ezefidelity.com Open in urlscan Pro
198.54.119.222 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Submission: On December 16 via api (December 16th 2021, 11:24:49 am UTC) from US — Scanned from DE

Summary HTTP 325 Redirects Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 28 domains to perform 325 HTTP transactions. The main IP is 198.54.119.222, located in United States and belongs to NAMECHEAP-NET, US. The main domain is ezefidelity.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 18th 2021. Valid for: a year.

This is the only time ezefidelity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	198.54.119.222 198.54.119.222	22612 (NAMECHEAP...) (NAMECHEAP-NET)
12	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
8	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
15	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bd37	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a02:2638::18 2a02:2638::18	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
4	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
58	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
54	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 5	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	16509 (AMAZON-02) (AMAZON-02)
2	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
5	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
6 6	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
24	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5 5	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	79.137.69.120 79.137.69.120	16276 (OVH) (OVH)
1 1	34.202.255.214 34.202.255.214	14618 (AMAZON-AES) (AMAZON-AES)
2 4	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	18.196.159.27 18.196.159.27	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:f72f:72e8:49ba:7270	16509 (AMAZON-02) (AMAZON-02)
325	31

17 198.54.119.222 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server269-5.web-hosting.com

ezefidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:4c::666 (United States)

ASN54113 (FASTLY, US)

www.techrepublic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bd37 (United States)

ASN13335 (CLOUDFLARENET, US)

www.windowscentral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638::18 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:fcb8:22d2:d390:5f1b (United States) 3 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.190.78 (United Kingdom) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.165 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 79.137.69.120 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: gcm10.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.202.255.214 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-255-214.compute-1.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.159.27 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-159-27.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:f72f:72e8:49ba:7270 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
121	criteo.net static.criteo.net pix.eu.criteo.net csm.eu.criteo.net	952 KB
42	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	104 KB
32	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	354 KB
24	criteo.com rtb.nl.eu.criteo.com ads.eu.criteo.com rtb.fr.eu.criteo.com cat.fr.eu.criteo.com	417 KB
17	ezefidelity.com ezefidelity.com	170 KB
15	gstatic.com fonts.gstatic.com	676 KB
14	wp.com c0.wp.com stats.wp.com pixel.wp.com	79 KB
9	google.com adservice.google.com www.google.com	1 KB
8	cloudflare.com cdnjs.cloudflare.com	40 KB
8	googletagservices.com www.googletagservices.com	292 KB
8	googleapis.com fonts.googleapis.com	5 KB
6	pubmatic.com 6 redirects image6.pubmatic.com	3 KB
5	rubiconproject.com 5 redirects pixel.rubiconproject.com	2 KB
5	openx.net rtb.openx.net	607 B
5	quantserve.com 3 redirects cms.quantserve.com	2 KB
4	rlcdn.com 2 redirects id.rlcdn.com	1 KB
4	google.de adservice.google.de	1 KB
3	gemius.pl 3 redirects googlecm.hit.gemius.pl	668 B
2	mookie1.com odr.mookie1.com	430 B
2	google-analytics.com www.google-analytics.com	20 KB
1	innovid.com ag.innovid.com	297 B
1	agkn.com 1 redirects d.agkn.com	761 B
1	everesttech.net 1 redirects pixel.everesttech.net	375 B
1	windowscentral.com www.windowscentral.com	40 KB
1	googleadservices.com partner.googleadservices.com	648 B
1	techrepublic.com www.techrepublic.com	49 KB
1	ampproject.org cdn.ampproject.org	23 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
325	28

	Domain	Requested by
58	static.criteo.net	ads.eu.criteo.com
54	pix.eu.criteo.net	ads.eu.criteo.com
24	cm.g.doubleclick.net	googleads.g.doubleclick.net
18	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
17	ezefidelity.com	ezefidelity.com c0.wp.com
15	fonts.gstatic.com	fonts.googleapis.com
14	pagead2.googlesyndication.com	ezefidelity.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
12	c0.wp.com	ezefidelity.com
9	csm.eu.criteo.net	ads.eu.criteo.com
8	cdnjs.cloudflare.com	ads.eu.criteo.com
8	cat.fr.eu.criteo.com	ads.eu.criteo.com
8	ads.eu.criteo.com	googleads.g.doubleclick.net
8	www.googletagservices.com	googleads.g.doubleclick.net
8	fonts.googleapis.com	ezefidelity.com cdnjs.cloudflare.com
6	image6.pubmatic.com	6 redirects
5	pixel.rubiconproject.com	5 redirects
5	rtb.openx.net	googleads.g.doubleclick.net
5	cms.quantserve.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
4	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
4	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
4	adservice.google.com	pagead2.googlesyndication.com
4	adservice.google.de	pagead2.googlesyndication.com
3	googlecm.hit.gemius.pl	3 redirects
2	odr.mookie1.com	googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	www.windowscentral.com	ezefidelity.com
1	pixel.wp.com	ezefidelity.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.techrepublic.com	ezefidelity.com
1	stats.wp.com	ezefidelity.com
1	cdn.ampproject.org	ezefidelity.com
1	www.googletagmanager.com	ezefidelity.com
325	38

This site contains no links.

Subject Issuer	Validity	Valid
ezefidelity.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-18` - `2022-04-18`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.techrepublic.com R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
windowscentral.com Cloudflare Inc ECC CA-3	`2021-06-05` - `2022-06-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-03` - `2022-01-31`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 26 frames:

Primary Page: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Frame ID: E8B76B6CD168333C6D78D0E46F887390
Requests: 58 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 641505478BB652BD25BBB74F35B6E30F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&adk=1812271804&adf=3025194257&lmt=1639653882&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882792&bpp=3&bdt=606&idt=89&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3038830078054&frm=20&pv=2&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=106
Frame ID: A1BF6877A71AA4733E8486201A23FDC0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111
Frame ID: 543B184B6D59FCE5C6015F7A2BC1F3C0
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230
Frame ID: E40891D0480E33A48BB10D3A9464DA7C
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Frame ID: 06396EE26DC2513B19AA1FEC90A8B437
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
Frame ID: E1C7520DE9E768D9761BB6C750019D33
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Frame ID: 7E9833A65C972C58EA1FEDCFF17CD9CD
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
Frame ID: C67F11AC461A6E3571AE690AE496EF03
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
Frame ID: 0162963B2383102E603F3ADD1A17D14C
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: 8909CBD652298E2976917629FFF369BA
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 9FB9493795131EBDDBE3361078F2CC7F
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: 0CC817BF53D864FB64CFB7CDEFA6D4B2
Requests: 23 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: 1C43AD2F3D84ADAC0029D2D8079D19F3
Requests: 22 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: C3F2C23C19ACA29AE0CCA139DBA7170F
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 744187E971B7C932159A7500EF9A9DEC
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: D72F3018DE1F5F3C6DD12E35BEC28338
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 04FE3FA0B553393C554D326E837833A7
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: C90CB2D106776976211A0F8FCB11389C
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C0EE8C0706029EE7093252394F193B10
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: F470453F7BC1E651970361078E0A5C03
Requests: 24 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2C76BFCAD482ABECB50CD1FA9C473A98
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Frame ID: D48297E45AE6CB328AB84F1CE0BEF2F6
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AE915160285BF3B7A3C36373CF3DF110
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1E40DDBCC8925024EE0C5C6AD8AB721B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4B8E77796FFC7A52B2E00D57D5A72F4F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New Microsoft Exchange credential stealing malware could be worse than phishing - Ezefidelity Curated Contents

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

325
Requests

93 %
HTTPS

54 %
IPv6

28
Domains

38
Subdomains

31
IPs

4
Countries

3263 kB
Transfer

6512 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 171

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKkxHz1vR2Uds16Fv-NM7-0&google_cver=1&google_push=AYg5qPI3gKWtAXPpRz6-w6yfitku3fGT9C-gSGm-uIdm910FK3pmvZrm2imn0fcaNQiw1L3JSFxppxavphY0sNCrMFYo5wG9qERAbQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKkxHz1vR2Uds16Fv-NM7-0&google_cver=1&google_push=AYg5qPI3gKWtAXPpRz6-w6yfitku3fGT9C-gSGm-uIdm910FK3pmvZrm2imn0fcaNQiw1L3JSFxppxavphY0sNCrMFYo5wG9qERAbQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI3gKWtAXPpRz6-w6yfitku3fGT9C-gSGm-uIdm910FK3pmvZrm2imn0fcaNQiw1L3JSFxppxavphY0sNCrMFYo5wG9qERAbQ

Request Chain 172

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJ0Jp4-ONlcVOeF5TXFSjA&google_cver=1&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rnnJuhTkH7Kd26ad9kUNG9NFVPC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1UDYtOC1GNVk3&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rnnJuhTkH7Kd26ad9kUNG9NFVPC

Request Chain 173

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_cver=1&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA

Request Chain 174

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEHooOdyKht1i5tL6z6yE5r8&google_cver=1&google_push=AYg5qPKKZZmtWw2PVtBikkob99QJZmoB7-xFjfS5P4IUIL435hDKmePQ03SN3bUica07bRAE-A9jpg810M93Ul1Tx7Zm8vDKiBhdBJA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKKZZmtWw2PVtBikkob99QJZmoB7-xFjfS5P4IUIL435hDKmePQ03SN3bUica07bRAE-A9jpg810M93Ul1Tx7Zm8vDKiBhdBJA&google_hm=

Request Chain 209

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJbsf9HluO39pQmNuFdyZl4&google_cver=1&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oiy5NA5kzQuny7Vwq-Wq4L6TDyRSACjLtY9TYGedVH8 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oiy5NA5kzQuny7Vwq-Wq4L6TDyRSACjLtY9TYGedVH8&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Request Chain 210

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-OqqFMFZ-ILMAXsrTRwnQIMj1wfIHs1-h-qG-etB1Ho96E2utZAN1I25aTQ&google_gid=CAESECeHA-4wC8empTQmY8de7rs&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzaC1BQUFCRlpjLW1TaQ&google_push=AYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-OqqFMFZ-ILMAXsrTRwnQIMj1wfIHs1-h-qG-etB1Ho96E2utZAN1I25aTQ

Request Chain 211

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLq8essNMN6YG1vnsaB-LeaslAzorCaUVDz_s5vUNeU1RM6BFO-8CzGtZGfn0U0Tt9G1PApOc1Vfow4721pZIrciG5EJBQ&google_gid=CAESEEA4OyYP9uAEfsSvw-UzNjA&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPvD7I0GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMcThlc3NOTU42WUcxdm5zYUItTGVhc2xBem9yQ2FVVkR6X3M1dlVOZVUxUk02QkZPLThDekd0WkdmbjBVMFR0OUcxUEFwT2MxVmZvdzQ3MjFwWklyY2lHNUVKQlE

Request Chain 213

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEObuXG3-xzPCLW7tqK2Ln1o&google_cver=1&google_push=AYg5qPIJH5ltgWtT4SzypaYBlSishHjp5yNZf5B7PLytq93qMN_XJIzIQa6jWk4TAAydEPS82AZ-aLggqOLpe7JbRyjQT_XK2Xg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIJH5ltgWtT4SzypaYBlSishHjp5yNZf5B7PLytq93qMN_XJIzIQa6jWk4TAAydEPS82AZ-aLggqOLpe7JbRyjQT_XK2Xg

Request Chain 214

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIjUUO5olnId6ib8X5ewfmA&google_cver=1&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPBejv1iIMPei9H9b0GmcIaivn0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VTQtMTItTTNOMg==&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPBejv1iIMPei9H9b0GmcIaivn0

Request Chain 215

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI

Request Chain 227

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKmcw5qJVE6Cptp2hZeNSpU&google_cver=1&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSzraTnjvTZm22pbQK8gcmeJnjgJrXMjaAOBbg110zX-N HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSzraTnjvTZm22pbQK8gcmeJnjgJrXMjaAOBbg110zX-N&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Request Chain 228

https://d.agkn.com/pixel/2175/?google_gid=CAESEBCRckufbgFRpwh3NRPaMWM&google_cver=1&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q&google_hm=Q0FFU0VCQ1Jja3VmYmdGUnB3aDNOUlBhTVdN

Request Chain 231

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEECwpDuIxq2qx2AkbHrYTA8&google_cver=1&google_push=AYg5qPJKBKANSvqG0waibGYAC8FWPMFG3sQgwSRb-FPQAfUGdzdPkP32Rh7OlrSEIgk-Y_dwzX_kV_-0cfagtYW7bkinqm2PNKBSmQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJKBKANSvqG0waibGYAC8FWPMFG3sQgwSRb-FPQAfUGdzdPkP32Rh7OlrSEIgk-Y_dwzX_kV_-0cfagtYW7bkinqm2PNKBSmQ

Request Chain 232

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPIDSqfOXmPIxmxTTc1hO2c&google_cver=1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnOkSHl4vRkRB_zqDLbWyQOti4lw4A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VjAtQy1LNUo1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnOkSHl4vRkRB_zqDLbWyQOti4lw4A

Request Chain 233

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECGiep9hO8-umIyWW1xHwFE&google_cver=1&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE

Request Chain 238

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEF10AtpmmBqP2Q_A_0WspVY&google_cver=1&google_push=AYg5qPL5nyBeYdhLvqwXg7oSQI6hjDOIvwk11pTZrrPR2wA6S8wQ5X2XZYCTRJnxqjOG23kQ1Q72mZTKE1ezVqj4A32AimtyKpc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL5nyBeYdhLvqwXg7oSQI6hjDOIvwk11pTZrrPR2wA6S8wQ5X2XZYCTRJnxqjOG23kQ1Q72mZTKE1ezVqj4A32AimtyKpc

Request Chain 239

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFkKCFfljEZbc-RluX0RHlM&google_cver=1&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2qMORdgX-jam9vBKdjC79Ywf8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctMUYtNTg2OQ==&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2qMORdgX-jam9vBKdjC79Ywf8

Request Chain 241

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIW-zHAWJnN-K8QgCXf7iKQ&google_cver=1&google_push=AYg5qPJZKkYJmPbqS-bfaIdx2bsCNl6-C2wkLjz4VfhRKilhk68xyJBIykDdKWk9MNvFFbmhHkTr-h-SDNW4rBgIp1w31enmJVBe5A HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJZKkYJmPbqS-bfaIdx2bsCNl6-C2wkLjz4VfhRKilhk68xyJBIykDdKWk9MNvFFbmhHkTr-h-SDNW4rBgIp1w31enmJVBe5A&google_hm=

Request Chain 253

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI5PANPni8ZT458q3fYFwIM&google_cver=1&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FNcinJNeIPfxDFT6yYYuZTIB8mHCLAQ5wJc5U-JaWiwd HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FNcinJNeIPfxDFT6yYYuZTIB8mHCLAQ5wJc5U-JaWiwd&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Request Chain 254

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJRvogCfobn0bAVQfMFCCme2xDY2Mg9sEyAcq3uIesvXjV8oGM9DRL_hxrzvbIi4rEVJRbYFt__l8fszR_R60WYbI9UfUu0&google_gid=CAESENQU37hVmOI11QcIDL8PRM4&google_cver=1 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZkdRS2tpb21UNkxZNTNtOXJ5ZXkyUG9VUzk2R1lRVVRvTlctQ1JxdU51bw==&google_push

Request Chain 256

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFOduBHgqvXXLA2lMjuoWuA&google_cver=1&google_push=AYg5qPLH4JsX5CI6J1Gk-KHfPFcuvsHSHjr9zpr4RKuPieXRtm1-e3BmkowG7urfuY8qb6ieSfSvVVXrYSfpa2CvG5m4Iw3PKcU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLH4JsX5CI6J1Gk-KHfPFcuvsHSHjr9zpr4RKuPieXRtm1-e3BmkowG7urfuY8qb6ieSfSvVVXrYSfpa2CvG5m4Iw3PKcU

Request Chain 257

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGLo-MIwGKyW3C2dYZ8hQRU&google_cver=1&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxqlw-oTL5lvA_BWKpWWgj1MGocg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctSy01SU1G&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxqlw-oTL5lvA_BWKpWWgj1MGocg

Request Chain 258

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg&google_cver=1&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg

Request Chain 259

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEBTOHo3YikxnFr40pKSkywo&google_cver=1&google_push=AYg5qPKANoICgiKC2-Iot9bbTIU_Ye_Uej3EJr_NfExFhm14W1p3lSLt120KsKzscWK2iQgHv79OffCV0MaMp1aFfEE_a3xGAhp6Ug HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKANoICgiKC2-Iot9bbTIU_Ye_Uej3EJr_NfExFhm14W1p3lSLt120KsKzscWK2iQgHv79OffCV0MaMp1aFfEE_a3xGAhp6Ug&google_hm=

