www.edocr.com Open in urlscan Pro
52.1.53.182 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Submission: On July 21 via manual (July 21st 2022, 8:35:50 am UTC) from IN — Scanned from DE

Summary HTTP 98 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 11 domains to perform 98 HTTP transactions. The main IP is 52.1.53.182, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.edocr.com.
TLS certificate: Issued by Amazon on April 13th 2022. Valid for: a year.

This is the only time www.edocr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	52.1.53.182 52.1.53.182	14618 (AMAZON-AES) (AMAZON-AES)
10	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
21	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2600:9000:223... 2600:9000:223c:4600:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
3	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
98	19

14 52.1.53.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-53-182.compute-1.amazonaws.com

www.edocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223c:4600:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	criteo.net static.criteo.net — Cisco Umbrella Rank: 615 pix.eu.criteo.net — Cisco Umbrella Rank: 7179 csm.eu.criteo.net — Cisco Umbrella Rank: 7348	91 KB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 tpc.googlesyndication.com — Cisco Umbrella Rank: 159	237 KB
14	edocr.com www.edocr.com	848 KB
9	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 13433 ads.eu.criteo.com — Cisco Umbrella Rank: 7319 rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11035 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9222	172 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 56	33 KB
3	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1409	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 181	127 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 96 www.google.com — Cisco Umbrella Rank: 10	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8252	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 873	642 B
98	11

	Domain	Requested by
21	static.criteo.net	ads.eu.criteo.com
14	www.edocr.com	www.edocr.com
10	pagead2.googlesyndication.com	www.edocr.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
9	pix.eu.criteo.net	ads.eu.criteo.com
9	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	csm.eu.criteo.net	ads.eu.criteo.com
3	cat.fr.eu.criteo.com	ads.eu.criteo.com
3	secure-gl.imrworldwide.com	ads.eu.criteo.com
3	ads.eu.criteo.com	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net
2	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
2	www.google-analytics.com	www.edocr.com www.google-analytics.com
1	www.google.com	tpc.googlesyndication.com
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
98	18

This site contains no links.

Subject Issuer	Validity	Valid
edocr.com Amazon	`2022-04-13` - `2023-05-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-18` - `2022-08-13`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-27` - `2022-08-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-22` - `2022-08-24`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-12` - `2022-09-12`	3 months	crt.sh

This page contains 11 frames:

