b1fa54e2b1020eda18b88565c88b44463adefad297fac2f626d1ee655d95c81
3deda25f1d4dacb2dcb6291e32e305b3390f6225a657f45ce798101dcfcb9865
3e072a40ac7b8d13ac916ea7414702ef308c98d0b3d53835a361ffff11a4fcaa
3eabaf6acfbd158fa8f9b6c8e2a7f59a93cd3c19ca45e66c709f2170964541de
4ad66d2fc22f2a561e0519fde0bd5201adb13638c2e915e1a6a6a718a7bf4dad
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86
5112ac3168dcb0f524c0f4b7fe192ba56498cfced86ba0f43e2317fd203f769c
553300264e11fc1c15eb6c77712247af6f3279dd30635e8e18b908cc27773375
555a32719a765814ed74707dab579134cbc81165f78cda3d4b18384db9fb1dad
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
58231b220fb9f219879e59d429d1f296e0ccfbabafc64d8770cbaab9556a64bd
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5d84a57ce0022d737a58075ef1c11bb5d7c0e44f295322af3a2ab44624fa777a
5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
67bbcec2522f3b5d3e8a265e3057004fe9c9961bdce0646dcbc9c32bf06e5aeb
69516c5b557bb540ee7689c3dcdd8b8a4e316e491ffbac7a5b68d9122e1b9bdd
6973024936e5b30b98046977013de466de5de1708457e2ab9cc2bb44dc09ff72
6fd835f91513bdeeefe407562f5c83472fb230a2da64c0c3b251a4c405f5b75a
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7d8cb0bab3d38083ea1c2a74cb0e7afae629ecfbfa94ee54082e757c2e5ce6f3
801ebc9c46c6ed651e93f00b2fab16e10313285daa06b4379ea2c01b29508306
82a2035073e3fa275a56a11c64eb9b2b1fb3f555c838a42078106d5ce88e570a
82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a
85835768d6794f80035b29fff038a04fa42825ce0544b02dd2b4f55092adb99f
8624e47fbc98da71a8a527c43448425ce8beef821df0a90734f32a5158a8600e
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
879d7f01dd3917ecbb14ad61f7a7fb2459eb8e64696ff8490f4e2b9e516e1ac7
888180f949ce3256b7645c096982387db53ba52b9fc3021e6915b1a206451ddd
89204a080269f635d11ee5d9954f75a059304b0c63447563d7af8f5703100620
8a7739925f4c03586479852df840b7061948832a7fda30c8c812d2ea4dd4c4f2
8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910
90ed64a9f35760e4c0d9cc589fe8bbb1907c5cc6532f57b23f7034ea76c3c9bc
9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9b4516ae3b2534cf72366dc9a08cc2b2b4515bc026ee27b1b9b3ae157eba0f75
9b7020c1101560a4c6f12849bcc65f9d73082d45cb3797a94e419f66b089c7fd
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a98ec3f69f36e318ea735bc23c706d082af381647b2568b0d0db383ccee91c1a
a9f78cf64a78524116f35fd026869be8eedf06ef0a049ef9b2fb4284fd20943c
acffe1f922a2f176a4380234fe6f127d8e1f60d9ac1af14062c36900e04a9f9f
b00e1b2de916ebd46dabc76a63345844e4cf92f194552c2657b50f1c11cc2be8
bc28fe6766e5031d146e88c56c66c9c6f7b4109a1acf8eac8ea183b171d7326d
bcbfb497acfc129d549983bc6babf0114d712f321c937fa03b2dc597faf58415
ca2427c5350b6c6ee1acd7342ca166a97be33dbae0dc55901774a4de8c6cd706
cc2268b0683385b78e72a7f2e0f99bdb12a04447ea71e0f40b5fcbeb4575053b
ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d08ce327aecaf9346df404c646d7888923fe28749ed47a094a2dfa7785a77809
d6dd1118d02d34312560c0f0ba37ea97e99dc72b3acd7d0f43eff2a18532dcc9
de2eaeb68648a3e566d547f241f0c083964914077cd3d4e6d9e8b15b7d881d53
df2dfa82bf583e4ced392fa74c2fe4278611e3df6cc89f91bfff78259f7274cb
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e12c6e6b042870857fb07f66c9fc2358a428a07f1690b4d8af56d0142b340f3a
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2b94f353fafcae37092fdd244b0c1af1c80d050c614dc3c1f9bcd7ff2d1bdd6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea488b4ce9e192ce45a4da3bccae3141a3b7ded30dccc39c09923c3b0dbf6105
ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600
ed21007455ea27799318d438dcc6d6c5de589abc3d7c9563bf6f7b848b94ffe6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

www.ctfiot.com Open in urlscan Pro 43.254.217.178 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

121 Requests

77 %HTTPS

68 %IPv6

19 Domains

25 Subdomains

26 IPs

6 Countries

3426 kBTransfer

5785 kBSize

9 Cookies

1 Outgoing links

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ctfiot.com Open in urlscan Pro
43.254.217.178 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

77 %
HTTPS

68 %
IPv6

19
Domains

25
Subdomains

26
IPs

6
Countries

3426 kB
Transfer

5785 kB
Size

9
Cookies

121 HTTP transactions
3 data transactions