325 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/ 53 KB
15 KB 776ms
473ms Document
text/html 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 339b42022a5c5d1a8d7c38b8858b47de06456939204b7481d685d84ad094da08

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
x-pingback: https://ezefidelity.com/cc/xmlrpc.php
link: <https://ezefidelity.com/cc/wp-json/>; rel="https://api.w.org/" <https://ezefidelity.com/cc/wp-json/wp/v2/posts/53431>; rel="alternate"; type="application/json" <https://ezefidelity.com/cc/?p=53431>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Thu, 16 Dec 2021 11:24:41 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET
H2 200 style.min.css
c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/ 79 KB
10 KB 24ms
7ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Wed, 01 Sep 2021 04:05:58 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/ 11 KB
2 KB 25ms
8ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/ 4 KB
1 KB 25ms
8ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 wp-automatic.css
ezefidelity.com/cc/wp-content/plugins/wp-automatic/css/ 3 KB
757 B 303ms
301ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 22:58:55 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 537
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 style.min.css
ezefidelity.com/cc/wp-content/themes/mesmerize/ 177 KB
23 KB 304ms
301ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/mesmerize/style.min.css?ver=5.8.2
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 4af950d27d1ca08f7edf1e344722c92459fdf4adc55085514df27ad58fe0809e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 22:59:20 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 22997
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 style.min.css
ezefidelity.com/cc/wp-content/themes/highlight/ 9 KB
2 KB 151ms
148ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/highlight/style.min.css?ver=1.0.23
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 282c618736bf8e467273d46332d7fcbbcbf8721a1bd2967f8cd7b410cae1e777

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 22:59:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 1931
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 theme.bundle.min.css
ezefidelity.com/cc/wp-content/themes/mesmerize/assets/css/ 101 KB
15 KB 152ms
149ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/mesmerize/assets/css/theme.bundle.min.css?ver=1.0.23
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 4122023e5f7e22cd0d2dc7bb99cf441cb2ba32b7b3b1b6dbc6cf23e1afe7c699

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 22:59:20 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 14966
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 arpw-frontend.css
ezefidelity.com/cc/wp-content/plugins/advanced-random-posts-widget/assets/css/ 275 B
474 B 454ms
450ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=5.8.2
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: c097810c5c2818c403e04fffc03a639cde42bdecb0c53323119cd7f77f8394fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Mon, 06 Apr 2020 16:01:16 GMT
server: LiteSpeed
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 275
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 style.css
ezefidelity.com/cc/wp-content/plugins/newsletter/ 6 KB
1 KB 453ms
449ms Stylesheet
text/css 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/newsletter/style.css?ver=7.3.4
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 23:00:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 1187
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/10.4/css/ 85 KB
16 KB 24ms
8ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.4/css/jetpack.css

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a6e9c02837fc4e15d5f6940b514eb5c52f7a752cdbb05862097e7239ad7366a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 16 Nov 2021 17:11:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/10.4/_inc/build/related-posts/ 6 KB
2 KB 23ms
8ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.4/_inc/build/related-posts/related-posts.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2256c9e5605323f852f232fd6819a02cf2cac3e04c84299e19efe83037fd8cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 05 Oct 2021 16:47:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/jquery/ 87 KB
30 KB 32ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/jquery/ 11 KB
4 KB 30ms
15ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 main-front.js Show response
ezefidelity.com/cc/wp-content/plugins/wp-automatic/js/ 1017 B
550 B 452ms
450ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/wp-automatic/js/main-front.js?ver=5.8.2
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Mon, 15 Nov 2021 22:58:55 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 316
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 52ms
30ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-69923469-3

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0cc0ffe953e6c1cc392636121f01fdb0631bbf89cbdd1509b731df85edcbf0fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36250
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 full-page-script.js Show response
ezefidelity.com/sl/js/ 2 KB
892 B 453ms
451ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/sl/js/full-page-script.js
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 2381baaeba6a84dfa9123f08eaf1630063db5244949ca0ad5138728fa5f75990

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 22 Oct 2019 12:47:39 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 658
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 77 KB
23 KB 132ms
104ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

645485015c5d8228f3ef262fbdf0f17d98c611572362df016aa987401acdee4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21970
x-xss-protection: 0
server: sffe
date: Thu, 16 Dec 2021 11:24:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "004ff9b7e34c458b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 52ms
27ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0771625264589778

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51c61b7e589ad7e53e07bfaeb90ac973ec367a23af7a698bbad05e224c82d05e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ezefidelity.com/
Origin: https://ezefidelity.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51854
x-xss-protection: 0
server: cafe
etag: 3659596353964022577
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 51ms
25ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d3a2bc52d73a4558b1e56460cd42d0cd42633fb52301767ad6a0736c6a9d697

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51875
x-xss-protection: 0
server: cafe
etag: 3613476724334273631
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/10.4/_inc/build/photon/ 758 B
425 B 29ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.4/_inc/build/photon/photon.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 imagesloaded.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/ 5 KB
2 KB 29ms
15ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/imagesloaded.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 masonry.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/ 24 KB
7 KB 30ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/masonry.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 theme.bundle.min.js Show response
ezefidelity.com/cc/wp-content/themes/mesmerize/assets/js/ 83 KB
22 KB 150ms
150ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/mesmerize/assets/js/theme.bundle.min.js?ver=1.0.23
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 35c013f7b44dec194fda7044e8cd74fd39a03a400feba0909d5bec3c9fb5b220

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 22:59:20 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 22594
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/ 3 KB
1 KB 29ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/comment-reply.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Thu, 18 Mar 2021 17:48:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 theme-child.js Show response
ezefidelity.com/cc/wp-content/themes/highlight/assets/js/ 4 KB
1 KB 452ms
451ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/highlight/assets/js/theme-child.js
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 1e78d1657dcf126646e7434b8e17a66064c4680a8cf3bbb147c2dd4d1887194a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 22:59:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 1072
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 intersection-observer.js Show response
ezefidelity.com/cc/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 9 KB
3 KB 452ms
451ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=2d4bf43f398489795f1893179047a63c
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 30 Nov 2021 22:16:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 2894
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 lazy-images.js Show response
ezefidelity.com/cc/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 2 KB
1 KB 453ms
452ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=1c8bb5930b723e669774487342a8fa98
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 2a4e9b3f33edb851ba930430bdbf317a3b95e0974763617d68ec0b555a3bb8fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Tue, 30 Nov 2021 22:16:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 897
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/ 1 KB
719 B 29ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/wp-embed.min.js

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 11:24:42 GMT

GET
H2 200 image.js Show response
ezefidelity.com/cc/wp-content/plugins/featured-image-from-url/includes/html/js/ 2 KB
777 B 452ms
451ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=3.8.0
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: caacfc6a3602fe9a189a4bd15792c4bed2fce634c04716f515e6c07cda07315a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Sun, 14 Nov 2021 20:51:26 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 543
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 e-202150.js Show response
stats.wp.com/ 9 KB
3 KB 24ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202150.js
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 04 Dec 2022 22:02:47 GMT

GET
H2 200 wp-emoji-release.min.js Show response
ezefidelity.com/cc/wp-includes/js/ 18 KB
5 KB 151ms
150ms Script
application/javascript 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-includes/js/wp-emoji-release.min.js?ver=5.8.2
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: br
last-modified: Sat, 07 Aug 2021 10:31:28 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 4539
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
H2 200 css
fonts.googleapis.com/ 27 KB
2 KB 42ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%7CMuli%3A300%2C300italic%2C400%2C400italic%2C600%2C600italic%2C700%2C700italic%2C900%2C900italic%7CPlayfair+Display%3A400%2C400italic%2C700%2C700italic&subset=latin%2Clatin-ext&display=swap

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

35b2d1ac247f3a17e699b2de2e3d56840a7e6a0ae84cd7d3e03be275e55e26b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ezefidelity.com/
Origin: https://ezefidelity.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:09:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 malware.jpg
www.techrepublic.com/a/hub/i/r/2018/03/12/82c2546a-42c0-42c8-881b-801d6ad4f9a4/thumbnail/770x578/5a0e4cb8873ff20588cb6c3c70251789/ 50 KB
49 KB 75ms
16ms Image
image/jpeg 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.techrepublic.com/a/hub/i/r/2018/03/12/82c2546a-42c0-42c8-881b-801d6ad4f9a4/thumbnail/770x578/5a0e4cb8873ff20588cb6c3c70251789/malware.jpg

Requested by

Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bec997154c405b3f9ea3f37a76cac6c00e9c8a6fc8ce2f4ccfe2f3dc0507b350

Security Headers

Name	Value
Content-Security-Policy	default-src https://.techrepublic.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
x-goog-meta-x-goog-reserved-source-generation: 1596354967695621
strict-transport-security: max-age=31536000
content-length: 50110
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Sep 2021 17:39:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"205ba98628c6af250955d15edeb3b9d4"
vary: Accept-Encoding, Accept
content-type: image/jpeg
via: 1.1 varnish
cache-control: max-age=31536000
content-security-policy: default-src https://*.techrepublic.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 20:34:34 GMT

GET
H2 200 fontawesome-webfont.woff2
ezefidelity.com/cc/wp-content/themes/mesmerize/assets/fonts/ 75 KB
76 KB 296ms
295ms Font
font/woff2 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezefidelity.com/cc/wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/wp-content/themes/mesmerize/assets/css/theme.bundle.min.css?ver=1.0.23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server269-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://ezefidelity.com/cc/wp-content/themes/mesmerize/assets/css/theme.bundle.min.css?ver=1.0.23
Origin: https://ezefidelity.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Tue, 20 Jul 2021 22:59:20 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 77160
expires: Thu, 23 Dec 2021 11:24:42 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 32ms
9ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%7CMuli%3A300%2C300italic%2C400%2C400italic%2C600%2C600italic%2C700%2C700italic%2C900%2C900italic%7CPlayfair+Display%3A400%2C400italic%2C700%2C700italic&subset=latin%2Clatin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ezefidelity.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:52:02 GMT
x-content-type-options: nosniff
age: 509560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 13:52:02 GMT

GET
DATA 200
OK truncated
/ 346 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33bd49d31f23be1a33218dc480ad8e4eee1a41df9609e809a5651761be3e72db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 286 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b27e9bf03959bcad17ed4fe96bd4233a8ffa6333b90f46d51dd3f1c3524cdd89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
100 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0771625264589778&plah=ezefidelity.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0771625264589778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 11:24:42 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 6415 11 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0771625264589778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 18:36:45 GMT
expires: Wed, 29 Dec 2021 18:36:45 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 60477
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-69923469-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6588
date: Thu, 16 Dec 2021 09:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 16 Dec 2021 11:34:54 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
648 B 39ms
17ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ezefidelity.com&callback=_gfp_s_&client=ca-pub-0771625264589778

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0771625264589778&plah=ezefidelity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9746861fb6cfe5d016dea6f9bfb08d51dd639fb97e39a21e867898ff564cad27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 38ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 39ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A1BF 47 KB
15 KB 200ms
200ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&adk=1812271804&adf=3025194257&lmt=1639653882&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882792&bpp=3&bdt=606&idt=89&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3038830078054&frm=20&pv=2&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=106

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3020fdf86f2bf73af3dce2315d5374163d1b8bd70bb6bfcfb6d4438fbe516a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 15275
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 543B 22 KB
9 KB 228ms
228ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abffe09b58ed17f9265423a94c62c8358e162f23fdb33ecf5081e2852470ab37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 9477
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 28ms
13ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1208496737&t=pageview&_s=1&dl=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&ul=en-us&de=UTF-8&dt=New%20Microsoft%20Exchange%20credential%20stealing%20malware%20could%20be%20worse%20than%20phishing%20-%20Ezefidelity%20Curated%20Contents&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChACUABBAAAAC~&jid=1991673667&gjid=2038620072&cid=1587159289.1639653883&tid=UA-69923469-3&_gid=1460021533.1639653883&_r=1&gtm=2ouc10&did=dZTNiMT&gdid=dZTNiMT&z=1701855292

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ezefidelity.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ezefidelity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 8ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.4&blog=191512273&post=53431&tz=0&srv=ezefidelity.com&host=ezefidelity.com&ref=&fcp=1314&rand=0.4795134248545765
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/ 3 KB
3 KB 271ms
271ms XHR
application/json 198.54.119.222
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.4/_inc/build/related-posts/related-posts.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

198.54.119.222 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

server269-5.web-hosting.com

Software

LiteSpeed /

Resource Hash

73e6eeb1e762e297c0eded9f282d989c700deaa7d31ec394a4c2e50cdab1a51e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
x-requested-with: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 2631
x-pingback: https://ezefidelity.com/cc/xmlrpc.php
content-type: application/json; charset=utf-8

GET
H2 200 nvidia-geforce-rtx-3080-12.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/10/ 40 KB
40 KB 80ms
33ms Image
image/webp 2606:4700::6812:bd37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/10/nvidia-geforce-rtx-3080-12.jpg
Requested by: Host: ezefidelity.com
URL: https://ezefidelity.com/cc/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bd37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 597e9604e744b7ca996a225bce1817ad4ad5b55d91783c995e0eacef31854aa2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
cf-cache-status: HIT
age: 422657
cf-polished: qual=85, origFmt=jpeg, origSize=75433
content-disposition: inline; filename="nvidia-geforce-rtx-3080-12.webp"
content-length: 40500
last-modified: Tue, 30 Mar 2021 19:29:11 GMT
server: cloudflare
etag: "60637c07-126a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 11 Jan 2022 14:00:26 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6be78c013b440f72-MXP
cf-bgj: imgq:85,h2pri

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 33ms
18ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E408 23 KB
9 KB 218ms
217ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8c33caa7c2d0c89e307766f9e6f3a9624a5215124210fb4aba71e1cec1d9084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 9629
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 149 KB
53 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54385
x-xss-protection: 0
server: cafe
etag: 4993246191385855005
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0639 26 KB
11 KB 241ms
241ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b82fd226fb0a5ddc09cccc5097e5e8c2c220292b044d78cda63af49fe52f4448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 11539
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E1C7 25 KB
11 KB 217ms
217ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10d1508cbe47bee0eb03b9dea53696c0d21596e27b748a3a449348772f6cc8f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 11443
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7E98 26 KB
11 KB 168ms
167ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c4cb13f2b91e120b58f1f06a4428ffd5dfdd8546f5a33c9f50cae5028d382ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 11609
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C67F 26 KB
11 KB 230ms
229ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4f0169306cf4318c3296c554e93fa8fb97cacb92f0b62369610f9b29c6e28af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 11572
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0162 25 KB
11 KB 217ms
217ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abe726620852054617d4736bf3185fb49206c41537f9ca6e180e009274ab8f13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 16 Dec 2021 11:24:43 GMT
server: cafe
content-length: 11393
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 543B 2 KB
1 KB 38ms
12ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 543B 119 KB
37 KB 48ms
23ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 543B 15 KB
7 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:22:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:22:50 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 543B 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUDD_-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSUAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJvSGeR-VWDeTkIyC7e_ixypZrpRtcR66O5lbtwpsbozbTe4m2TJ5oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=_fgt1SsoaVs&uach_m=[UACH]&cid=CAQSGwCNIrLMqVfP2eKLd0nBHVdd8p4lor18CLTN6xgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 543B 0
0 65ms
20ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAC-8BKMQw-y8EPohu2FzdFMz0iwqnAFBFgAS&wp=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 299481

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8909 184 KB
54 KB 171ms
133ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2004008016&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653882&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882795&bpp=2&bdt=609&idt=107&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=1635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=GSERyDWzsh&p=https%3A//ezefidelity.com&dtd=111
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 7e2c1f4edcaa8cbe57dcf89bdea86fcac3f488e9e7fdc2f6620e828b5661c344