Primary Page: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Frame ID: 52EBC657B791F036870172A4DF7B4033
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220719/r20190131/zrt_lookup.html
Frame ID: B96D4CCA45F6221A5426AB7EE005849E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=8628223775&adk=2306401753&adf=1981261236&pi=t.ma~as.8628223775&w=350&lmt=1658392545&psa=0&format=350x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544966&bpp=5&bdt=1262&idt=236&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&correlator=1336665230993&frm=20&pv=2&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-975&ady=474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CaeE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ssKpTjRGXm&p=https%3A//www.edocr.com&dtd=250
Frame ID: C3679CC90D19D9B8E60F75BB57DD0B71
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=3095482696&pi=t.ma~as.3952982610&w=120&lmt=1658392545&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544971&bpp=1&bdt=1268&idt=253&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EJgzEHWqhZ&p=https%3A//www.edocr.com&dtd=268
Frame ID: C72BC2643260D8EC755C8B9E45F80528
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=485626509&pi=t.ma~as.4103433139&w=300&lmt=1658392545&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544972&bpp=1&bdt=1268&idt=270&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=SpYrjYyw2o&p=https%3A//www.edocr.com&dtd=276
Frame ID: 4D2910D97AF4E2EC84E8A5834EAA32EE
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&adk=1812271804&adf=3025194257&lmt=1658392545&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392545005&bpp=1&bdt=1302&idt=247&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600%2C300x250&nras=1&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=253
Frame ID: 00179CAC77AB11B45BAD8C8676A3F4F2
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFKH4H_YuJAAjn7IkBAkPyBBb7MwjT0Q&u=%7COqM%2BtGRZEQ0ZJioQaWibYcVKh1ZTS2etO2eGBkGwjoA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3WrilV7g6-aZQTlXHRuv6FNPXSHXb5ZNxIRfF07MPTPocTB-EybrhDEw3_BPhdQPkoaeN2m6CeCr_9C3bPb7V92CMzCdwILNvP6Rx2uiZ3POtfcpXtmXkV0ReHJbinTXVtVCsNP3QX_XSz3uVg-I4eWPXJMvw0daqL5wBuxfjJgf2lxttkvhZDpzC6zbuHG1JQ-KjN_MhUgitzFW-53AjwSffE4AYKlLEfBG3O7lt82CrcSJpY0zrUNm8iNd9kgYfYeNxoTF6f5xaJlXZqAfpq_ehUl5MJf4qLdavYHSGVLi0kZEy_vfOu-ZyiJly33jJa8JrZ2CbYOOABRghlV5_R_z-y0qK7nq8fr3FLwabnwc_l_MK0YoZRo5uI0Jf0BW5QwkEdauoByltA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKrQh4Q_ZYv7QFImX9u8P7M-j0A3JntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDGgAdW20uoDyAEJqQJNaAUPoiCxPqgDAaoEhAJP0A8OiKD9uMKCzCnx3kAxkf2s5oyYpmBZDyiUlM3TtIcNVhfQ8_eb2tTjjulKLX-9xNFbb4yCwfdUm67smNAyn0AxmssB5mOfPnkZRzg4InrrVDI1-hPzOPvSFSlLsesVclYYvjqGmnbl8xv7t_uEpg14owiT4kGQaLJOmSsoesR6so3fQ2wvhwBrjgZCLW2s6y2dX4D229bLWLksw7nmrhLXyUgUXZcL57kABhgLvfzEoWWQavC45OvhskPjKGZ-DJ8TLnEeP_T5bz_FkrsJKJ0xxYDsPfSsmzEd8zpi_2Snwu5KpW31dJXjyEUrL1ULMQaZfFvSeM0BWTFCS_BMeySRoIAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2vDfBkTpGpl75BVGPryi3oz8ctxw%26client%3Dca-pub-6933461940627641%26adurl%3D
Frame ID: 7DF54F7071C44150E027D69FE34D299A
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 321F2DC67DD036853B19AF17921C2EDB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6EE65DBBF6A2FCFDE26B1B761C4E080C
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFcscKm5yBAAI7QKf0pRXCcEI5JnkXng&u=%7COqM%2BtGRZEQ3WrEi30lhVgfgnkSUnrnhClV3ZXzppfJw%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3Wrj05BpyXHYl7KqzQfMIp-BWB5k1PMunE6cb61tn-vVAYdNMzkCv3qO37Sf5pNkoMQ0rAlCUWIac7oSlJaK64XaGadVZlTb-dnPL6VU13JTIR-zslEsi0bb_r1GLH4lwOKcUNtgl_E6kh3N2QWv9pCscIuFPqctpvkrHmhTRoJeXtEuBilVwC7cJ3O-6iU7WXy0cuPhhgAi9yCgbAiZFINpbS1RUJq7hl2KGNjP9Wao9atMUvQryNRxZ5JvTwTsbyWHC1XXvOxvMEWO5MQIHmIx5d1s2a8dMNUnfim_PPOgBF7wKaB2efHZ1ZCegMLGdJ9L4OQE-BQ5hXPzLCrses3QqDg8w1inm7snMzRLknCB4h7tPD7Ps9exZPxMSar315J-yuoNii6cQU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuCCV4Q_ZYsflFYG57gTA9ojQDMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QE4gFxHqcPT6xrGFv-Y3UjPQ9qZrRLu3ExiuJVur0rVghS3UEOCxbwK7htah8PsXFN8z1HLs2-2mr3RVB5Tf5CpzOXT0ddC8oCXd8jBBONQlE_wtkSj3DtnGsMRJAa9tHr1uoUGscnoWtCTSppFnSnlYOZRH_ZTD31xbPwYq_Jb_fMEuuDYyvuKp9OVfvzkWuveVbBEkOJi9ddK5-_I5FVL2WXLTA4qb7Hs9Ese4YkeSFyMMEaxpQUGuz-n89RfHb-__n_rHZxSc9_28-Z4s7Om7nUM4VrnMOxex3IVNMtyojbQlvL-4zPEZMbhJi7O2rSQ1MLGPH0yLKrbz0gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1jenIROT7kpS5DB0xA1XgoNFk_Ug%26client%3Dca-pub-6933461940627641%26adurl%3D
Frame ID: A84F20E78542F72C71B076D206CF9711
Requests: 19 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFWiQKmqxoAApDzhEz5xzD_LSMeSWhOQ&u=%7COqM%2BtGRZEQ2tdlal0sQgazHN21T%2F9KtwFxsNhd1TTSg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUxwJ3f9OiGqxsikMzxb_t2rmW80QPib3I9MXt_0yTGwpf5h1DMPj7JZG3ONVsYub2crcwa9SEKiJICQnnzhUPc5A8Y2YB11_J2XclfPLZ1Tqk3waGDbirIW8DjwrpW5z7KYQJQ_6Ga4ql0EOrfjmqKTAydtZ5N_Yt7eUKGjSAbxQl2OOddJ-k4E1r4gHz-koCZP_y4IkJAviGXIUq_Z8vFsi9vTaVqE-m4Aka0-Rv2f-Q60T__2FNNXFRnE_iK2I72_ebuEAVOWTL1k2laTiapYyB0-FyOYWzC5EC7-Q4-mlOVUmAS8HaEwXDYE7WBEgaxl5ily9qSt0zFMljE4cW4CqyVxX_RwZc9BTt51wjN2baYTgsssGaqJ401Qu2KySynykWjDoHNAlYzhRVt6dMEGd74_O2Vnhy2eHLe9vT0y1YRkmk_nlCE0SSS45Pa-4I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEMhl4Q_ZYqS0FejY6gTOh6mYB8me0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QbeYgo_LgJkIuMgauiuVyczAxaPB33sytzM1wmk2zX-YCevd7R15rcDitd0CUhZ_oSD8brUGicBN7oNQL81J6WZEgEiC3vvHrWwRHzBi5FjWyFuUu8pzCVKkXU_BD5WbV10Di7cPuDiVkGEd05kfGfhTbn1x7PgUg3Gm2Wux3zofygCTZJX01UkziuqRRxk9k356dWfr_nu00m9fy1sxTEF2CTEitg7YFwYTxU-HlTre0s3z42f5Le1L4GnK6_8KKIlhTXYJXjSsMEqH44M7CHp0d-ewzdvS5jLuM_vAi-YIrtVFgsB-dFI4y8kythWUJPes4fhku2nKR82hEgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2NT9Yde3hwhKxl9cEzalZjLHAfqA%26client%3Dca-pub-6933461940627641%26adurl%3D
Frame ID: D489B7D0CB669C45072DFF79215CF4D0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fix QuickBooks Payroll Tax Table Update Error PS036( 21-07-2022) 99999349, AKSKWKS, 535352525, WEEIWIW, | edocr