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=l2CFagCkmVX2188B-8Ah7phppNCc1bYl0F4Y1juO-x_SlJd8Iu_TxBB1wTUQT_UP9DXFIKYIeX-IN4FayWyZF3OsesMAUqp4WvltmlIZ5v-yPPFnjmv5EwcSObDs93x-JO0AaFHPSc3x6G7-yd8Jf8VCaXw8_UNqDI7A_Pf53h2UhW0r-T6wSpygED7VR4oRQ99YEClLyBu2gplAW6chIoGuUW0zt7RN0WcFuAY67jN17fc0tbn3VR8CQskC6OHHOHVfDA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 117287038
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ezefidelity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 9FB9 11 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 18:38:26 GMT
expires: Wed, 29 Dec 2021 18:38:26 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 60377
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 0CC8 167 KB
52 KB 88ms
85ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: bb23e5b0f3e4347d7093695914fab0874f9c8c8afa2327209ce503ad9a64b88e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=_tczvQCkmVX2188BXsXmwslW780LwuFBNBKy9cCMJMpoSkf-JIuOwGIQ3j_1FnwuLmIy5Mx4vQPBD5bWcMAyuxguZhhOwRBmqoCBUkQOmQSdzkjEW0JJ7U1UPwSunHr8n35EuZOqavRCn-IqoBSFt6kbFqKoiziWrB1JagxWCvJvL_ZyJ3pFJGlR69dO_iug9c_huFcDcoU3Ee_gBzy9hy_1vSrsI23OAOAmgIeBXPakJtk5n1RmGJgXi8S-FMa3X5w3fA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 69427246
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9FB9 2 KB
1 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FB9 119 KB
36 KB 52ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9FB9 15 KB
6 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
DATA 200
OK truncated
/ Frame 543B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26dcf17454b959fbd89863812109a63aa0fe82906d00ef23ca2a808ba70cc5b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E408 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E408 119 KB
36 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E408 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E408 0
0 41ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQahgr3fQ9Vp5C7OLB3vbmjq03ynz5-4AaBxWrzXHr-l-4FGbpeOoIuoRBzRkYeyc-ZmoqjJ-g92iovwws1hecV2T21Iw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E408 0
0 46ms
45ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CD2Z7-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSUAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGZhzzDqSiQfVfDo6DWqMdtl0maTJK9X6E1_OJxPupH8pQ1SNBMB5IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=QQX_htXv8v8&uach_m=[UACH]&cid=CAQSPgCNIrLM5XKAerJTBPUYhnLrkp4pk9qPRM3aX1X-1n0qLN12c-G7WmLhRLCgDUmjOGIoodIa8PVnHJsluhJvGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame E408 0
0 53ms
17ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAC-8BKMQw-y8EPohu2FqjDUps4tR5KTlCQAS&wp=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 260250

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1C43 142 KB
47 KB 101ms
101ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&slotname=6048710865&adk=3998119155&adf=2186368364&pi=t.ma~as.6048710865&w=830&fwrn=4&fwrnh=100&lmt=1639653883&rafmt=1&psa=0&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653882797&bpp=1&bdt=611&idt=136&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280&nras=1&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4729&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q0TfuTU6zK&p=https%3A//ezefidelity.com&dtd=230
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: b933c5d018434e06e8e8f11e07f2d19e1e82eb9b1e8fdb98cb1433caf6abbfc7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sq1oiACkmVX2188B67G6YKt1FUuOnJeKLaR5OAm9MXvFB06NP1-UO0kp6pM_2fJ0V2RyqScgGPgPLFJWSsTSTwAoTwQbQwx_c5e1RXnQwrleuve_D20cCvjbZBwnnxKo5LAvS09j-8NxkMVflhi3p6ynT5iIV5fT23PkAmeLZvBbvVRBGcVv47WQC4sYhMeJfIbI9syP5kxP0-sdejctGK6pkPjXJoMmL_1iJ_-mH0S9sjrmuZlpu0j1y64B9AFq24hQEeZSjWilQ5xw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 81127947
content-encoding: gzip
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 9FB9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 751d75ad2c75da5674b0852be686d2dc295818bd2f57c030bbb6a54ade358618

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E408 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f39ecfebd496c8e44a03b27bb3f3e83bf00d05242a808c8fbc92a27d9669054

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 0CC8 2 KB
1 KB 63ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 0CC8 2 KB
1 KB 58ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 0CC8 308 B
608 B 46ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 0CC8 507 B
807 B 47ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 0CC8 43 B
322 B 55ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=JWxYpzqIuRg9IBP6gwNPNSoSd0Uq34HCfcOArKrnvq85h93nvXkPBZ6oN03hy8VsH5tPrEUsGRfpdYy4Hv3hQxg_PLTiQB4ghxRk9vjqa9KkuOTZfk7taX_8mUGxzr2KrtnAjRh7ADN6-yIIQ3CWJoYqaobH9twfHVZNB2XG-3Imfp0l-snQlPDVgmqMRrzEX44qzfxC9PQIQwQPT0lbkGuL6pIxe36dt0Wfxuo7RoyOmskEPEzCZ6nM-Hln99_QpA6bvM7ydUvCYVsyRn3NvE_2zH3CjTndTc5baMxG6CSfDQ0EUx-weEQP8629XmrVtLBquaWq17ZE6EQXEBWCCrFz4MRXlQsQ2xrxrxDRo5m1_rnzeOtIXHDI4RjfNUk8LEd-dlstOoxzuctEP7IqjXBGOw4XkW3VbqWjR-ZR_Hz9xtpfNamdTL7Q7Agmrl5SkBYxdw
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:42 GMT
server: Microsoft-IIS/10.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 6546
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7E98 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7E98 119 KB
36 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7E98 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7E98 0
0 32ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrtV2J38B0BvlS6YXDAW4CqjYjA9DxAIIvPAtrroPN1Yo-S-T70MOZS98tj9unJH--gOJk9OqR6Js3c6tsd_6-ka38fg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7E98 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cxxsv-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSUAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJAQIz5qJb-K3ksMP3UU7WH0yAZPD3dXKtXieDyS14MWtNU82ccKSoAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=m9XQ8FghGmM&uach_m=[UACH]&cid=CAQSOwCNIrLMMIb_tXO7BhT-hBbfKJ85Da8vT7NQlDUqVAU02s2ZvCElBAx1eDLjL4FbKAB2QESmCgl7LIJ0GAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 7E98 0
0 19ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAJuEQPSjYwzXEPshu2ELbF4MXWSTJffJlQAS&wp=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 323461

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C3F2 175 KB
51 KB 113ms
111ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: e534f1a4ecb06e9095f432f5c33564dbfdc68ff9074e3b2564888c5d2389f383

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=4n3j8ACkmVX2188BZuHqquhgWX1v6wMD2FNlPDR2Fj50KcrzTWKOlUll2p4HVbv7oBNFMU9KzqjBPH71QRt6kvTmr6AxrGfxWRE99Si9gXNh7VQgbP7HZ8bOXsN80yWfTwHLhxkQaU92Ly0lb84Ar-2hJ3Eh3mu9-KALBHa3Pi2TSwBetkBdaqT8nqUoAJ3fUxywlLfP9Ls41_b3cg7l0y3NR3cNI-H3IAJBH_It8tB6OlfkJ7HBGtAPWne4O4oTBRy0Mw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 90977736
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7441 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 13:26:12 GMT
expires: Thu, 16 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 79111
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 0CC8 12 KB
5 KB 61ms
25ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDtNCtWlGhrGtzq%2FagFisC4CmVSnpYjFCeJ8wWC1ynSzUowW1C6%2FjHtAK20gQML7YUDYF8vkdNgsYB3nA0Y%2BYLJLNq1vrHzYTNCIfOltRSJKvY9yO7LSYKXJ3HpwbMmboqUH1znEud7%2BwOJyiCJQkGXi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c039bdd599b-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8909 2 KB
1 KB 20ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8909 2 KB
1 KB 21ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8909 308 B
608 B 21ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 8909 507 B
807 B 19ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame 8909 43 B
319 B 20ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=sQXCxwHbIRnoGeKlU3uCLY8ITtOCkpBguhvPkalR1Hm3B2hYp8XOTwuj_M8IRo-iwOIZY76Oc2CIKTEsthxazQ07bKPq2Dm0nPrUQVtsAYbDMKOYfx_vlAYG-CgoOKAgA_YoWSdSOIJeT3n3F9CSai6vpBfguVo255RZcbte5Qj9I75wJLiYH43oVKEjjtD0fFAGvMKTqOu2I5AaLEgCzqCbwNhZ0wiTPUFmLzk-94OPuuPBSs2H9czMOorKZD1A8CRjtcXMaR6kOk55eHL5nupnrFEOcRD7jikNaj0BHgzgK-8Ngg4RDUY7l5k3QvriGRn6yohRd6uIt_LDaycbnIYS57kFpmSGQIy0ZhCWQsKbsQbr8qcWP1dhzeOtTPauC3ulgqDifYbDuWORkzbYFVAucvQfEXnhWhk-G8k1NPiuuW8iVkmHbOoWN51MRO09x-fBDg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3576962
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 0CC8 12 KB
6 KB 21ms
21ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 11 KB
11 KB 56ms
24ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=244&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=Y8QTAylViRXd_YhTvIqILQK5
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129934
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 14 KB
14 KB 69ms
36ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 16 KB
16 KB 45ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 15 KB
16 KB 62ms
30ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561934
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 0CC8 0
99 B 52ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=_tczvQCkmVX2188BXsXmwslW780LwuFBNBKy9cCMJMpoSkf-JIuOwGIQ3j_1FnwuLmIy5Mx4vQPBD5bWcMAyuxguZhhOwRBmqoCBUkQOmQSdzkjEW0JJ7U1UPwSunHr8n35EuZOqavRCn-IqoBSFt6kbFqKoiziWrB1JagxWCvJvL_ZyJ3pFJGlR69dO_iug9c_huFcDcoU3Ee_gBzy9hy_1vSrsI23OAOAmgIeBXPakJtk5n1RmGJgXi8S-FMa3X5w3fA&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:42 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 0CC8 2 KB
1 KB 26ms
26ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 0CC8 2 KB
1 KB 25ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E1C7 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E1C7 119 KB
36 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E1C7 15 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0162 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0162 119 KB
36 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0162 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8909 12 KB
5 KB 42ms
22ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jO0FaEdVAot7SA%2Bf2eJyRieGLls4esGBpiMxwzgtI0MO20fyWw%2B5Nq1QN4tG7okgVzaquEml2JYbQq9LB186V1cINl3i%2BPVrUnnC1M5mToNPazcq%2FjFaDcTqy4yh%2FL8GWRM%2Bma4KK1lSn9LkJ5B0JbLu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c041b05374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0639 2 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0639 119 KB
36 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0639 15 KB
6 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0639 0
0 16ms
16ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQDEsT02qz8AQjcIwLBJdGyJ4nkD8CtR2eYGVSVSwR0uPhaTSfMSL7CSMPtFiMrtJ_oI6hZgrZfbNNoJ0rClQBYBOX4g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 7E98 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d802fa9c0c6b720f6d7980662dd39b38e775391a730b12274c7aea9bfd0c366

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C67F 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:23:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C67F 119 KB
36 KB 30ms
27ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C67F 15 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Dec 2021 11:21:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C67F 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSjcVX8FOCrXeDvXttbmozayYEf_h0ahDwln3KgswgOjhXvUTwkw0_xGIdAN-MtVuiTnr4n275rq_875PXUiWXNunAzpA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E1C7 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6Fkb-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSUAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tPrQA8pbDmS2keZjxn6VcZs5th7ciERveh0pDcA32jSy_FeFhFOsoAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=9nbd4bdqjQg&uach_m=[UACH]&cid=CAQSOwCNIrLMvRgus4nw_4zuhBps9vMkaf_duo6oTHDPjxNKL7eFpMGoIUIQxrKWzTJDB0C7YOs1IE5Dnxj2GAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame E1C7 0
0 21ms
19ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAJuEQPSjYwzXEPshu2HVP-w682hs8-tEPAAS&wp=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 291175

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame D72F 177 KB
53 KB 199ms
199ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 84d88022fbcb7a9beb224ef558f20f0258bb4e4bca65dbf68aa1d3b9eac6ae66

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sfS9swCkmVX2188B8zGe1rpXmIJ5fC3nCffFjUBNPRqlXgRrddiAU22cCAUT_Q3Cu9NOo8pkZ0b4amS6OcFiFYLhhjFIsy4huAHvPDxKoOb52oLQ1sDwQ9-Z3I2XZzq1GvY2_hp3xu66NVx1dLqBMGfLqRY8wVQQO3tYuUDYU_mi80hREhhK6PmTmhajTbUEzO_s_rEiZKYhA_SUtPWyH4bb8otEo1whayJLQvDmzDFoHGEduZ6k5ZpdwhYKrs3cB-4OBA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 175685742
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 04FE 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 13:26:12 GMT
expires: Thu, 16 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 79111
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0162 0
0 74ms
74ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmSUV-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSUAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6dtKMOHKZsQaCkflqoeuclG3uuK_Z5lJgyDNyNYisSbYM2YO7En04AG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=y5hd0ROnRaU&uach_m=[UACH]&cid=CAQSOwCNIrLMIZAwofq7JObZEvEXv2lMfpQpk_lCM9ROoqLMu5ePtuNzWHAQWJ5wnex8Zcd0hUHBg9oQZ-CSGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 0162 0
0 140ms
139ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAJuEQPSjYwzXEPshu2ERjQUfbfBm2d-cbwAS&wp=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 192577

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C90C 145 KB
47 KB 114ms
113ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 694cfd86ac8babc3f9b358b923c3f5f8c01724351c8ad5728fb2b003ce06edf4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=p81-EgCkmVX2188BfF0FXC8sjAQYf3QmO7XNHI7DJDCcWSRdUEvQC0PXG1W0t7-rOHjmG5PlPc9lF5Em9x2XkL9OkMc910woJXpI0b8Snvqa4shG3akKVwuTkOVd4NJTQNJo-SyPTKIurU5rWHl2uo_mV01gijZVejOgywqCtWh4-PZiLdqNfs-5JXkJslGO_KBi5k7hmNT5W4bcljgaMpqJCifJsAqxlYk3nwx561CJOS021AyGYO2H8wKpKXufl9Qjhmw3DDUeaRJ7"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 91061628
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C0EE 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 13:26:12 GMT
expires: Thu, 16 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 79111
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1C43 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1C43 2 KB
1 KB 22ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1C43 308 B
608 B 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 1C43 507 B
807 B 23ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame 1C43 43 B
319 B 20ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=toQScgHbIRnoGeKlU3uCLY8ITtMvJKwygySyCFKdDlbgzigUrK1rdh5Fb-9aTaUWoNBZ6u0I-Qkeb3xyZT1U_Hb_GFZ4SW6M9Kxe1SmSkx19SMddO6uLD2NfF4jICT9rU96KPu2Joepsa6y28M_f4Zd0GL4eOA14TCPq2CpMTEF044AAktKIYTnPDdTLypAc6gztrC1R0u_5POBafcbXPLC2Uzkdva2PsNXh0pjCV9AGq5Jq-zz9eBUsUoeryv2Z64vY-WA82jZxjI0xktvmI6yXi1mkZadtJwhIzEsHa5jIoM9NN8GNunvYopFAogQfXE_ZRUNsSxH0-NFhUEuV6I5FmUPwQyfknlZuY8AJTBPLHipPjcPt6foSaibfXNgDt0Xe5HnsysylP_Xmda_4uCNs8tlmk4Bbm2Yhyd7fUV9NQh-jnCHUhSvs1fFiozHSvA1W5w
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:42 GMT
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3231781
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8909 12 KB
6 KB 27ms
26ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 16 KB
16 KB 14ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 14 KB
14 KB 16ms
16ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 15 KB
16 KB 18ms
18ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561934
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 11 KB
11 KB 17ms
17ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129934
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8909 0
99 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=l2CFagCkmVX2188B-8Ah7phppNCc1bYl0F4Y1juO-x_SlJd8Iu_TxBB1wTUQT_UP9DXFIKYIeX-IN4FayWyZF3OsesMAUqp4WvltmlIZ5v-yPPFnjmv5EwcSObDs93x-JO0AaFHPSc3x6G7-yd8Jf8VCaXw8_UNqDI7A_Pf53h2UhW0r-T6wSpygED7VR4oRQ99YEClLyBu2gplAW6chIoGuUW0zt7RN0WcFuAY67jN17fc0tbn3VR8CQskC6OHHOHVfDA&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:42 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8909 2 KB
1 KB 19ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8909 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0639 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcRzp-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoElQJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe4K74InfTRnZTOdzs7mSwVaMHOTwPL_l2pn7P2lAStW75RNZkYmHgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMDc3MTYyNTI2NDU4OTc3OBgA&sigh=UButRISBapg&uach_m=[UACH]&cid=CAQSOwCNIrLMpwufMn1T1E9_ZuWO_PdrYW6X6rR2eTJweZPh96fIIxTPGn_aA924YtorGhDQb3X1P0SKIyE8GAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 0639 0
0 17ms
17ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UKW_EMz6RL4GmAKdg2ICAgAAAJuEQPSjYwzXEPohu2FZzvVhTXAX4Hwv5wAS&wp=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 217011

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame F470 233 KB
63 KB 190ms
190ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 0cc033a256662cdb5eca9ac2d3268f55d71fbb671fa100ae8b28432db5485041