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

98
Requests

100 %
HTTPS

72 %
IPv6

11
Domains

18
Subdomains

19
IPs

3
Countries

1561 kB
Transfer

4746 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

98 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request fix-quickbooks-payroll-tax-table-update-error-ps03 Show response
www.edocr.com/v/9jboaxw9/BigXperts/ 7 KB
2 KB 481ms
173ms Document
text/html 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

/ Express

Resource Hash

74b0d456947efd30670e3e82b0bb5b545da2022429cb218095d1c9e4a45989c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Security-Policy: frame-ancestors 'none'
Referrer-Policy: origin-when-cross-origin
X-Content-Type-Options: nosniff
build-number: 2669
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 21 Jul 2022 08:35:43 GMT
etag: W/"1b49-9WCo3RPT+6JbFRlTZXPWI/7AalM"
strict-transport-security: max-age=31536000; includeSubDomains; preload
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: Express

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 171ms
77ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0e446e63aed7f260a003e9f1477be39196b43fbf341c4910e1a4e86ead6a1f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56690
x-xss-protection: 0
server: cafe
etag: 18396472250520512570
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 21 Jul 2022 08:35:43 GMT

GET
H/1.1 200
OK main.00f291007fc7948c83c0.css
www.edocr.com/v/static/ 2 KB
1 KB 137ms
136ms Stylesheet
text/css 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/static/main.00f291007fc7948c83c0.css

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

/ Express

Resource Hash

65e4e63638e9c69fe634cc25b595b20afe3e704f5eb8adf36a551e3c23a12ecf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'none'
content-encoding: gzip
etag: W/"814-1821d752240"
x-powered-by: Express
transfer-encoding: chunked
Connection: keep-alive
Referrer-Policy: origin-when-cross-origin
last-modified: Wed, 20 Jul 2022 21:13:12 GMT
date: Thu, 21 Jul 2022 08:35:43 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
X-Content-Type-Options: nosniff
build-number: 2669

GET
H/1.1 200
OK bundle.js Show response
www.edocr.com/v/static/ 2 MB
608 KB 252ms
110ms Script
application/javascript 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/v/static/bundle.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

/ Express

Resource Hash

be2809d7c26098cde3d07112c0fff0fba627e01ec9cff26781c717dfb515fa7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'none'
content-encoding: gzip
etag: W/"22bd39-1821d8cb7fb"
x-powered-by: Express
transfer-encoding: chunked
Connection: keep-alive
Referrer-Policy: origin-when-cross-origin
last-modified: Wed, 20 Jul 2022 21:38:57 GMT
date: Thu, 21 Jul 2022 08:35:43 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
X-Content-Type-Options: nosniff
build-number: 2669

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 100ms
29ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5386
date: Thu, 21 Jul 2022 07:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 21 Jul 2022 09:05:57 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 37ms
36ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2121609870&t=pageview&_s=1&dl=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&ul=en-us&de=UTF-8&dt=Fix%20QuickBooks%20Payroll%20Tax%20Table%20Update%20Error%20PS036(%2021-07-2022)%2099999349%2C%20AKSKWKS%2C%20535352525%2C%20WEEIWIW%2C%20%7C%20edocr&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1172789842&gjid=1647062451&cid=794975046.1658392544&tid=UA-160144-46&_gid=373447245.1658392544&_r=1&_slc=1&z=1304930487

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.edocr.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.edocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220719/r20190131/ Frame B96D 10 KB
5 KB 121ms
39ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220719/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31787
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 23:45:57 GMT
etag: 8616628553774171045
expires: Wed, 03 Aug 2022 23:45:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK 9jboaxw9 Show response
www.edocr.com/api-user/viewingSession/ 3 KB
2 KB 200ms
199ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/api-user/viewingSession/9jboaxw9?isEmbed=false

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

Resource Hash

8d0ed652a9b49031aecebacdcbde21eec36aa96e9c1949bf77c1c013b9574c29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'none'
content-encoding: gzip
Referrer-Policy: origin-when-cross-origin
etag: W/"c76-S5F0dWX/9PLTBnXsoJ6xQOZ/TVw"
transfer-encoding: chunked
content-type: application/json; charset=utf-8
access-control-allow-origin: *
Connection: keep-alive
date: Thu, 21 Jul 2022 08:35:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
X-Content-Type-Options: nosniff
build-number: 2669

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207180101/ 338 KB
119 KB 141ms
68ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6933461940627641&plah=www.edocr.com&bust=31068534

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c15369d1a5748064a4a61379be72a29d031f0005a98ae402a64849f24a7afa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121831
x-xss-protection: 0
server: cafe
etag: 12919114315626034546
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 21 Jul 2022 08:35:45 GMT