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=QY2E3QCkmVX2188BXXsDaulmDUpU-G0GJMVQlWtQmOj6wbEwmhtAiEhiEVMlRec1KVQT72JFJDIqt5v56vJjsFJicOnBVw_gDGLyzLhoT_wmrg4luUP6OtEkYIHdSvr0a9Vc4eNYmvWNi4O4dEMEucvTWZ49o9A4lBpeWdos7a_ndQtmBcYwx5od5TEBwgjnp1fST8yPKYIt1ftUq44SBHB8aibKnuoBtmwAzAd15IATwZ7zReiWFW3v2AAsbEa7AThI0A"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 173248083
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2C76 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 13:26:12 GMT
expires: Thu, 16 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 79111
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C67F 0
0 73ms
72ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXvml-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSUAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkhYMJSYwVgxTtOl4DD9T2tgZHxdcEaYDdeH4-poJkcSUYR39Pei_IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTA3NzE2MjUyNjQ1ODk3NzgYAA&sigh=20fD9J7bfQs&uach_m=[UACH]&cid=CAQSOwCNIrLM1W3P3gWBQh_qtoGwEO4O5Nnm5JLl4F3iBxi6pxQVrS8QoqIdEvOAnClhXlXGNOy8lGkWwhbYGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame C67F 0
0 23ms
18ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RL4GmAKdg2ICAgAAAJuEQPSjYwzXEPohu2EzGcPPnyI9Z3U48wAS&wp=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 291170

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame D482 153 KB
49 KB 99ms
96ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 7d68537350caf99cf662d54a822805337ba0dcb6f058e40389f0682825ca9697

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hbdchgCkmVX2188BDP19RTGATLRhwGWk2S3ev3C353gS95_RmojnUKHzVv92v9K8FO9qRhdb6gk7JyCQCBiSnv3yFAxoXKt19qMbG3-3PShzlgK3koQoyi9K8gKc-us-MTrPxKrvt9-EX4v3rvS_J0QQSJXHmfWsemnOGCttvd16zG4fPucA_7BQjlI2TreppPrSKAGnQy_8DxseSuGQV7VVqQu-tcyT1ROq7F5ZhiXni3Rg9USIsF8gabchZAcypMxlYw"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 80251036
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AE91 1 KB
749 B 8ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 13:26:12 GMT
expires: Thu, 16 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 79111
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 16 KB
16 KB 13ms
12ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 15 KB
16 KB 13ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 14 KB
14 KB 14ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0CC8 2 KB
507 B 31ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:25:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 1C43 12 KB
5 KB 25ms
25ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ht816Bjf8kkb%2BTILW7k7k6vd4Ymc%2Bc%2Bv%2FcOxdjBd2OJXuzgYlLa4N0e8PebanVKalZtdjakibkk4Qug4YOaoRRIcI3H9XO9qtd2YjJ1G6viIq94B5W1dNFKPLcOIueEST9P3fwZMn9gHjh1fxstJFWHm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c04bbfa374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1C43 12 KB
6 KB 20ms
20ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C3F2 2 KB
1 KB 24ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C3F2 2 KB
1 KB 24ms
23ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C3F2 308 B
608 B 21ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame C3F2 507 B
807 B 20ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame C3F2 43 B
319 B 25ms
24ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=pRlVMgHbIRnoGeKlU3uCLY8ITtOoEj6P7TmyJzeW-TwM9RLxV5v9-uIcJU8CEIYJkL-1YghulP3rIcWzkmx6f7Z09Eq0cOwNCNFinFrNCLDzkEWTZz20AfhHpGPpEn19w1T9iOk8Lpji1DxHX-QGkEHGYL9vZ4GLFbVO8U4GecAdxlf993KamT5NYYpewwleI-PIF_RXgSEye_GpBugr--cRRj8rL49sKmNXHEKiNUS9daEqMsiK6Ft5eFqVOpot3Dp-bquBmtOj7fUjODAD0Cr-Q0I_e50gGIq_LzelukPHNKO4pjk5ODAprSyGj58tyDUgI9s9QIAJ-d9flKXrOUrrxctxwIfO6ClHHqWwM8Z8SaI7FswfGU-txVck1d7J8ZGsy-e81LHPVh6DLV3Eq5DYRD_q3FizKDkiZtjU7GBzxa8NTdZfQ8CxwqTtoXBbNWzDOg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 7761575
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 14 KB
14 KB 14ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 7441 35 B
463 B 26ms
9ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKTZ_hhHDZy66q4o4oi5k4w&google_cver=1&google_push=AYg5qPL10YMijUw4Ju3QOM3QKFVwuJ92nufavIEO6GzJ-AHkq38f5NIwUJDYaElum7AvCJtoGMIWCSibdELziEIjKBtLUfSONoV_ig

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 7441 43 B
324 B 45ms
16ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELoPs-MzLz2KgrwMqf4992k&google_push=AYg5qPKJWnT7h_sA9On8SR2IhdwXkIm-wLwz5u7JbgIEO3kYWdnohZGxeY09l8NaZuOR5OhpqIdNtVVdbpUKyN4EAxj4j_HaIp46hA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 7441 43 B
351 B 32ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEL8nQAkfoqtIPbrINLIogc0&google_cver=1&google_push=AYg5qPJ0f9GJhrrw9adY3cOabKiC6eAs9j5N0zr7RZHodAKV5Smz-yzOMlm9uSYexIJyfxVRz4X86YOx1Bkyc9EOw2sGLAXiu-fBwQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=475532430&pi=t.aa~a.3149907417~i.11~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280&nras=4&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3077&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=PyCBTjyClp&p=https%3A//ezefidelity.com&dtd=25
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 53rfogimrj8qsao5qheeeu5833q2odmg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7441
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

21ms
21ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI3gKWtAXPpRz6-w6yfitku3fGT9C-gSGm-uIdm910FK3pmvZrm2imn0fcaNQiw1L3JSFxppxavphY0sNCrMFYo5wG9qERAbQ

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI3gKWtAXPpRz6-w6yfitku3fGT9C-gSGm-uIdm910FK3pmvZrm2imn0fcaNQiw1L3JSFxppxavphY0sNCrMFYo5wG9qERAbQ
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7441
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJ0Jp4-ONlcVOeF5TXFSjA&google_cver=1&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rn...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1UDYtOC1GNVk3&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rnnJuhTkH7Kd26ad9kUNG9NFVPC

170 B
188 B

33ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1UDYtOC1GNVk3&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rnnJuhTkH7Kd26ad9kUNG9NFVPC

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1UDYtOC1GNVk3&google_push=AYg5qPKfB-_MWs_rtRoXfVuPzZmxDE-ZegVlJ-uI5cUH5EPSF2Fpt2hPRyFuDplSpblv7WJ67rnnJuhTkH7Kd26ad9kUNG9NFVPC
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7441
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7441
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEHooOdyKht1i5tL6z6yE5r8&google_cver=1&google_push=AYg5qPKKZZmtWw2PVtBikkob...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKKZZmtWw2PVtBikkob99QJZmoB7-xFjfS5P4IUIL435hDKmePQ03SN3bUica07bRAE-A9jpg810M93Ul1Tx7Zm8vDKiBhdBJA&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKKZZmtWw2PVtBikkob99QJZmoB7-xFjfS5P4IUIL435hDKmePQ03SN3bUica07bRAE-A9jpg810M93Ul1Tx7Zm8vDKiBhdBJA&google_hm=

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKKZZmtWw2PVtBikkob99QJZmoB7-xFjfS5P4IUIL435hDKmePQ03SN3bUica07bRAE-A9jpg810M93Ul1Tx7Zm8vDKiBhdBJA&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 15 Dec 2021 11:24:43 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 7441 0
223 B 42ms
15ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lz9WwyIT8fUcgRkf_2hbLXO_gZsbyaXetturS3TCcuZyHaX7WspeZPDKRpWILOD9R7hzJ5_Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8909 15 KB
16 KB 15ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOUU8K0zIPAAngyOEBqAHRo7V3bb_h4Q&u=%7CqUmyKzsPUakATeQYywBDXeqZMf%2F7E1BOhBFhnVsQI0s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkSpDEjyNLSwgtXb5tcd2BmJK0qiNCLKuy5TVxOsuK15CDF58d5io2wu3Q-ygNxwMh_b_hVgkbVDGCBhC0-_MGubMMtces_pcschIejpmHIXDDnaEGOTKFopiIiq0YGtcR0GM1Y9RoGv0GxVIuDwvn8lLCMa3g5oWjXWYr421VzNdnXJY3zBxqo8TS-OO--4SNcjPTkq0Yrd0IHIiKD6AZXLDX7YNDz1uXvJ2yFfEHuDejzfh0sRT1tu9CyWmg_Wi8eM0d0eTC3oY0M83SNb4Kl5lz0R1GozUV1BmPp2fJMQxiEc-lX-_e1On1qpqtYBcLZEi3FKujiiAW-itN2iUVy_T-yC9jucL4cJs-FZa-yAdyErBXy8VNS550Xz9uiXNKIu-TOV2Bd6h3lRWjBJ1445VaDiKDugqW8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM-P0-iG7Yc-iOY_kzAbIwaeAC8me0rFc9dqW93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAh7fiegI_bI-qAMBqgSXAk_Q15JmwPsL5Ku9VRiZuCfXAohPy3YKPZ5oC3mvdHdak-83UUzKjJ3lJhKLRFxl2C9l3M-8hWAmXgbadrJdJBdRQPnp5R7ZduDTgv8UzHFm8zpAfmvttxpg_HIfhmwx0k6nXUhesR4vrEyIFCNDgMoavce1yk_a8qfHW12t_ibjYhpbbt0dIUJuLMqU5lqBX62j_jRw_r8UYDqAw6slE53cjBp5w_6FetA_MEJm2B4URAWQdDxIE-BB6uN9fjMlGrbzUqOhR6o1VPkZI_qhG-JsNZu2xd0hwnBCz-EpAPXjYKL1Dgmj8nN9NEw1jJuQG8Xs0u9CXf2uHxRvtrpRb65bA85U8GzRpuGPQwUtQS89MeDaWVr0FYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1HuJo5wzXt7kyCgweKy0V41B8N8A%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

GET
DATA 200
OK truncated
/ Frame E1C7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca186ea77c12b004d27c0881733d5fba3cbd82da38793cbbf58132aea231a813

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0162 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17e86871bfd30a1321cf31c44382901c229b1b1cc650290116030c395b85ff9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 11 KB
11 KB 18ms
17ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 15 KB
16 KB 13ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 16 KB
16 KB 17ms
17ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 14 KB
14 KB 15ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1C43 0
99 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=sq1oiACkmVX2188B67G6YKt1FUuOnJeKLaR5OAm9MXvFB06NP1-UO0kp6pM_2fJ0V2RyqScgGPgPLFJWSsTSTwAoTwQbQwx_c5e1RXnQwrleuve_D20cCvjbZBwnnxKo5LAvS09j-8NxkMVflhi3p6ynT5iIV5fT23PkAmeLZvBbvVRBGcVv47WQC4sYhMeJfIbI9syP5kxP0-sdejctGK6pkPjXJoMmL_1iJ_-mH0S9sjrmuZlpu0j1y64B9AFq24hQEeZSjWilQ5xw&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1C43 2 KB
1 KB 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1C43 2 KB
1 KB 21ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8909 2 KB
507 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:23:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
DATA 200
OK truncated
/ Frame 0639 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a2d424a714c60a7141468427b1f40b60e835b1a43c0badab18e4247cba866b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C67F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 187b9ea0fb35653d2871180c4527d0956223e3de4efcfd529772c89e3653e5d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 0CC8 44 KB
44 KB 23ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 0CC8 46 KB
46 KB 24ms
11ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163299
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C3F2 12 KB
5 KB 22ms
22ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQ62r8%2FakakeAHyjWOp9KJsKjokYguVdghceugbkA756rTHUiFzQVs6Ydquu2RoQ2Ieg8hKW5qPaLiJC%2Fm%2B0%2FeI59VZxUt%2FMdbr2LR8Cdb%2BXGjkwVwzrsOHSPIcMGd3ksewgi7TIKJOxsDjPbmg1vELD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c059d84374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C3F2 12 KB
6 KB 23ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C3F2 11 KB
11 KB 14ms
14ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C3F2 16 KB
16 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C3F2 14 KB
14 KB 15ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C3F2 15 KB
16 KB 19ms
19ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C3F2 0
99 B 17ms
17ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=4n3j8ACkmVX2188BZuHqquhgWX1v6wMD2FNlPDR2Fj50KcrzTWKOlUll2p4HVbv7oBNFMU9KzqjBPH71QRt6kvTmr6AxrGfxWRE99Si9gXNh7VQgbP7HZ8bOXsN80yWfTwHLhxkQaU92Ly0lb84Ar-2hJ3Eh3mu9-KALBHa3Pi2TSwBetkBdaqT8nqUoAJ3fUxywlLfP9Ls41_b3cg7l0y3NR3cNI-H3IAJBH_It8tB6OlfkJ7HBGtAPWne4O4oTBRy0Mw&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C3F2 2 KB
1 KB 26ms
26ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C3F2 2 KB
1 KB 27ms
27ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_qcK0x90AAuNvAyqa4SV72_dGm1RTA&u=%7CqUmyKzsPUam7z6j4RIHCA%2FMpXLNBXtNQHtCbtTQU2Bc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkS1v6u_9qooILE9eb8w7LevRPrDHGYVBz3RsLWdK9DuOy6Sc80ZBZ95bzyj5Rdy0S4lMzhVLR9k3XrXpdPaqbFeBEeFB69_nInUZDOg5o45lY_xDSu7TCmiB02B-P2_mqe-qrM7FWunaxcg1uTatxIZa1wzNx06KCr0XbW8-TVHDiyyk_3v6rIzOAetfwd1iOsveFX__RqQhcwMT3cZDYdJ9aZwn0EX-EI-lBfgSd9Yib9b74vZFZg061OMMwhvaEs3Ngwr4KzLImsvWLjzedqPyp_NCl5NzVqr9j15U0I-b__mlu7KPZqE6G3ZAAoa1s_Ci3GDandQXsH4HLvJKEg88xB04B_eKq_J5-I3MuCCgRFWTRYEWJYmvx8T6LIXPb_o3r8S66Ae8fGH5Uneoo5Li4fxZXv3LQEeoXNewgv-_g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO3UY-yG7Yaf9C_S-zAa8m67wCcme0rFcpfyT93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_QFRpyco7ywkSXeCydMlhUAJFNC8Wy-nj6-ems2AZEeavh2hf-LJTzQowVMtUVlNV5FVKiWMVkh4O0MMIZPUPs2F-Alh8dilysawGGYV7bazNn5Tg1IEW5dvnhk4qTDRGvPr3wdRsBqTzrFCRWHTFj7JP4_XOBJ2VaPT5WY3TLGh2cFgvidGv0hBw53_Y7iDBq3Od4zlJKqZrBvhpPfWV4TdvqOC8lHdfx_62bYc2Wm-ug3hFTprPBn90Jy5tuwvuXa03-zdm220uFxe7Zhz4RvY91RO2276_U5djWURWkpSQIlIz_w5S9LRclyJBSIR_4ojAWzfSQK9bE0McMwRJFuX15MldWsAE0JTwImM25c0MZ9ZdK1IAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3nRvC__2aGMJGBuA-XUWhUE93ZYA%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 15 KB
16 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-300x300-nocrop.jpg&v=3&w=800&s=-tyUtdqQsKMXzh8ee8u6mi7H&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29561933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15700
expires: Wed, 23 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 14 KB
14 KB 15ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 16 KB
16 KB 17ms
16ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1C43 11 KB
11 KB 17ms
17ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAA6F4K0yNiAAtioP-spHSP8HMbI_kGUg&u=%7CqUmyKzsPUanNXsNTEPWRDt%2FsBisJUCet1%2FgIMPRc1Gk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTl87LElnAeG_HUGFhIUI8Z6clgLOcoEStFZgWHyKrvFUG1SwjCFl8X8f4eLavStOlO3rr3PNwZ8k9QTeqEJMVbiz8USwUKuNKYOoUgk_0W2G9hKnzskp4WedMVQraF3e7_DGHeOeVY8d1-XMIwgQOC4H8jR0wr7eQ44PGqgWfGb1W3iRu_lXvbrxCtxBiMoNEmLkPXSP-CEHvM0nCDSs1S-wvh58rtbfeTEw_d7q29mkrrYh5GN05GcSiqzEMwSGlNh6ZrH_AEeLjr2i0h8Sw2SxOXobbQRFmZ8JNu9WmJeQyieq3OW3LXVjYOq3YKOJOIMX2-BIS6cdf2EhQfpYhO7nOVF0enxarEd4mNGROCnME9YZF7JhS1j5AMc_UYP43SDtidL4zfYrQFx2ZpdHkJbuGm-gpMo9b_Mwna7ezPmA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC39Bw-yG7Yd7QA-LGzAagxa2wDsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q2leF0mBWj97t4ZWsMlcNDLgP1mnCChHnu1JruGqWhRQtdlYEJlg9CJZTHPda7W9Fqv4EHdJiv1iiHBFf5MQ7OKVtMQa_pGKHisubJq0ba032vneX1K1jrwHXFaHipOZdB4hukN36c9MXgt2njwFlIva2yJoZrcpAqttNab76F3L5TRyWByJ1XwRGDOpwhggNtREJlKZrCSayBbs56n-Ray9o9qMMgHwOayoYxpRCKw5zs7hqKO5wZk6g7Y7fCt8D1VEgDMo-MW1SmOu18BoZZT_pmowTHC2h3K0zG1kASXn_B_x7IFhLP2yGkGYjzRF4zauDRk90_JZ6DH2d23KZkqV58M_L8KHpSC7iiRXXnpcSWyuL9oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1uQY5FQtLe65zQr7Uj5bIF5Tmmcw%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 8909 44 KB
44 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 8909 46 KB
46 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163299
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9FB9 0
17 B 52ms
52ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrCtr-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEjwJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwFkWkXKhR0Y9CG1aM-SOLGvt0AN6w1eoznGZVdtLteawE2t7TTWpgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMDc3MTYyNTI2NDU4OTc3OBgA&sigh=pJ7S3KK__hs&uach_m=[UACH]&cid=CAQSGwCNIrLM1fbzcdJQURjDEiNkuja8Imvmm4JyUhgB&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 9FB9 0
97 B 22ms
22ms Image
text/plain 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RO0HfJ2DYgICAAAAm4RA9KNjDNcQ-iG7YZjuE8YqXtEGGSMPABI&wp=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
content-length: 0
server-processing-duration-in-ticks: 275936

GET
H3 200 css
fonts.googleapis.com/ Frame 1C43 2 KB
507 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:33:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04FE
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJbsf9HluO39pQmNuFdyZl4&google_cver=1&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oi...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oiy5NA5kzQuny7Vwq-Wq4L6TDyRSACjLtY9TYGedVH8&google_hm=pFP5nlh...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oiy5NA5kzQuny7Vwq-Wq4L6TDyRSACjLtY9TYGedVH8&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKdBq3Q8UZJ-gKzIaehhaq4Qho6fBh4vJlkndTS2-c4waei-RC4oiy5NA5kzQuny7Vwq-Wq4L6TDyRSACjLtY9TYGedVH8&google_hm=pFP5nlhuMcbEp1Jo94KeCw
pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04FE
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-Oq...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzaC1BQUFCRlpjLW1TaQ&google_push=AYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-OqqFMFZ-ILMAXsrTRwnQIMj1wfIHs1-h-qG-etB1Ho96E2utZAN1I25aTQ

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzaC1BQUFCRlpjLW1TaQ&google_push=AYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-OqqFMFZ-ILMAXsrTRwnQIMj1wfIHs1-h-qG-etB1Ho96E2utZAN1I25aTQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzaC1BQUFCRlpjLW1TaQ&google_push=AYg5qPLnnJY6YcojjvV4zJYzxJl_E5uyiLGeJ1cp-OqqFMFZ-ILMAXsrTRwnQIMj1wfIHs1-h-qG-etB1Ho96E2utZAN1I25aTQ
Date: Thu, 16 Dec 2021 11:24:44 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

1000.gif
id.rlcdn.com/ Frame 04FE
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLq8essNMN6YG1vnsaB-LeaslAzorCaUVDz_s5vUNeU1RM6BFO-8CzGtZGfn0U0Tt9G1PApOc1Vfow4721pZIrciG5EJBQ&google_gid=CAESEEA4OyYP9uAEfsSvw-UzNjA&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPvD7I0GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMcThlc3NOTU42WUcxdm5zYUItTGVhc2xBem9yQ2FVVkR6X3M1dlVOZVUxUk02QkZPLThDekd0WkdmbjBVMFR0OUcxUEFwT2MxVmZvdzQ3Mj...

42 B
306 B

15ms
15ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPvD7I0GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMcThlc3NOTU42WUcxdm5zYUItTGVhc2xBem9yQ2FVVkR6X3M1dlVOZVUxUk02QkZPLThDekd0WkdmbjBVMFR0OUcxUEFwT2MxVmZvdzQ3MjFwWklyY2lHNUVKQlE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPvD7I0GEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMcThlc3NOTU42WUcxdm5zYUItTGVhc2xBem9yQ2FVVkR6X3M1dlVOZVUxUk02QkZPLThDekd0WkdmbjBVMFR0OUcxUEFwT2MxVmZvdzQ3MjFwWklyY2lHNUVKQlE
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 04FE 43 B
64 B 27ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESENTDX-qQqV_zxOT5v8eMpiE&google_cver=1&google_push=AYg5qPKTAIEGHT4FzmMPxw-yEo3e7guopF56BrTz6sSrArSVAqmwLQa4vMvYVhFb_pL6X6I0KRs_Ije5If6AbfvE3fDZYrZSFA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: tel4o29omeirlndek6r7qa559cqpl1pe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04FE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIJH5ltgWtT4SzypaYBlSishHjp5yNZf5B7PLytq93qMN_XJIzIQa6jWk4TAAydEPS82AZ-aLggqOLpe7JbRyjQT_XK2Xg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIJH5ltgWtT4SzypaYBlSishHjp5yNZf5B7PLytq93qMN_XJIzIQa6jWk4TAAydEPS82AZ-aLggqOLpe7JbRyjQT_XK2Xg
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04FE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIjUUO5olnId6ib8X5ewfmA&google_cver=1&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPB...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VTQtMTItTTNOMg==&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPBejv1iIMPei9H9b0GmcIaivn0

170 B
188 B

20ms
19ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VTQtMTItTTNOMg==&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPBejv1iIMPei9H9b0GmcIaivn0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VTQtMTItTTNOMg==&google_push=AYg5qPK88hQdhJvG00NMCkT2Fh3jC1Mers0f73sGF7HYgerGKnqVeEIdP3IyMrGnUAN869-XpPBejv1iIMPei9H9b0GmcIaivn0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 04FE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3c...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 04FE 0
12 B 18ms
16ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JcbogA8m3Z6W60l9h3trlfI-hnHV6yeNJGkwf7bO_IIj1w05PSgjscx-CeAKASukBIcPg3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=836042303&pi=t.aa~a.3149907417~i.7~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280&nras=3&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2554&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=3PyvkDEawB&p=https%3A//ezefidelity.com&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C90C 2 KB
1 KB 24ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C90C 2 KB
1 KB 26ms
25ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C90C 308 B
608 B 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame C90C 507 B
807 B 23ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame C90C 43 B
319 B 23ms
23ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=DqfndgHbIRnoGeKlU3uCLY8ITtNTcVqfmKTyMQceviuYoVecJzjc7Y4ziCwCgLCbUh-BP0_TXc1p1YBrCxrnlrHqG6OpKJuuaX-3Q_CtRwWHFNuQ95arfqzxCD1vMf0qA-MJTAc6AQea_SUNvfLdsmrSdd3VxphMmkTObCPOMVCwcSfm_bd5w-TnrYLjdX8hQldBNINjwmPTMyprQcoTaN4HEbF-EmqxPV-KZLC7oxBvVvc-OEUMkNJCr-sdTLRJc5cI2jm9jlBai7ayHIZFW2FcFlz-TJkJL_o2qwBUr1nOvit1lvSl9eJJvipADn3Tl9Umm2kUWLMA5frY7wzXEiP3q-sMkCMNlBRJlP3Sq5SH6bYuoFvI_d7btuzHAMy7uC3qv0le87r4yYzeOeQT_UAX6wj6CD0QiyKt4mYbZW_HCMC2egdhVhG36iCzyzgMqabATw
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3222792
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame D482 2 KB
1 KB 22ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame D482 2 KB
1 KB 22ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame D482 308 B
608 B 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame D482 507 B
807 B 20ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame D482 43 B
322 B 21ms
21ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=KwgaDAHbIRnoGeKlU3uCLY8ITtOQaU70ABmZLk26rsSrxdIa4bPBFT3fpBqXodQ2IFx5R6X4eb1iAu0bGJKrISj9k_wL3FfgjvC4ARJLgPeurBLi2bnG_hAKqPCUlzZcxnzOzzH7FQFn5TYU306C6yfZi6yF3dYpCNF3ujyaGABCrp9WV2YnWspZueZf0Q7qUaSV0rdqvQTYahQDlm0JwieqbOmhPY7nPLB7hiTlYOYlkuWO88HXtal8yzo4yCoccodDEwUeo9ZBixtm47Sm4NjkTzmLe0pH45_uhMZehwspn6gbF-xUwNkfjT4T_h9VEAqHHx0vLPCfSvxIvSAwa-IITwCfNet4cob8EVb3c_jkFTM4o8F4yHExFkBL7bxnER7sDmaRKEXd1E1DOT_D3-XT_SusXD9eB4Dhvm8abZVkp4obl-EnhL_0aM1bombvT0WupA
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Microsoft-IIS/10.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 5870
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0EE
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKmcw5qJVE6Cptp2hZeNSpU&google_cver=1&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSz...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSzraTnjvTZm22pbQK8gcmeJnjgJrXMjaAOBbg110zX-N&google_hm=pFP5nl...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSzraTnjvTZm22pbQK8gcmeJnjgJrXMjaAOBbg110zX-N&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJq4IjSDWMks70SbSSzkuLAeBravBfw1yECoJbwsR7M5kz1VLULSzraTnjvTZm22pbQK8gcmeJnjgJrXMjaAOBbg110zX-N&google_hm=pFP5nlhuMcbEp1Jo94KeCw
pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0EE
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEBCRckufbgFRpwh3NRPaMWM&google_cver=1&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q&google_hm=Q0FFU0VCQ1Jja3VmYmdGU...

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q&google_hm=Q0FFU0VCQ1Jja3VmYmdGUnB3aDNOUlBhTVdN

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Dec 2021 11:24:43 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKEdLNtVcj8BTgWKBO4EMijbQwrHPPUEd-Vo6sRlLxh_KtZIOBa2gbsMw9JsVEHQRrCXEInGEk4_WCBroTEN--xnNFZBQ2Q&google_hm=Q0FFU0VCQ1Jja3VmYmdGUnB3aDNOUlBhTVdN
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame C0EE 43 B
106 B 19ms
15ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEHXKqjWqmi8AKfLRl5BoJKQ&google_push=AYg5qPLhJhP_kJe5w5Ejkf4v-ES64I1BjXIfZsMUnzIqgcWqh3Ueo8ZecyhV9YBctnXKvvK9b8Q4UJ0o4n0wGlXwCPkCxIPOf_h4kQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame C0EE 43 B
64 B 20ms
19ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEL3-OU1SRi6BdF0G-zED91I&google_cver=1&google_push=AYg5qPKuqJN83Vb0ZgNVZPzecnV4YyJJ5IBezuyNuayKbUv3r-MSJNSrGogvxSdahyYQtRIvnmEs48ZMK3QUoQVXprWbc4iMi8zHng
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: oedj25vlnau49paeoped129r4eimpip4

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0EE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJKBKANSvqG0waibGYAC8FWPMFG3sQgwSRb-FPQAfUGdzdPkP32Rh7OlrSEIgk-Y_dwzX_kV_-0cfagtYW7bkinqm2PNKBSmQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJKBKANSvqG0waibGYAC8FWPMFG3sQgwSRb-FPQAfUGdzdPkP32Rh7OlrSEIgk-Y_dwzX_kV_-0cfagtYW7bkinqm2PNKBSmQ
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0EE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPIDSqfOXmPIxmxTTc1hO2c&google_cver=1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnO...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VjAtQy1LNUo1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnOkSHl4vRkRB_zqDLbWyQOti4lw4A

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VjAtQy1LNUo1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnOkSHl4vRkRB_zqDLbWyQOti4lw4A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VjAtQy1LNUo1&google_push=AYg5qPIucHBA49PlGCHuHERPOejPX9IDKBGZwef3DQQlufMySaWixtEzyE2DSBXFKxr3twVkxnOkSHl4vRkRB_zqDLbWyQOti4lw4A
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame C0EE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECGiep9hO8-umIyWW1xHwFE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1G...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C0EE 0
12 B 16ms
14ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ICkato38cbGdjfU-n8-XH4jf7Fjiex5aobr_9yfzKJ4o73ehn5M3Qom-gGVoHfL3zH78XN

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=4121948066&pi=t.aa~a.3149907417~i.25~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=6&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=4479&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=QOX4ALIv2D&p=https%3A//ezefidelity.com&dtd=32

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2C76 35 B
210 B 16ms
13ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEANBEAhr_GolJZ6zW8Yi5n0&google_cver=1&google_push=AYg5qPIvlfo7t-4bpmoHQ-auhPlPuZ4nHUsI4EFxqznlv2gQvBjOtyk-OUhMDJsa6otTkaUmD__wmQN8O3k9kqwqzQbvrpJo8N5e

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 2C76 42 B
189 B 23ms
19ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJFO3C0RQQ_iNO5_t5XPDhYPirqk6zyy0Wmxm3mP9ULOuFuCBLboBRnCtvXDY_o_UAwzagw4l3Jyd1DtGCwwdg5EMMxO7g&google_gid=CAESEI7QgrHNBVb4NOydn2Au0Zw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3 200 dds
rtb.openx.net/sync/ Frame 2C76 43 B
64 B 22ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJ2v6zsZq6IUeF_lSiD9twU&google_cver=1&google_push=AYg5qPKkU-d8-FezKwoPn9e5hYPlT-MJDA1_AJQ_pOrPPWhHDoOQzHJ6hDQJti7McimjnlDswZ-NeihMsxh3aFhFEHMZczztZVHW
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ro3ho6lj4d3gsk8pp4aqefbcmdlrple5

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL5nyBeYdhLvqwXg7oSQI6hjDOIvwk11pTZrrPR2wA6S8wQ5X2XZYCTRJnxqjOG23kQ1Q72mZTKE1ezVqj4A32AimtyKpc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL5nyBeYdhLvqwXg7oSQI6hjDOIvwk11pTZrrPR2wA6S8wQ5X2XZYCTRJnxqjOG23kQ1Q72mZTKE1ezVqj4A32AimtyKpc
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFkKCFfljEZbc-RluX0RHlM&google_cver=1&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctMUYtNTg2OQ==&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2qMORdgX-jam9vBKdjC79Ywf8