GET
H/1.1 200
OK restrictions Show response
www.edocr.com/pas/v2/ViewingSessions/1j42ZdrFl5Xwe6Xu5WUCKQ/ 226 B
715 B 333ms
332ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/v2/ViewingSessions/1j42ZdrFl5Xwe6Xu5WUCKQ/restrictions

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b1ba9fa4ad8fdf667f000a62ef0aebcd3b169d9e70a0e7079072471016139c68

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Gid: CqfWLhPUU03ByH2aNb6Hpw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json
Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

Content-Security-Policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
Referrer-Policy: origin-when-cross-origin
server: nginx
date: Thu, 21 Jul 2022 08:35:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: *
build-number: 2669

GET
H/1.1 200
OK 0 Show response
www.edocr.com/pas/Page/q/ 99 KB
64 KB 403ms
403ms XHR
image/svg+xml 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Page/q/0?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ&Scale=1&ContentType=svgb

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f340a9066786375cd529dca01211845255527af2eb415e3a2f67770afe4e59c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Gid: 0QDv6WjDLPdGdPHfFrQmSA
accept-language: de-DE,de;q=0.9
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b8657baaa6b95a17c934001c3338f3cdff05bf8ce67ffe25c3b7ab53cd580241

Request headers

Referer
Origin: https://www.edocr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 213 B
642 B 163ms
46ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.edocr.com&callback=_gfp_s_&client=ca-pub-6933461940627641

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6933461940627641&plah=www.edocr.com&bust=31068534

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

8a36eee908720292125b730b9af7742b425dbf7a1a98d441aa365442dc02861b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 168ms
46ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.edocr.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 152ms
46ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.edocr.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C367 22 KB
9 KB 256ms
173ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=8628223775&adk=2306401753&adf=1981261236&pi=t.ma~as.8628223775&w=350&lmt=1658392545&psa=0&format=350x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544966&bpp=5&bdt=1262&idt=236&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&correlator=1336665230993&frm=20&pv=2&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-975&ady=474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CaeE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ssKpTjRGXm&p=https%3A//www.edocr.com&dtd=250

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2afc356dde206a3dd70b4d3928f9a97e99553e4cbc2c547436a48c03a7e194b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9568
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 137ms
55ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220719&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ef869cd58e508708332a1b1f58963eaa344e2b1aff1fcd84473956196b7c6d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10969
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C72B 22 KB
9 KB 474ms
406ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=3095482696&pi=t.ma~as.3952982610&w=120&lmt=1658392545&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544971&bpp=1&bdt=1268&idt=253&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EJgzEHWqhZ&p=https%3A//www.edocr.com&dtd=268

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb58ccdee8997078799e15f1a9b17770f5ac5507e1f68921759748d3230054ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9567
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4D29 22 KB
9 KB 337ms
277ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=485626509&pi=t.ma~as.4103433139&w=300&lmt=1658392545&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544972&bpp=1&bdt=1268&idt=270&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=SpYrjYyw2o&p=https%3A//www.edocr.com&dtd=276

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

433476986d0c96368126d839b1125ca7e9ef44c4b9002719dbddf9388304484b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9551
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 80ms
79ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 80ms
80ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&tn=HEADER&cls=MuiPaper-root%20MuiAppBar-root%20MuiAppBar-positionFixed%20MuiAppBar-colorPrimary%20jss2%20mui-fixed%20MuiPaper-elevation4&ign=false&pw=1600&ph=1200&x=0&y=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0017 0
19 B 102ms
48ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&adk=1812271804&adf=3025194257&lmt=1658392545&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392545005&bpp=1&bdt=1302&idt=247&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600%2C300x250&nras=1&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=253