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctMUYtNTg2OQ==&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2qMORdgX-jam9vBKdjC79Ywf8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctMUYtNTg2OQ==&google_push=AYg5qPIwRmOIa2tIDPEgNcRjnuDxpDIunjSSYbyJtNi2IkrRulMnOTdOOe7thTFFOvxLOMIHSN2qMORdgX-jam9vBKdjC79Ywf8
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 2C76 43 B
297 B 107ms
20ms Image
image/gif 2a05:d01c:1d8:8100:f72f:72e8:49ba:7270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEIjE5rfQeMWw9jQMtZWAs8Y&google_cver=1&google_push=AYg5qPJX55uw01KGSRTa1opQ886isITjDRC7LmTYc9dMrt9jbH8ESmti_5xN1l49bmRjrYy0LsGePJL3X0IuQ3f2f1XV_dB56Lo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:f72f:72e8:49ba:7270 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIW-zHAWJnN-K8QgCXf7iKQ&google_cver=1&google_push=AYg5qPJZKkYJmPbqS-bfaIdx...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJZKkYJmPbqS-bfaIdx2bsCNl6-C2wkLjz4VfhRKilhk68xyJBIykDdKWk9MNvFFbmhHkTr-h-SDNW4rBgIp1w31enmJVBe5A&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJZKkYJmPbqS-bfaIdx2bsCNl6-C2wkLjz4VfhRKilhk68xyJBIykDdKWk9MNvFFbmhHkTr-h-SDNW4rBgIp1w31enmJVBe5A&google_hm=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJZKkYJmPbqS-bfaIdx2bsCNl6-C2wkLjz4VfhRKilhk68xyJBIykDdKWk9MNvFFbmhHkTr-h-SDNW4rBgIp1w31enmJVBe5A&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 15 Dec 2021 11:24:43 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2C76 0
12 B 19ms
18ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L5OjoK7KLxt6VMaS4Y_jeWH7KK3i9DS1LCsSaKO0Te68ESrQ9HN4e3ZXHRFrAqhPFDDIyr3g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=1416419232&pi=t.aa~a.3149907417~i.5~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280&nras=2&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=2217&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=3G91gc7ryK&p=https%3A//ezefidelity.com&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame D72F 2 KB
1 KB 23ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame D72F 2 KB
1 KB 30ms
30ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame D72F 308 B
608 B 19ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame D72F 507 B
807 B 19ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame D72F 43 B
322 B 26ms
25ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=GtyWcQHbIRnoGeKlU3uCLY8ITtMqZZSsBg8djVNsjI_-ylXXX88C7yBucbBJYB54Sb8vXH-g6DAGKgriLfbjNiLkS5oP6pxJ7xJDxFZ1EONXOSGDpBROdRXptaXtBKUCH122-n_UcQWgvZR9miIfxaFiR0AyWu-VtowJN-e9Xztv2LLq_-HEkH58RJSTSh5tk3joukLM7kkDimDaJJ8V-GSdSXFSEq6E1gMQUYgpaISypC0Z8WkadvWmiVXN4NQQpA0ZmE32VeRrEVGQQK2s1az_1OK_uz5jQmV6ch3yyAZi-3UcpdU0QsaZBP-TBgnFacwuUjRpVmno1kASeKRqNVw-jhEYPesahJnGMp1eHIDOnBQtkz-6CqYJIF-RtlbEfOfQjVgGz-I0Kc19jMcqIXHk3w-gsbUHT89OHRl_1LC--kfDWksCi5CBxsXZeNvV_230zQ
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Microsoft-IIS/10.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 5177
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame F470 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy_small.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame F470 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame F470 308 B
608 B 20ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/close_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame F470 507 B
807 B 20ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/back_button.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame F470 43 B
319 B 20ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=uvdCWlpK7UNOzZVT8RZfYtdX4rBSFXbHaWzU4SZC51-Dj7_ChFzy3UabLYbPKpqO41sOm4Nb8eyUve7zD-50zIZnp7wKbmA8YyehQi-3VeSKk_iP9UlBQaMur3gB11sanxG6K1a-90dYvpGayOtJVp6D8eQK5Y_z5QKFj5OTBt4BKd6t7ZsIyQJqMR3TzOeK2-gx3peBH4ytF3p7_VWQBeSilaCRttTq8Qj4qWd7cElbUPGWYYz3VKzcO3LFp8FlLg1WvrLBZ7WPvrZR_PjhDmJieFWlUYH7Lhgjm-HmwbMfuEJIE__VXENgeaCqMo6xwgVL5mJSKmX8t4HWJ22pkhKqY5qiCM5xsP1Exj5QMLVIe93hQETX15vCMHA5xMyN0K4MT0qSw5xOaWWoCC_X3w97Hw9DVI8erLeW2-xh0lS-BTnU6_imY9-JQuLjaLX63ITPfQ
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2994762
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI5PANPni8ZT458q3fYFwIM&google_cver=1&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FN...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FNcinJNeIPfxDFT6yYYuZTIB8mHCLAQ5wJc5U-JaWiwd&google_hm=pFP5nl...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FNcinJNeIPfxDFT6yYYuZTIB8mHCLAQ5wJc5U-JaWiwd&google_hm=pFP5nlhuMcbEp1Jo94KeCw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKZ_59ME6h887Hyjk1R3jQ5P_HgH9zYtCNk2wWYOZqMAv_MTXF2FNcinJNeIPfxDFT6yYYuZTIB8mHCLAQ5wJc5U-JaWiwd&google_hm=pFP5nlhuMcbEp1Jo94KeCw
pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJRvogCfobn0bAVQfMFCCme2xDY2Mg9sEyAcq3uIesvXjV8oGM9DRL_hxrzvbIi4rEVJRbYFt__l8fszR_R60WYbI9UfUu0&google_gid=CAESENQU37hVmOI11QcIDL8PRM4&goo...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZkdRS2tpb21UNkxZNTNtOXJ5ZXkyUG9VUzk2R1lRVVRvTlctQ1JxdU51bw==&google_push

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZkdRS2tpb21UNkxZNTNtOXJ5ZXkyUG9VUzk2R1lRVVRvTlctQ1JxdU51bw==&google_push

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZkdRS2tpb21UNkxZNTNtOXJ5ZXkyUG9VUzk2R1lRVVRvTlctQ1JxdU51bw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame AE91 43 B
64 B 24ms
19ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGTVt3pJiKa2nLhyr7A3gdU&google_cver=1&google_push=AYg5qPLiJ-gCmlBgob7LdFW_MKZxIGbDUhx4HPtCOLWn1PfUNJguCX_UVGUZc_FegzNfLMH7IepMxmUy-karUtyz7zt5wLNqpa4E
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: hvdt49tkgcrkhm57r9u6p27lv7rsdrju

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLH4JsX5CI6J1Gk-KHfPFcuvsHSHjr9zpr4RKuPieXRtm1-e3BmkowG7urfuY8qb6ieSfSvVVXrYSfpa2CvG5m4Iw3PKcU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=EE4Ns1AsQkCCsAOzr1ISFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLH4JsX5CI6J1Gk-KHfPFcuvsHSHjr9zpr4RKuPieXRtm1-e3BmkowG7urfuY8qb6ieSfSvVVXrYSfpa2CvG5m4Iw3PKcU
date: Thu, 16 Dec 2021 11:24:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGLo-MIwGKyW3C2dYZ8hQRU&google_cver=1&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxql...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctSy01SU1G&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxqlw-oTL5lvA_BWKpWWgj1MGocg

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctSy01SU1G&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxqlw-oTL5lvA_BWKpWWgj1MGocg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4Vkw1VkctSy01SU1G&google_push=AYg5qPLa33GrCQjQK_qy3GtFm29raAlfcK2T5mXt1t_YliiZhLmDBTanu10iKJINUfP1ZVQLxqlw-oTL5lvA_BWKpWWgj1MGocg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCb...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE91
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEBTOHo3YikxnFr40pKSkywo&google_cver=1&google_push=AYg5qPKANoICgiKC2-Iot9bb...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKANoICgiKC2-Iot9bbTIU_Ye_Uej3EJr_NfExFhm14W1p3lSLt120KsKzscWK2iQgHv79OffCV0MaMp1aFfEE_a3xGAhp6Ug&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKANoICgiKC2-Iot9bbTIU_Ye_Uej3EJr_NfExFhm14W1p3lSLt120KsKzscWK2iQgHv79OffCV0MaMp1aFfEE_a3xGAhp6Ug&google_hm=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:43 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKANoICgiKC2-Iot9bbTIU_Ye_Uej3EJr_NfExFhm14W1p3lSLt120KsKzscWK2iQgHv79OffCV0MaMp1aFfEE_a3xGAhp6Ug&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 15 Dec 2021 11:24:43 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AE91 0
12 B 18ms
15ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I3KwFkleNhVFOdbLiqLFGBufgt93rdEQgye_BzeLQz18LbjAwDQ_2aMioYecGkbd7FGXSZOw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0771625264589778&output=html&h=280&adk=2581351080&adf=2163204513&pi=t.aa~a.3149907417~i.19~rp.4&w=830&fwrn=4&fwrnh=100&lmt=1639653883&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4922945232&psa=0&ad_type=text_image&format=830x280&url=https%3A%2F%2Fezefidelity.com%2Fcc%2Fnew-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=200&rw=830&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653883140&bpp=1&bdt=954&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D561c54aa7bf473d1-224cfd4e07cd0087%3AT%3D1639653882%3ART%3D1639653882%3AS%3DALNI_Mbl7IngKkPW276xZrax65DYTG18Eg&prev_fmts=0x0%2C830x280%2C830x280%2C830x280%2C830x280%2C830x280&nras=5&correlator=3038830078054&frm=20&pv=1&ga_vid=1587159289.1639653883&ga_sid=1639653883&ga_hid=1208496737&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=231&ady=3796&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065725&oid=2&pvsid=4212249360414893&pem=186&tmod=660&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=Qnp1a9L9FZ&p=https%3A//ezefidelity.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C90C 12 KB
5 KB 27ms
26ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUVBmKxlVBMrcrZUARpdd9wnowCvfrfl0fdQLne39dfA1gEUZmp37b4IHwX52AuD5NOKMf0EuZCZvWnbfo%2BUc8ohobsz6thFUkfoJFWmdchJRrn%2Fhsl78v0OrQDKM9jE2k6dHBEsC8oNTJXlnRjj7ZAt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c066ed6374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C90C 12 KB
6 KB 21ms
21ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame D482 12 KB
5 KB 22ms
22ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdqT4%2FzdQenFRgGxjNEhCsreqU6kRElzM3kQFg%2Bus41YMYnd4MiIfq%2BOOOQlBg41%2F0%2Byp0M4o0BgWXOBlz%2FiyxYc%2B%2Bmo5gt%2B67LecQhxjALFQDE3M61nM1JMBNI3r6FQg3cTnMuVy9Wy62g20glJ0fPq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c067eea374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame D482 12 KB
6 KB 23ms
22ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C3F2 2 KB
507 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 09:41:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:43 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 1C43 44 KB
44 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame D72F 12 KB
5 KB 24ms
23ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXJv7yKtqGnRC%2F2JEaH6KxfkGP2Th4cNGCjeS%2FHu7bUoPCsoL80B5XJlG8NXyBxnE8NIDxZ%2BlKNtl5gd3sZMrwlXMhdusD4ji0pMQWc40%2BC4hgXS2SJwWlcb%2BbSMrs2een46toyfebXvUu43lhWeKn%2FP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c06dfb9374e-MXP
expires: Tue, 06 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 11 KB
11 KB 13ms
13ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 14 KB
14 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 16 KB
16 KB 15ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 14 KB
14 KB 15ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1300968-300x300-nocrop.jpg&v=3&w=800&s=Fks0GgByoDHLMxygrUr_54Oy&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 1fced7afd1732666cdbba9cd73d6a047fb58204c135c2bd653febfaf13083af8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29648282
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13996
expires: Thu, 24 Nov 2022 15:02:46 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C90C 0
99 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=p81-EgCkmVX2188BfF0FXC8sjAQYf3QmO7XNHI7DJDCcWSRdUEvQC0PXG1W0t7-rOHjmG5PlPc9lF5Em9x2XkL9OkMc910woJXpI0b8Snvqa4shG3akKVwuTkOVd4NJTQNJo-SyPTKIurU5rWHl2uo_mV01gijZVejOgywqCtWh4-PZiLdqNfs-5JXkJslGO_KBi5k7hmNT5W4bcljgaMpqJCifJsAqxlYk3nwx561CJOS021AyGYO2H8wKpKXufl9Qjhmw3DDUeaRJ7&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C90C 2 KB
1 KB 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C90C 2 KB
1 KB 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D482 11 KB
11 KB 13ms
13ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D482 14 KB
14 KB 13ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=800
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D482 16 KB
16 KB 15ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=800
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D482 14 KB
14 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167098-300x300-nocrop.jpg&v=3&w=800&s=JnYhNss9lcDIOxXu7Ys7yysM&b=800
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 816bd4b9f0e55d7a94f6e5d61f7d9425ba221dfd977a7fa1ecfbf188a8bd7715

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29637306
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14108
expires: Thu, 24 Nov 2022 11:59:50 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame D482 0
99 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=hbdchgCkmVX2188BDP19RTGATLRhwGWk2S3ev3C353gS95_RmojnUKHzVv92v9K8FO9qRhdb6gk7JyCQCBiSnv3yFAxoXKt19qMbG3-3PShzlgK3koQoyi9K8gKc-us-MTrPxKrvt9-EX4v3rvS_J0QQSJXHmfWsemnOGCttvd16zG4fPucA_7BQjlI2TreppPrSKAGnQy_8DxseSuGQV7VVqQu-tcyT1ROq7F5ZhiXni3Rg9USIsF8gabchZAcypMxlYw&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame D482 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame D482 2 KB
1 KB 20ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 bc5d9888511b477f8bb2e25a5b427f52_museocyrl-300.woff
static.criteo.net/design/dt/ Frame F470 45 KB
45 KB 67ms
23ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/design/dt/bc5d9888511b477f8bb2e25a5b427f52_museocyrl-300.woff
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2fe96ef95f0ef87759dd5ee2cee663219fa46363e2fbe34aacf66cb0ff6e575a

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Thu, 28 Jun 2018 08:44:38 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b349ff6-b498"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 481598564da646f69bf741ec80763656_museocyrl-500.woff
static.criteo.net/design/dt/ Frame F470 45 KB
45 KB 110ms
68ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/design/dt/481598564da646f69bf741ec80763656_museocyrl-500.woff
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: f987b7beba9c09d83e550788b3dc5190d20c705f744fcedb14a541211b5db0ec

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Thu, 28 Jun 2018 08:44:38 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b349ff6-b5a0"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 1C43 46 KB
46 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame D72F 12 KB
6 KB 23ms
21ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D72F 11 KB
11 KB 13ms
13ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D72F 14 KB
14 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D72F 16 KB
16 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D72F 14 KB
14 KB 15ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167098-300x300-nocrop.jpg&v=3&w=800&s=JnYhNss9lcDIOxXu7Ys7yysM&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 816bd4b9f0e55d7a94f6e5d61f7d9425ba221dfd977a7fa1ecfbf188a8bd7715

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29637306
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14108
expires: Thu, 24 Nov 2022 11:59:50 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame D72F 0
99 B 15ms
14ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=sfS9swCkmVX2188B8zGe1rpXmIJ5fC3nCffFjUBNPRqlXgRrddiAU22cCAUT_Q3Cu9NOo8pkZ0b4amS6OcFiFYLhhjFIsy4huAHvPDxKoOb52oLQ1sDwQ9-Z3I2XZzq1GvY2_hp3xu66NVx1dLqBMGfLqRY8wVQQO3tYuUDYU_mi80hREhhK6PmTmhajTbUEzO_s_rEiZKYhA_SUtPWyH4bb8otEo1whayJLQvDmzDFoHGEduZ6k5ZpdwhYKrs3cB-4OBA&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame D72F 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame D72F 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame F470 12 KB
5 KB 27ms
25ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YCmQBqeVlsIWUss7Q9q4eG6LIrz1Kxc3f2k6PM8lojQJC0ktG5HcXED4RvvxJ6oGwCbClVEkRs7qTYfTai2AOiC3F77DngSrryexgBGzWrckoCJlAvk2UFwBV7njS5KJ5ivQAw8uzjnwJ1oRjqFxdjt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be78c0778c2374e-MXP
expires: Tue, 06 Dec 2022 11:24:44 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame C3F2 44 KB
44 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 11 KB
11 KB 13ms
13ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 14 KB
14 KB 14ms
14ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645675
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C90C 16 KB
16 KB 16ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2117811-300x300-nocrop.jpg&v=3&w=800&s=HyPSoslkks0BdCIYVNUDZ7rU&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADIl4K3uC0AADmGiul9d5pP8SH_vTPmw&u=%7CqUmyKzsPUamoSez1m8hd7vUCrZdfEIKsvomYwHPa2Vs%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkTMVdRq-plylhHk3ZKvJ_kNoDXXjSrvEZ3I8imvQ0N2_rerezcYXHiwXq5rUolOE3UcgyKqIaIsMH2DRJfxitE71IZELB6JJzFMSPJmUuNgBAnf1pXPQUCEbT0WPISE9RPmvX7daJOBgJaQS5bNtX6dmcYVzI-fnTdRNepmjwNXvL6b8WTNYwT5uwTlnjua5lM3yxQf2BH5GDVNkgj8FwJ7NGhsvTUOIDhZyEQBXH19qi8MRHFD1O9jynszrHqa7y3uKE8pQfAAibCKopzZXD3qgpeyoTn2OesYxrqUjEUSf3INhi2VLsMkNxhQZFtGhcGRn097CgzM8Hzn9yGNmJ-nVHl9ws4PwaZnXX_42RXxb5-0VgoSLvdVHYAbIsy6KM0c6jBKIGd2KoIqN600usvIDKCoy9UOibgYWsMBj54vWg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYqej-yG7Yd7EDLTB-waazIOwBcme0rFc9Z2Y93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAjqU4b9R77I-qAMBqgSXAk_QdI_4EPpR2HVlIM09E4HCZjK0xWHeKpxMPJXiDKvK1BB-H_WBLeJFjWqQQ4w8N9Eir5S0LCWlUlGsRx2Ikg-N1xOjvXJPLADjg6LgxvE1DuVEYDd-2iimxJC6mewGFWPQm51UaoetRgyojdAd_3Yk6TiVN7sFO_mEi9mokJocvp9erk3GwiIycRmTNewqt7fKPBS6Hptkbf01KRHRDMBw_2PCqIabOZHK7YL0tFmf-AFzVv3lVeJPtsvLgGRJSTgk2AnbI26sjSHT2e9su_GIGIyiwfZdS-m-PiYHunDEMJsZQ4m2fcbZm_gLQ6cvKuIVrhSMe5aDggnOhG--1_-AS5RLPo43_x7-eHuFTNUdkTU0bDA49oAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2iS8gYFnQmgualfp_uX7fzZfr1Cg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29923995
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16444
expires: Sun, 27 Nov 2022 19:37:59 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame F470 12 KB
6 KB 19ms
19ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/animejs/animejs.js
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 53 KB
53 KB 16ms
15ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F3018%2F190121%2F9a98aa01b7a0456da39698b324c26949_stardardcon.png&v=3&w=406&s=wsXe8mPtorTTET_756U49oSr
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: d35bd083aba352986f72135bbe4c532eb5fb8a7758d6425ada60ab296649ece5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28760495
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 53796
expires: Mon, 14 Nov 2022 08:26:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 23 KB
24 KB 24ms
23ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F16118463-qqRH58Ec.jpg&v=3&w=800&s=TVJWv8LiaZGd3N3r3Xfo2gR-&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 5ef652a3b19bea561705e1826b7ad337d9980bebdcc7124f2702402f68d671f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=583021
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23950
expires: Thu, 23 Dec 2021 05:21:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 354 B
590 B 17ms
16ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=400&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fbonprix%2Fstarrating%2Fstar_4.png&v=3&w=400&s=jBnWN17oJ5tiMqvOBZjs9kr3
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 193952b59c9a975154471a0ce405acdc8c3f6fa17b2414e818c14cee77f1d460