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 153ms
52ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 08:35:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame C367 3 KB
1 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=8628223775&adk=2306401753&adf=1981261236&pi=t.ma~as.8628223775&w=350&lmt=1658392545&psa=0&format=350x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544966&bpp=5&bdt=1262&idt=236&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&correlator=1336665230993&frm=20&pv=2&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-975&ady=474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CaeE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ssKpTjRGXm&p=https%3A//www.edocr.com&dtd=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:33:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 08:33:57 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C367 137 KB
43 KB 154ms
57ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 08:35:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame C367 17 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 07:36:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3559
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 07:36:26 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C367 0
0 87ms
86ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CtTrM4Q_ZYv7QFImX9u8P7M-j0A3JntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDGgAdW20uoDyAEJqQJNaAUPoiCxPqgDAaoEgQJP0A8OiKD9uMKCzCnx3kAxkf2s5oyYpmBZDyiUlM3TtIcNVhfQ8_eb2tTjjulKLX-9xNFbb4yCwfdUm67smNAyn0AxmssB5mOfPnkZRzg4InrrVDI1-hPzOPvSFSlLsesVclYYvjqGmnbl8xv7t_uEpg14owiT4kGQaLJOmSsoesR6so3fQ2wvhwBrjgZCLW2s6y2dX4D229bLWLksw7nmrhLXyUgUXZcL57kABhgLvfzEoWWQavC45OvhskPjKGZ-DJ8TLnEeP_T5bz_FkrsJKJ0xxYDsPfSsmzFf8RvweOs70VHWsc4lSTMbwVEhmV8lKYQttGZ0inIfdSnH4XRfxIAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02OTMzNDYxOTQwNjI3NjQxGAA&sigh=01_N46juOyw&uach_m=[UACH]&cid=CAQSGwCNIrLMsiZr3hDAA5iIdcIQT6yQVfFkozqBDxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=8628223775&adk=2306401753&adf=1981261236&pi=t.ma~as.8628223775&w=350&lmt=1658392545&psa=0&format=350x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544966&bpp=5&bdt=1262&idt=236&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&correlator=1336665230993&frm=20&pv=2&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-975&ady=474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CaeE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ssKpTjRGXm&p=https%3A//www.edocr.com&dtd=250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 21 Jul 2022 08:35:45 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame C367 0
0 737ms
15ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RN4C-gGdg2ICAgAAANwchWFcqm2NEOAP2WKP0kTaFTx-ZU8NGQASAAA&wp=YtkP4QAFKH4H_YuJAAjn7IkBAkPyBBb7MwjT0Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
server: Kestrel
server-processing-duration-in-ticks: 279182
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 7DF5 175 KB
55 KB 184ms
144ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFKH4H_YuJAAjn7IkBAkPyBBb7MwjT0Q&u=%7COqM%2BtGRZEQ0ZJioQaWibYcVKh1ZTS2etO2eGBkGwjoA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3WrilV7g6-aZQTlXHRuv6FNPXSHXb5ZNxIRfF07MPTPocTB-EybrhDEw3_BPhdQPkoaeN2m6CeCr_9C3bPb7V92CMzCdwILNvP6Rx2uiZ3POtfcpXtmXkV0ReHJbinTXVtVCsNP3QX_XSz3uVg-I4eWPXJMvw0daqL5wBuxfjJgf2lxttkvhZDpzC6zbuHG1JQ-KjN_MhUgitzFW-53AjwSffE4AYKlLEfBG3O7lt82CrcSJpY0zrUNm8iNd9kgYfYeNxoTF6f5xaJlXZqAfpq_ehUl5MJf4qLdavYHSGVLi0kZEy_vfOu-ZyiJly33jJa8JrZ2CbYOOABRghlV5_R_z-y0qK7nq8fr3FLwabnwc_l_MK0YoZRo5uI0Jf0BW5QwkEdauoByltA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKrQh4Q_ZYv7QFImX9u8P7M-j0A3JntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDGgAdW20uoDyAEJqQJNaAUPoiCxPqgDAaoEhAJP0A8OiKD9uMKCzCnx3kAxkf2s5oyYpmBZDyiUlM3TtIcNVhfQ8_eb2tTjjulKLX-9xNFbb4yCwfdUm67smNAyn0AxmssB5mOfPnkZRzg4InrrVDI1-hPzOPvSFSlLsesVclYYvjqGmnbl8xv7t_uEpg14owiT4kGQaLJOmSsoesR6so3fQ2wvhwBrjgZCLW2s6y2dX4D229bLWLksw7nmrhLXyUgUXZcL57kABhgLvfzEoWWQavC45OvhskPjKGZ-DJ8TLnEeP_T5bz_FkrsJKJ0xxYDsPfSsmzEd8zpi_2Snwu5KpW31dJXjyEUrL1ULMQaZfFvSeM0BWTFCS_BMeySRoIAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2vDfBkTpGpl75BVGPryi3oz8ctxw%26client%3Dca-pub-6933461940627641%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e5cd6f65b8286c987193fe0b62fd94ed084a00642a3fd17c250c49a88014796c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hXfJSRJLfJK3Iw3jNTDPuM1p_cMvH9xUgeyetKuv5NOMI77UCmMBHlDRTwgNSLOqwvqfB2KW1myHruO7YLHI0w-HQ3AV_7S9p_h8pXyxv2v4jRP8mZQHgNvMWjAMCzsPHGoNZD9sE_kBiG9TSe_j7encM8_QaEOV_urZiRc2J2CKuP37FgusIfF7k2bE37EL2O6D8UMcp1AQOl4sFJFX7-NUsFlqE1LnwUXa963Sawyb-CIiQEVik9oG2_NGlEioX4Zjhg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 124982645
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 321F 13 KB
5 KB 114ms
36ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1961
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:03:04 GMT
expires: Fri, 21 Jul 2023 08:03:04 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6EE6 783 B
1 KB 127ms
47ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ee8921e2e4b41acde18c4b585146502459b6484658888cbf993baeea897f6e95

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Hk6Eq1R7A_F7Y5vOtMY5hw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.edocr.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-Hk6Eq1R7A_F7Y5vOtMY5hw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Thu, 21 Jul 2022 08:35:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 4D29 3 KB
1 KB 80ms
46ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=485626509&pi=t.ma~as.4103433139&w=300&lmt=1658392545&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544972&bpp=1&bdt=1268&idt=270&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=SpYrjYyw2o&p=https%3A//www.edocr.com&dtd=276