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28767401
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 354
expires: Mon, 14 Nov 2022 10:21:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 6 KB
7 KB 26ms
25ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F13085840-MjlL8PdS.jpg&v=3&w=800&s=Oqsgc6gCPcddYGm7S90Fm3xq&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e62215a8b18668200b7e34a9e8a5892889190b6ff5188075ef615f78e3d50bf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=502530
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6498
expires: Wed, 22 Dec 2021 07:00:14 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 18 KB
18 KB 16ms
15ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1547560712%2F19012592-fkA7k2MQ.jpg&v=3&w=800&s=VVt55xS8WIGYRfteTRIvW884&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 46a3b127ed762ec574c5a0c116bcd831a0d24f94cd5149e15e0aa297ee066b21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1582
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18150
expires: Thu, 16 Dec 2021 11:51:06 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 6 KB
6 KB 22ms
21ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1500897365%2F17182562-0pIcD6sb.jpg&v=3&w=800&s=oNVTaeJNq2a4AyKnots2Fnll&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: f0878964758cb68e1e144009ac7cd7a7e407499979b23e80ec41460458ee6bae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=592163
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5716
expires: Thu, 23 Dec 2021 07:54:07 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 18 KB
18 KB 26ms
26ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F21226816-5zjAc31c.jpg&v=3&w=800&s=oOzd_KuSWtn6Oa82aHCuDgKt&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 412b4db3f3b97302d1e81c9ae21bd0e63b916c1528c57d1ab6960bae7e9006c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=100953
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18010
expires: Fri, 17 Dec 2021 15:27:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 6 KB
6 KB 25ms
24ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F15141355-O4iKAMvX.jpg&v=3&w=800&s=QSeZ5fUbWo0RgCTGI3ylKJln&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 73fe9f31338923067061e3b8a96c49a3f868c85e2c1ac5ac6287c83016cab2c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=161730
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5754
expires: Sat, 18 Dec 2021 08:20:14 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 9 KB
9 KB 28ms
27ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1584447724%2F20073225-ZpWlOTj8.jpg&v=3&w=800&s=_MVyCgaQ-Fr7rdYDHWCYt57L&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 12797a27366fb46728bd5eb38c28bfd2d0f5aa88c17a94da5073a75ff8352489

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=4673
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9464
expires: Thu, 16 Dec 2021 12:42:36 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 5 KB
5 KB 26ms
25ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F20210240-SxPwmnnP.jpg&v=3&w=800&s=wLW5NvJVORs9FvnJizJceWre&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 14baad7f091e67dcbf39deb36c01af594d5ccc11dc593bb9b205fc318506d2e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=4622
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 4918
expires: Thu, 16 Dec 2021 12:41:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F470 10 KB
10 KB 25ms
25ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F20061371-h49dItax.jpg&v=3&w=800&s=Igsd1PKAzrx1vPnv8DbRMJ3P&b=400
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 59e5bf577b9cff1397cf44cfd0316d2a070a09e6deb141704228cc46d7b0153c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=155458
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10104
expires: Sat, 18 Dec 2021 06:35:42 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F470 0
99 B 20ms
20ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=QY2E3QCkmVX2188BXXsDaulmDUpU-G0GJMVQlWtQmOj6wbEwmhtAiEhiEVMlRec1KVQT72JFJDIqt5v56vJjsFJicOnBVw_gDGLyzLhoT_wmrg4luUP6OtEkYIHdSvr0a9Vc4eNYmvWNi4O4dEMEucvTWZ49o9A4lBpeWdos7a_ndQtmBcYwx5od5TEBwgjnp1fST8yPKYIt1ftUq44SBHB8aibKnuoBtmwAzAd15IATwZ7zReiWFW3v2AAsbEa7AThI0A&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame F470 2 KB
1 KB 20ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame F470 2 KB
1 KB 20ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/flash/icon/privacy.svg
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC4h8K0xIMAAtQDjQhh1H93h5CIwZG3Q&u=%7CqUmyKzsPUanD20p%2FzY1kcyTJ%2Ff04b1O9BnHKHw%2B%2B5fY%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog-VMXS_93xJeu5-iY-QkWK8Q9q5X6GOESc2Yrc4jBWxM4McjYGNiq8Izkxt1PFnMNmlhs--VVkOSMctVoVr48XXceLKYxdags8TFC2mSbu1hce0qduAxHsps3Kfk4FT9nCPx1b_nYeyGq1IW_d-YNyg4G81ckyZDX2WwiZMcr_c6EcGDduGTIZ-IlbAKmyuPdfPMsKw7gzpW1kvZl81FRRasDMEfcr7UDP5HwV86oMB1FTcWVF701e6jkwvvxqlqfedsOiyQ-n-v96eszSSdJXuNvXi7CJfEeDRGFpwlvAbBgt8wyGHf0FdUqF1DTMNMWNXd9QayqB6hL77tYU1ANDMaVqcDIrOHTWnRTOTbXTQNy-g05o_1WLfujAzKK6QTsKaS1QdE2h3NMCLhfeFtfK3-ar8ORjomLi3E8He2_d7KwgIW8EJU5m7LsZ95LuXAaw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC70Rf-yG7YZ_EC4ykzAaOoK3gBcme0rFczYbj1pMBwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQIe34noCP2yPqgDAaoEmAJP0BfUEFG37MbLMJDvkJn-zyLiehW-0ADdvRFj0OzxPPaVR6MQPG7WHPQdcZrffm0ET-l7DY3Qb9xJdGLPAfY_I82IWMXLdS7TefGvy_CzzjrYPhE5eB_O2KmY_6xix-vOwa1h2kKEJwekiCjt4ShAR6LnjoIiPV82AL2P0NROREwnhtec0noMFv_-9ZQvA2_j0q9knuffDXE1nWd4I1gVKgsXqERbF_QexOu7m7_vXC_JjqCyC3oxCYNotuIOsoE_3GOwPJpUA6ZUKioiHSXMCmIY4rXrYmp8hS6TlAUMbIAkL94LuycjlJFQkEwOe8C5wRtYwoXK83tnEGmvZ66FCO5GNpH9WC0zAs-y9cuX_ZbzFZo4hUjxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2kqLI9dtaERsnrOOz1CGRc30kqRg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:24:44 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame C3F2 46 KB
46 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C90C 2 KB
507 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:36:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:44 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D482 2 KB
507 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:25:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D482 11 KB
11 KB 18ms
18ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wADGnEK0xfkAAuYrJxlkrKSQbE5AQ8NNw&u=%7CqUmyKzsPUanHmwh8Os7bYTVWTYP09klHi0S%2Ff3gWc3o%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQzKkVf0aXcgVFQVCqzmG-Z8fsLE3HJ19smK9NkZ0qBANC3Oox1TTJ4gtqilazpb_Wz-cMzNBUttwkzo3BJgvX_n4VlULhiaW6U9eyK0GIUPuTzzMUZW8gLXLWSpTGmUVj-42KQTLi-oo8U-wx8pKBy-7OaeHhNYFvoQXmAPVH6w2RCkLHf8qKPY93i-D-RmNzW4lYwL09vuei-wr1RWgCYo6JTXWtcFobdQqYJvVOxJ08oXhBWlJGY9wvkKYl6ddmDKIHzssmAOgYf-xmfaNTNHO543iko66OjCuJ2fnIbedi7-dr3hI3wfD1_TB941DmvhrDEUnnCoQuJHnjJLZGdNJgWOGmASOGeC4UdQpL7CY8Rzx0__acXOwGMHotDyF-cay7w377c2sbxsd6h1OtqqWNT-z-LXgs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdYQO-yG7YfG0DOSvzAassa74Bsme0rFcvemV93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAoVze7oL77I-qAMBqgSXAk_Q60VLMQ_MiUavnFixUKcAZckpHnMRE4JKIohUsOp2uNyfTlbrWR5gDVeVbv23obb6mxeJ2Nz4XMjB0tJ75SOMJzMsxgI9b8bS2nE0c6E5ev0IBoaxKaiPisyC51vOSsRdkZNgU0Hg_DfwX7mMWs0QKXPrfaa1AXYvBwKA5RreVuIxRC-UtRMwLKrzeFnnYuSqnmgbRcQlvEQ2M5PADINvCds9TLJLoh1w_RxhY9UmZr9av_67DKJwmKa75ranpLSO8GmlCMk-xyo8-XnMxUULpMYoB0dUqPP_whcn2WSXNG0aTjoCJ2QP_rVjTkgaMrUKRtetXWw59JMtcs2YbWhXxky2FVUzK9fO1PgMfZzyXnOxQ6UaMYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1zW5tFNkX6CTLaYyyT5Si_KJkHSg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:43 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D72F 2 KB
507 B 31ms
25ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:43:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 11:24:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 11:24:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D72F 11 KB
11 KB 18ms
15ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-wAC_EoK0wQzAARSIl3VnJDVF71r35wopQ&u=%7CqUmyKzsPUammov6AOz8GxzSU1Mwd0ccQG42DLWuk%2Bt0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0oQxlHyl1Xog3ie-pmjdB1pKAfNl7GCQkQSlepy0o_SUPn4z37k7EiFYOzhEK3WgT4OgJLZXCSwTQZWKHA78ZGkHh5r0gb6df1vJA4ATDuAKMISzKSDYXIoe_Y8WBeZJzseiSD6MxTUTE_i1CxLP6vlu_sy4U9M9apjq9ZuraQKwV5hvd55LdTyyJlJ2Nm2oQ2uW4NJubcJ5-py5aasSqvfwFkaN97cgIm8Hf1OhYE-jGo3yvjKElxaxeSWvMD0ImdsY3n4pHQsPYPK220cMJYatLLbEI9dN-oSmNPKGseM5Wall2PcJQQFp-9wuXkZU7HnuDoEe7f8jiA7FsJfde0FZn06q1TtVQohr2yoL-2ebO2vYRYIuwLkt1fatb5n7rIJ3MEYi7nfZ1msqw1OpMj2MmszuLWtzfq06LF311tIkF7QgXjFeTPVsjxGRZs8gt4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCb4WU-yG7Ycr4C7OIzAaipJGABMme0rFczeGS93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMDc3MTYyNTI2NDU4OTc3OKAB1bbS6gPIAQmpAr6Gt4399rI-qAMBqgSXAk_QUzg4pX4nQTMv8ldu389qAhOWLTP0RGJ4zRZ9d89i__E8iZuGLsUZs3TuK1ssXpcmgfnfJK8QAIh2022TxYAn6KDmC8uEUHtP3SIjneM42tZi8Ldugzx-60HnteD1TR8u5OfdItB9yVakw4b6QL5pR-ng9_SeRoUQi9wlRN7b8XXtrAUAMgFd61p4z43R5buqp2FofCue8Pu9MwXdh7UieGcPTZlLXXVbFwKQ9KTKLN02cXV0FFCx8YsJQ37KcPklR8zPRMKDteB7dIwR-CW7yT-whAQUXrvUzX2iPiBncNqm5lCHlnLpy9PB_tOpQi6767YOyfgFm7oqaGCU78xxxCs_pWrAbAqmLdfM5-nbvJVdDV81soAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3U0P3a7uumRI4loEOtFJ9fICo7Fg%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29129933
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11345
expires: Fri, 18 Nov 2022 15:03:37 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame C90C 44 KB
44 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame C90C 46 KB
46 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame D482 44 KB
44 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame D482 46 KB
46 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame D72F 44 KB
44 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options: nosniff
age: 223647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 13 Dec 2022 21:17:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 37ms
23ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1070f8753962527cdd5f4bddb96b3e7248c5a0dc575f84d50904980bb9b9831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8512
x-xss-protection: 0

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame D72F 46 KB
46 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:03:04 GMT
x-content-type-options: nosniff
age: 163300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:03:04 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Thu, 16 Dec 2021 11:24:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1E40 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Thu, 16 Dec 2021 11:10:51 GMT
expires: Fri, 16 Dec 2022 11:10:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 833
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4B8E 783 B
534 B 18ms
17ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eadb2ef8a9519e155265a054435a83804fe89ccaa9f312140d43a7ba4ab18a4f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-p8R9MjLoKD2AhOKofiLT1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 16 Dec 2021 11:24:44 GMT
date: Thu, 16 Dec 2021 11:24:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-p8R9MjLoKD2AhOKofiLT1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E40 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 22:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 131487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 22:53:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4B8E 0
0 55ms
55ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=4212249360414893&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=4212249360414893&bg=!V1SlVBDNAAZKWFskSlg7ACkAdvg8WiWB4Oa3VhxqKFPlHcWgQMov6nYMzfMRuFawiK9q0qf2klWXZgIAAABUUgAAAAtoAQeZArXfi3FtLSZ8i1U29uaj_n1l4hTNpajrS6PH9xKOdt7D3UmP8ErTtkJTX95P2JzvXnfF9bxcsy50wvi-8gU9iNS3narlqD2gq7T3rVshn-VbOWDaiDzdQvriGIcDEhRNHguRtptmaowouWdmflzQMP-EtDwgd8ZUHapbQNVqbMwmjHJMEiaOhXDFqN3OyAP8z9NNFj7-WpCHQxahy3ZMKVQrm94vgZ-Sh2jvVPmdjXxSWEFW-q1OFhhHvCk2Ozs7l1OWJTbGEA_U4qX1IIqzYDCn9sthkALHdnsUNOz87WVvKqKwyiSwuCYd5GpTLHz_imtH_JqVex6W1uZnBqNxijsEMxYomMG-e22wUn1kByB39wzPSbdnwoh56ip6-yPpbjuq8P4Di3r31kH13NCr9V3iRYyPPEJ3ChpeJZH8bigKLg0iNZ9jlRmlUUdnmgQvVQWa_JnMzeRU6EXeWfPXp4ba_YxoGaYPJnQNIaunw2wVvzoARrVuBxkFm31l72U4Rhv3-kVavZvf7Vqdoz33h6VAcXzWWdMqVcnLNjQt1bXj-4LUttTN_V8sn617js-4oIg5CGWw455QfZZDL7a7Ui1ovkWSG6V6Y73W9m2pUg1oiZD82JS7b0tgm1xXLnpdQus3s_X3-gxv2WxPDXp1m7TqNvGaEXp5l8S2m1AcD-irTBxtUezEQTxGoGFZHMoa_dMoQZaEa00oNhz6efoHXblHY8hww6bd4BZyxy-tK4cNMOUUcb8XDgUD7ymUjxHQqAGSRymW8Y3L1uId2YpeXUmALs24-pI_2kvnmjVKnwjQ1m7tx308tf6CEPnHrWNeLMLj7e730rrLVWssbkqLznFzkCUV3yV_11XXuBBGMVGr0DtGYggjeSRrlyZwaKkLM6OT3K2i-svPxSCAMYCUQ6rFQWK3b7U

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ezefidelity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9FB9 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstKfExBpHsF3G2GCNZL6lJL3wnoMGOx60m1FQI9ZLrJ08_t9dpcMz0JWD3wt28IVOwpcjw2pz2xA5HV5xutPrEX&sig=Cg0ArKJSzPK4o6Pi7ocYEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=164,796,1000,1146,1351&tos=164,632,204,146,205&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639653883198&rpt=130&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 11:24:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 0CC8 0
99 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://csm.eu.criteo.net/all?cppv=3&cpp=_tczvQCkmVX2188BXsXmwslW780LwuFBNBKy9cCMJMpoSkf-JIuOwGIQ3j_1FnwuLmIy5Mx4vQPBD5bWcMAyuxguZhhOwRBmqoCBUkQOmQSdzkjEW0JJ7U1UPwSunHr8n35EuZOqavRCn-IqoBSFt6kbFqKoiziWrB1JagxWCvJvL_ZyJ3pFJGlR69dO_iug9c_huFcDcoU3Ee_gBzy9hy_1vSrsI23OAOAmgIeBXPakJtk5n1RmGJgXi8S-FMa3X5w3fA&sds=2&rev=79757.1&sendBeacon=true
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ybsh-gAOGWsGUIIxAAiEUFGCRNTzNPJ3ApI5bQ&u=%7CqUmyKzsPUak9Rk2vej%2F46JfOoQJItwBDFdf3bvj1pDc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM9SPP5Y8DX0qWBxDFQrW50AqJVi4vCcpGyLZBF2UQHumwtqv3elXB-C2vHI8QZHlrDIFWdUXNaq-_oyI_BwkRYZwBFMYEjUsa5xLERkQ3dvR-miYT7cCuA_gbiOvj_q5xpZ3e2bU2R0Nd9ANxsP9aVVBytSwJRHuKjrjVUasSC7BnRGzmY8Az0cZ2-emE4hOUH5w9A7RPAhXZTiuZuQDeagjG7Ux344gD3KiUwntm3eKMNlGffygNrHMzSCGRTVnMinry7CuPBXit0Z-uPIellVhwbiHQWIPXCqKKrqjvgGh7z9Z8V0vC6SCHRTCdL5HuShFFtpeuq4MMc_nizUMcIanVg2b0f3f-SU1epuOrpRbTQkInl5-4sMmuEZ6zmOPtYofXJ54C077bHb1HCkxeaLHS80e4a1CKAkj8YLTLutU-VPG7PYIffJSVg1wNJMOg-EHrFnrACOH29MhZFSX64Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDOkt-iG7YeuyOLGEwuIP0IiigAjJntKxXJXJlPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA3NzE2MjUyNjQ1ODk3NzigAdW20uoDyAEJqQKFc3u6C--yPqgDAaoEkgJP0BRqHcPpdoQlp7wqNZU1vUvASbgtbcWOz1qzagJbBr8ObPVZyYFSo1QdNMip5D1ZoFC97PPp3EMRmy91kw_5kKBvSm8KkF4Lf9Lc5eZdaFUoJSeCUgG7afdzrPx5-8gpaounM6Ryi8f3IeLZXUMMWXBnQytFk1coqCGnCBqZlwL2zVgOSmQbzdBxNBOMbkM1GAoFCF1gX4fU9Bk3c62xgJ9BQ4dJ1qdosLIqOVdWC1sMDpCjOWv-4Z3u0B1RjgoVZoxg8H4hhfN8OgYYqP8fMyNyvNzUNfGg_ilh6D8PzkuBgobt4egkwBsUsOAmyNout_FOkDSzipPkxAnMyXmwTMVRaH25CvicC-7RySYWY6SfgAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3rXvoqX5LGfN3m10dp5GeemFlkmQ%26client%3Dca-pub-0771625264589778%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 11:24:43 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 0CC8 14 KB
14 KB 14ms
13ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1182772-300x300-nocrop.jpg&v=3&w=800&s=3nx6-BCa0FpFQaVhAyf0wyqh&b=400
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: pix.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: 04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 11:24:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29645672
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 14122
expires: Thu, 24 Nov 2022 14:19:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ezefidelity.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 322a3a0f18b12879af6e43cc5c91f24b
.ezefidelity.com/	1970-01-20 16:58:45	Name: _ga Value: GA1.2.1587159289.1639653883
.ezefidelity.com/	1970-01-19 23:29:00	Name: _gid Value: GA1.2.1460021533.1639653883
.ezefidelity.com/	1970-01-19 23:27:33	Name: _gat_gtag_UA_69923469_3 Value: 1
.ezefidelity.com/	1970-01-20 08:49:09	Name: __gads Value: ID=561c54aa7bf473d1-224cfd4e07cd0087:T=1639653882:RT=1639653882:S=ALNI_Mbl7IngKkPW276xZrax65DYTG18Eg
.doubleclick.net/	1970-01-20 08:49:09	Name: IDE Value: AHWqTUk8BN-cN9eYQGPuJqne7WoGA24-xcTO6lScXOgo-hcEuVAohITSbc919h_RCUk
.quantserve.com/	1970-01-20 01:37:09	Name: d Value: EEABCQH8JIEA
.quantserve.com/	1970-01-20 08:57:48	Name: mc Value: 61bb21fb-a267a-4726e-f19e9
.pubmatic.com/	1970-01-19 23:29:00	Name: KTPCACOOKIE Value: YES
.casalemedia.com/	1970-01-20 08:13:09	Name: CMID Value: Ybsh.8PApY1B7-xZ2LJqlAAA
.casalemedia.com/	1970-01-20 01:37:09	Name: CMPS Value: 3232
.pubmatic.com/	1970-01-20 01:37:09	Name: KADUSERCOOKIE Value: 104E0DB3-502C-4240-82B0-03B3AF521217
.casalemedia.com/	1970-01-20 01:37:09	Name: CMPRO Value: 1117
.casalemedia.com/	1970-01-19 23:29:00	Name: CMST Value: Ybsh+2G7IfsA
.rlcdn.com/	1970-01-20 08:13:09	Name: rlas3 Value: mN9AYKUdXqegOVMZoQACkCDbkb7nj2R8ZlEPy6IeFTE=
.agkn.com/	1970-01-20 08:13:09	Name: ab Value: 0001%3Ar1LX7EuG%2FXwhlW54XLSAzSw2zEMmq0nq
.agkn.com/	1970-01-20 08:13:09	Name: u Value: C\|0CEApTd57KU3eewAAAAAAAQ13AQCAAQpAAAAAAA
.rlcdn.com/	1970-01-20 00:53:57	Name: pxrc Value: CPvD7I0GEgUI6AcQABIGCOndKhAA
.innovid.com/	1970-01-20 01:37:09	Name: uuid Value: 82d520b2-fa69-496e-8730-06bbd3b8d5ef-20211216 06:24:43

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_cver=1&google_gid=CAESEDOFqEutgvtvc3YIOUWWkSI&google_push=AYg5qPJwiwiEJMMzMfrwUYhjozx25zWF557ot5Ypbx8em_O4C0Eb90oJM0ujQbRSOYGfo7ayD5cUb3AX3GP55UYp38bbP8k-0p0kqA Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_gid=CAESEF21zR4cPos7yFnm-dXG5i4&google_cver=1&google_push=AYg5qPI4c4vI3vubfHE0-zyDIGMMp-U-L4r3cNSL4abGpSPNZ78lDA9iewTQMYZXi-ntK-8bglOsDSWo1BPlod988yj8Vk7y2UI Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPKblxbwn557X7s8kTJVbSkM-rjkU1lVTW9ftshuORag8xqlxRVgd9FIyRjrg9Py_-b6TaYdjgi0UMEE0GHZ1GvqXB64_MXm&google_cver=1&google_gid=CAESECGiep9hO8-umIyWW1xHwFE Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ybsh-8PApY1B7_xZ2LJqlAAABF0AAAIB&google_push=AYg5qPJldbkCsBFopyZhUDrLsD2XwYqcSTUW2YioSesAFBPSgQB1gzcwhypKePY3Di8zs-ciouxF3x0LmiNXCxQPCbM3LnWaR4Rn&google_cver=1&google_gid=CAESEMPGVyWqIhXd4fwlNVwTEqg Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
ag.innovid.com
c0.wp.com
cat.fr.eu.criteo.com
cdn.ampproject.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
csm.eu.criteo.net
d.agkn.com
ezefidelity.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.everesttech.net
pixel.rubiconproject.com
pixel.wp.com
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
rtb.openx.net
static.criteo.net
stats.wp.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.techrepublic.com
www.windowscentral.com
cm.g.doubleclick.net
142.250.184.194
142.250.185.130
178.250.0.160
178.250.0.162
178.250.2.135
18.196.159.27
185.64.190.78
192.0.76.3
192.0.77.37
198.54.119.222
2606:4700::6810:135e
2606:4700::6812:bd37
2620:116:800d:21:fcb8:22d2:d390:5f1b
2a00:1450:4001:803::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:811::2008
2a00:1450:4001:812::200a
2a00:1450:4001:812::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:829::2002
2a00:1450:4001:830::2003
2a02:2638:1::2
2a02:2638:1::3
2a02:2638::18
2a02:2638::2
2a04:4e42:4c::666
2a05:d01c:1d8:8100:f72f:72e8:49ba:7270
34.202.255.214
34.98.67.61
35.227.252.103
35.244.174.68
69.173.144.165
79.137.69.120
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04aa88e5944dfae3911e3c36d683d7b9020a5c102a0a75218fc3ab2d3cf363a9
089822305b9af8e8bf8797060fa68e6d18068b4fd7e8938f30b125ab6f61a2b9
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc033a256662cdb5eca9ac2d3268f55d71fbb671fa100ae8b28432db5485041
0cc0ffe953e6c1cc392636121f01fdb0631bbf89cbdd1509b731df85edcbf0fd
10d1508cbe47bee0eb03b9dea53696c0d21596e27b748a3a449348772f6cc8f7
12797a27366fb46728bd5eb38c28bfd2d0f5aa88c17a94da5073a75ff8352489
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
14baad7f091e67dcbf39deb36c01af594d5ccc11dc593bb9b205fc318506d2e4
17e86871bfd30a1321cf31c44382901c229b1b1cc650290116030c395b85ff9e
187b9ea0fb35653d2871180c4527d0956223e3de4efcfd529772c89e3653e5d3
193952b59c9a975154471a0ce405acdc8c3f6fa17b2414e818c14cee77f1d460
1e78d1657dcf126646e7434b8e17a66064c4680a8cf3bbb147c2dd4d1887194a
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
1fced7afd1732666cdbba9cd73d6a047fb58204c135c2bd653febfaf13083af8
2256c9e5605323f852f232fd6819a02cf2cac3e04c84299e19efe83037fd8cda
2381baaeba6a84dfa9123f08eaf1630063db5244949ca0ad5138728fa5f75990
26dcf17454b959fbd89863812109a63aa0fe82906d00ef23ca2a808ba70cc5b1
282c618736bf8e467273d46332d7fcbbcbf8721a1bd2967f8cd7b410cae1e777
2a4e9b3f33edb851ba930430bdbf317a3b95e0974763617d68ec0b555a3bb8fe
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2fe96ef95f0ef87759dd5ee2cee663219fa46363e2fbe34aacf66cb0ff6e575a
3020fdf86f2bf73af3dce2315d5374163d1b8bd70bb6bfcfb6d4438fbe516a11
339b42022a5c5d1a8d7c38b8858b47de06456939204b7481d685d84ad094da08
33bd49d31f23be1a33218dc480ad8e4eee1a41df9609e809a5651761be3e72db
35b2d1ac247f3a17e699b2de2e3d56840a7e6a0ae84cd7d3e03be275e55e26b1
35c013f7b44dec194fda7044e8cd74fd39a03a400feba0909d5bec3c9fb5b220
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
3fc97c6e3a910c12bae0602d1e2acd052e9b0d56f98def83c9b34bf080310202
4122023e5f7e22cd0d2dc7bb99cf441cb2ba32b7b3b1b6dbc6cf23e1afe7c699
412b4db3f3b97302d1e81c9ae21bd0e63b916c1528c57d1ab6960bae7e9006c6
46a3b127ed762ec574c5a0c116bcd831a0d24f94cd5149e15e0aa297ee066b21
4af950d27d1ca08f7edf1e344722c92459fdf4adc55085514df27ad58fe0809e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51c61b7e589ad7e53e07bfaeb90ac973ec367a23af7a698bbad05e224c82d05e
521da0a3a59fade0e5bc9241c5163d672d4c07ed8feec80170e50e71f18009f3
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
597e9604e744b7ca996a225bce1817ad4ad5b55d91783c995e0eacef31854aa2
59e5bf577b9cff1397cf44cfd0316d2a070a09e6deb141704228cc46d7b0153c
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4cb13f2b91e120b58f1f06a4428ffd5dfdd8546f5a33c9f50cae5028d382ec
5ef652a3b19bea561705e1826b7ad337d9980bebdcc7124f2702402f68d671f3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
645485015c5d8228f3ef262fbdf0f17d98c611572362df016aa987401acdee4e
694cfd86ac8babc3f9b358b923c3f5f8c01724351c8ad5728fb2b003ce06edf4
6a2d424a714c60a7141468427b1f40b60e835b1a43c0badab18e4247cba866b5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73e6eeb1e762e297c0eded9f282d989c700deaa7d31ec394a4c2e50cdab1a51e
73fe9f31338923067061e3b8a96c49a3f868c85e2c1ac5ac6287c83016cab2c1
751d75ad2c75da5674b0852be686d2dc295818bd2f57c030bbb6a54ade358618
7d68537350caf99cf662d54a822805337ba0dcb6f058e40389f0682825ca9697
7e2c1f4edcaa8cbe57dcf89bdea86fcac3f488e9e7fdc2f6620e828b5661c344
816bd4b9f0e55d7a94f6e5d61f7d9425ba221dfd977a7fa1ecfbf188a8bd7715
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
84d88022fbcb7a9beb224ef558f20f0258bb4e4bca65dbf68aa1d3b9eac6ae66
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f39ecfebd496c8e44a03b27bb3f3e83bf00d05242a808c8fbc92a27d9669054
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
9746861fb6cfe5d016dea6f9bfb08d51dd639fb97e39a21e867898ff564cad27
9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d
9d3a2bc52d73a4558b1e56460cd42d0cd42633fb52301767ad6a0736c6a9d697
9d802fa9c0c6b720f6d7980662dd39b38e775391a730b12274c7aea9bfd0c366
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6e9c02837fc4e15d5f6940b514eb5c52f7a752cdbb05862097e7239ad7366a3
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
abe726620852054617d4736bf3185fb49206c41537f9ca6e180e009274ab8f13
abffe09b58ed17f9265423a94c62c8358e162f23fdb33ecf5081e2852470ab37
b27e9bf03959bcad17ed4fe96bd4233a8ffa6333b90f46d51dd3f1c3524cdd89
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b82fd226fb0a5ddc09cccc5097e5e8c2c220292b044d78cda63af49fe52f4448
b933c5d018434e06e8e8f11e07f2d19e1e82eb9b1e8fdb98cb1433caf6abbfc7
bb23e5b0f3e4347d7093695914fab0874f9c8c8afa2327209ce503ad9a64b88e
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bec997154c405b3f9ea3f37a76cac6c00e9c8a6fc8ce2f4ccfe2f3dc0507b350
c097810c5c2818c403e04fffc03a639cde42bdecb0c53323119cd7f77f8394fa
c4f0169306cf4318c3296c554e93fa8fb97cacb92f0b62369610f9b29c6e28af
c8c33caa7c2d0c89e307766f9e6f3a9624a5215124210fb4aba71e1cec1d9084
ca186ea77c12b004d27c0881733d5fba3cbd82da38793cbbf58132aea231a813
caacfc6a3602fe9a189a4bd15792c4bed2fce634c04716f515e6c07cda07315a
d1070f8753962527cdd5f4bddb96b3e7248c5a0dc575f84d50904980bb9b9831
d35bd083aba352986f72135bbe4c532eb5fb8a7758d6425ada60ab296649ece5
d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e534f1a4ecb06e9095f432f5c33564dbfdc68ff9074e3b2564888c5d2389f383
e62215a8b18668200b7e34a9e8a5892889190b6ff5188075ef615f78e3d50bf2
eadb2ef8a9519e155265a054435a83804fe89ccaa9f312140d43a7ba4ab18a4f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0878964758cb68e1e144009ac7cd7a7e407499979b23e80ec41460458ee6bae
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f987b7beba9c09d83e550788b3dc5190d20c705f744fcedb14a541211b5db0ec
fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

ezefidelity.com Open in urlscan Pro 198.54.119.222 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

325 Requests

93 %HTTPS

54 %IPv6

28 Domains

38 Subdomains

31 IPs

4 Countries

3263 kBTransfer

6512 kBSize

19 Cookies

0 Outgoing links

Redirected requests

325 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ezefidelity.com Open in urlscan Pro
198.54.119.222 Public Scan

Screenshot
Live screenshot

Full Image

325
Requests

93 %
HTTPS

54 %
IPv6

28
Domains

38
Subdomains

31
IPs

4
Countries

3263 kB
Transfer

6512 kB
Size

19
Cookies

325 HTTP transactions
11 data transactions