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 07:51:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2667
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 07:51:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D29 137 KB
42 KB 103ms
103ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 08:35:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 4D29 17 KB
7 KB 73ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:14:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 08:14:38 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4D29 0
0 80ms
80ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxtCU4Q_ZYsflFYG57gTA9ojQDMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT7AU_QE4gFxHqcPT6xrGFv-Y3UjPQ9qZrRLu3ExiuJVur0rVghS3UEOCxbwK7htah8PsXFN8z1HLs2-2mr3RVB5Tf5CpzOXT0ddC8oCXd8jBBONQlE_wtkSj3DtnGsMRJAa9tHr1uoUGscnoWtCTSppFnSnlYOZRH_ZTD31xbPwYq_Jb_fMEuuDYyvuKp9OVfvzkWuveVbBEkOJi9ddK5-_I5FVL2WXLTA4qb7Hs9Ese4YkeSFyMMEaxpQUGuz-n89RfHb-__n_rHZxSc9_28-Z4s7Om7nUIwXj-GJSnBkns9YFPoey_FmO-SFNmhU7Kaq0UtZ9hNgNOZtVzF1gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY5MzM0NjE5NDA2Mjc2NDEYAA&sigh=HVs0SKDgI_k&uach_m=[UACH]&cid=CAQSGwCNIrLM3Tpa6e1T7OR2NV8URXF61HyofKGJ7hgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=4103433139&adk=402904232&adf=485626509&pi=t.ma~as.4103433139&w=300&lmt=1658392545&psa=0&format=300x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544972&bpp=1&bdt=1268&idt=270&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250%2C120x600&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=SpYrjYyw2o&p=https%3A//www.edocr.com&dtd=276
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 21 Jul 2022 08:35:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 4D29 0
0 52ms
14ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EN2BMKwC-gGdg2ICAgAAABIFyUVIOrE-EOEP2WID_s9Eh21Co30PKgASAAA&wp=YtkP4QAFcscKm5yBAAI7QKf0pRXCcEI5JnkXng

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
server: Kestrel
server-processing-duration-in-ticks: 182462
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A84F 204 KB
59 KB 172ms
172ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFcscKm5yBAAI7QKf0pRXCcEI5JnkXng&u=%7COqM%2BtGRZEQ3WrEi30lhVgfgnkSUnrnhClV3ZXzppfJw%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3Wrj05BpyXHYl7KqzQfMIp-BWB5k1PMunE6cb61tn-vVAYdNMzkCv3qO37Sf5pNkoMQ0rAlCUWIac7oSlJaK64XaGadVZlTb-dnPL6VU13JTIR-zslEsi0bb_r1GLH4lwOKcUNtgl_E6kh3N2QWv9pCscIuFPqctpvkrHmhTRoJeXtEuBilVwC7cJ3O-6iU7WXy0cuPhhgAi9yCgbAiZFINpbS1RUJq7hl2KGNjP9Wao9atMUvQryNRxZ5JvTwTsbyWHC1XXvOxvMEWO5MQIHmIx5d1s2a8dMNUnfim_PPOgBF7wKaB2efHZ1ZCegMLGdJ9L4OQE-BQ5hXPzLCrses3QqDg8w1inm7snMzRLknCB4h7tPD7Ps9exZPxMSar315J-yuoNii6cQU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuCCV4Q_ZYsflFYG57gTA9ojQDMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QE4gFxHqcPT6xrGFv-Y3UjPQ9qZrRLu3ExiuJVur0rVghS3UEOCxbwK7htah8PsXFN8z1HLs2-2mr3RVB5Tf5CpzOXT0ddC8oCXd8jBBONQlE_wtkSj3DtnGsMRJAa9tHr1uoUGscnoWtCTSppFnSnlYOZRH_ZTD31xbPwYq_Jb_fMEuuDYyvuKp9OVfvzkWuveVbBEkOJi9ddK5-_I5FVL2WXLTA4qb7Hs9Ese4YkeSFyMMEaxpQUGuz-n89RfHb-__n_rHZxSc9_28-Z4s7Om7nUM4VrnMOxex3IVNMtyojbQlvL-4zPEZMbhJi7O2rSQ1MLGPH0yLKrbz0gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1jenIROT7kpS5DB0xA1XgoNFk_Ug%26client%3Dca-pub-6933461940627641%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

75a730322672cc93ca96bc526141aaf2dd5a3188236a8c8a8647bd98df38341c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=XE3bdxJLfJK3Iw3j5c3z0xFBQ9u6RZGSaNnqKjLRNUiS6uQeWQC2udip0y2y28h7YXwWIuBJkgYK2HPH8werI22W5kKMql1zMwiI36po2NqBx_w-rpXg9i9rnFkzlU3TkK9W5fPFpQ4yEwYpuDxvUxJYGjyhBQUp6dLcjqyQFcCD7F0j-KC5o9sVAPMR2tTo-B1QbLt8ZkQUhTB8b6N-5YeVibzOk-hmqN7Am9_0D0dcX-IQegwnH7LszHD6HxznkGcRuQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 148371218
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 38 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 333a28978a4b2e752ea9277742336a1980e051e7e93a7105fbd3e5fdb12fe1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 27 KB
27 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c15b7c7e83550d314d85c9bfc480b75a6d699b2875c279690f7637536d8fe0f

Request headers

Referer
Origin: https://www.edocr.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK Attributes Show response
www.edocr.com/pas/Document/q/ 41 B
644 B 286ms
286ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/Attributes?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ&DesiredPageCountConfidence=50

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

8cee0f9c9c0b36ea3fb53e508ee2381ae8b9b4945979a119b31fb15aeed2f2fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Gid: NGGav5PQvF4MY5SCr6FodQ
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json
Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

Content-Security-Policy: frame-ancestors 'none'
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
Referrer-Policy: origin-when-cross-origin
server: nginx
date: Thu, 21 Jul 2022 08:35:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: *
build-number: 2669

GET
DATA 200
OK truncated
/ Frame C367 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32f3c2c635adc25e8a904cc1643fa6173c993cfa69a0694ef03b565842407aa5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4D29 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2630ffd8107f22408a1675aba4b3b7ab6df50a410230e2dfa2a3b17e2914c513

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 7DF5 2 KB
1 KB 142ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFKH4H_YuJAAjn7IkBAkPyBBb7MwjT0Q&u=%7COqM%2BtGRZEQ0ZJioQaWibYcVKh1ZTS2etO2eGBkGwjoA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3WrilV7g6-aZQTlXHRuv6FNPXSHXb5ZNxIRfF07MPTPocTB-EybrhDEw3_BPhdQPkoaeN2m6CeCr_9C3bPb7V92CMzCdwILNvP6Rx2uiZ3POtfcpXtmXkV0ReHJbinTXVtVCsNP3QX_XSz3uVg-I4eWPXJMvw0daqL5wBuxfjJgf2lxttkvhZDpzC6zbuHG1JQ-KjN_MhUgitzFW-53AjwSffE4AYKlLEfBG3O7lt82CrcSJpY0zrUNm8iNd9kgYfYeNxoTF6f5xaJlXZqAfpq_ehUl5MJf4qLdavYHSGVLi0kZEy_vfOu-ZyiJly33jJa8JrZ2CbYOOABRghlV5_R_z-y0qK7nq8fr3FLwabnwc_l_MK0YoZRo5uI0Jf0BW5QwkEdauoByltA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKrQh4Q_ZYv7QFImX9u8P7M-j0A3JntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDGgAdW20uoDyAEJqQJNaAUPoiCxPqgDAaoEhAJP0A8OiKD9uMKCzCnx3kAxkf2s5oyYpmBZDyiUlM3TtIcNVhfQ8_eb2tTjjulKLX-9xNFbb4yCwfdUm67smNAyn0AxmssB5mOfPnkZRzg4InrrVDI1-hPzOPvSFSlLsesVclYYvjqGmnbl8xv7t_uEpg14owiT4kGQaLJOmSsoesR6so3fQ2wvhwBrjgZCLW2s6y2dX4D229bLWLksw7nmrhLXyUgUXZcL57kABhgLvfzEoWWQavC45OvhskPjKGZ-DJ8TLnEeP_T5bz_FkrsJKJ0xxYDsPfSsmzEd8zpi_2Snwu5KpW31dJXjyEUrL1ULMQaZfFvSeM0BWTFCS_BMeySRoIAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2vDfBkTpGpl75BVGPryi3oz8ctxw%26client%3Dca-pub-6933461940627641%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 7DF5 2 KB
1 KB 144ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 7DF5 308 B
636 B 134ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 7DF5 293 B
621 B 135ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 7DF5 0
689 B 214ms
163ms Image
text/plain 2600:9000:223c:4600:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1658392545
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFKH4H_YuJAAjn7IkBAkPyBBb7MwjT0Q&u=%7COqM%2BtGRZEQ0ZJioQaWibYcVKh1ZTS2etO2eGBkGwjoA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3WrilV7g6-aZQTlXHRuv6FNPXSHXb5ZNxIRfF07MPTPocTB-EybrhDEw3_BPhdQPkoaeN2m6CeCr_9C3bPb7V92CMzCdwILNvP6Rx2uiZ3POtfcpXtmXkV0ReHJbinTXVtVCsNP3QX_XSz3uVg-I4eWPXJMvw0daqL5wBuxfjJgf2lxttkvhZDpzC6zbuHG1JQ-KjN_MhUgitzFW-53AjwSffE4AYKlLEfBG3O7lt82CrcSJpY0zrUNm8iNd9kgYfYeNxoTF6f5xaJlXZqAfpq_ehUl5MJf4qLdavYHSGVLi0kZEy_vfOu-ZyiJly33jJa8JrZ2CbYOOABRghlV5_R_z-y0qK7nq8fr3FLwabnwc_l_MK0YoZRo5uI0Jf0BW5QwkEdauoByltA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKrQh4Q_ZYv7QFImX9u8P7M-j0A3JntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTY5MzM0NjE5NDA2Mjc2NDGgAdW20uoDyAEJqQJNaAUPoiCxPqgDAaoEhAJP0A8OiKD9uMKCzCnx3kAxkf2s5oyYpmBZDyiUlM3TtIcNVhfQ8_eb2tTjjulKLX-9xNFbb4yCwfdUm67smNAyn0AxmssB5mOfPnkZRzg4InrrVDI1-hPzOPvSFSlLsesVclYYvjqGmnbl8xv7t_uEpg14owiT4kGQaLJOmSsoesR6so3fQ2wvhwBrjgZCLW2s6y2dX4D229bLWLksw7nmrhLXyUgUXZcL57kABhgLvfzEoWWQavC45OvhskPjKGZ-DJ8TLnEeP_T5bz_FkrsJKJ0xxYDsPfSsmzEd8zpi_2Snwu5KpW31dJXjyEUrL1ULMQaZfFvSeM0BWTFCS_BMeySRoIAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2vDfBkTpGpl75BVGPryi3oz8ctxw%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4600:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:46 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: QuizOvQ1AT3QZlkqm6aD5D5_e8nOeWqxTPiuWqd1xExg3vATKbPY6w==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 7DF5 43 B
347 B 411ms
19ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=VrtcC6Igar3PdS5R9BM-mVDRxQU_jetrjLPPSPGsdkoplH3Rz-cZwaNDy-3q9bRhqwplHq0Rl4r2W8pgQLjJnfHX0Wv7_jSbF6igiSTYH_dON83tkLvKMSIrQ8Fc4YCQIHlrDdAiQ_l8mRl2Y3FP-KQboml-LQbeG8IjPEqFGTVKeURLTdx-UbzKKzMBtyeiqPTuiIOlggWaZGlU40q_QaiachzP_kBHqaaLSxI1WdMa7qWbI6KNhYKzeuCwn_LYTK7_8h7rA-nUSagnXLZVZOEoZIhuS02aXL3188P_qEcQ-5UsBdk-loRQinib80qgPTFaPsMHvD_CCTpWWJrndRo6sicnnKyZRIi7m65WFO0d5L1LK69tOieIllLdmES7HTahr9Qg_hBTzziWYeCZNkfZv58S2cLcg_OFaXLY9gJZuOVsKgFbh_d9j1v2Z0xxjb6Asw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2741838
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame C72B 3 KB
1 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=3095482696&pi=t.ma~as.3952982610&w=120&lmt=1658392545&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544971&bpp=1&bdt=1268&idt=253&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EJgzEHWqhZ&p=https%3A//www.edocr.com&dtd=268

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 07:51:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 07:51:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C72B 137 KB
42 KB 123ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 08:35:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame C72B 17 KB
7 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:14:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1268
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 08:14:38 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A84F 2 KB
1 KB 138ms
17ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFcscKm5yBAAI7QKf0pRXCcEI5JnkXng&u=%7COqM%2BtGRZEQ3WrEi30lhVgfgnkSUnrnhClV3ZXzppfJw%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3Wrj05BpyXHYl7KqzQfMIp-BWB5k1PMunE6cb61tn-vVAYdNMzkCv3qO37Sf5pNkoMQ0rAlCUWIac7oSlJaK64XaGadVZlTb-dnPL6VU13JTIR-zslEsi0bb_r1GLH4lwOKcUNtgl_E6kh3N2QWv9pCscIuFPqctpvkrHmhTRoJeXtEuBilVwC7cJ3O-6iU7WXy0cuPhhgAi9yCgbAiZFINpbS1RUJq7hl2KGNjP9Wao9atMUvQryNRxZ5JvTwTsbyWHC1XXvOxvMEWO5MQIHmIx5d1s2a8dMNUnfim_PPOgBF7wKaB2efHZ1ZCegMLGdJ9L4OQE-BQ5hXPzLCrses3QqDg8w1inm7snMzRLknCB4h7tPD7Ps9exZPxMSar315J-yuoNii6cQU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuCCV4Q_ZYsflFYG57gTA9ojQDMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QE4gFxHqcPT6xrGFv-Y3UjPQ9qZrRLu3ExiuJVur0rVghS3UEOCxbwK7htah8PsXFN8z1HLs2-2mr3RVB5Tf5CpzOXT0ddC8oCXd8jBBONQlE_wtkSj3DtnGsMRJAa9tHr1uoUGscnoWtCTSppFnSnlYOZRH_ZTD31xbPwYq_Jb_fMEuuDYyvuKp9OVfvzkWuveVbBEkOJi9ddK5-_I5FVL2WXLTA4qb7Hs9Ese4YkeSFyMMEaxpQUGuz-n89RfHb-__n_rHZxSc9_28-Z4s7Om7nUM4VrnMOxex3IVNMtyojbQlvL-4zPEZMbhJi7O2rSQ1MLGPH0yLKrbz0gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1jenIROT7kpS5DB0xA1XgoNFk_Ug%26client%3Dca-pub-6933461940627641%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A84F 2 KB
1 KB 147ms
26ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A84F 308 B
636 B 138ms
25ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame A84F 293 B
621 B 129ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame A84F 0
688 B 200ms
154ms Image
text/plain 2600:9000:223c:4600:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1658392543
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFcscKm5yBAAI7QKf0pRXCcEI5JnkXng&u=%7COqM%2BtGRZEQ3WrEi30lhVgfgnkSUnrnhClV3ZXzppfJw%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860td2p_3a3Wrj05BpyXHYl7KqzQfMIp-BWB5k1PMunE6cb61tn-vVAYdNMzkCv3qO37Sf5pNkoMQ0rAlCUWIac7oSlJaK64XaGadVZlTb-dnPL6VU13JTIR-zslEsi0bb_r1GLH4lwOKcUNtgl_E6kh3N2QWv9pCscIuFPqctpvkrHmhTRoJeXtEuBilVwC7cJ3O-6iU7WXy0cuPhhgAi9yCgbAiZFINpbS1RUJq7hl2KGNjP9Wao9atMUvQryNRxZ5JvTwTsbyWHC1XXvOxvMEWO5MQIHmIx5d1s2a8dMNUnfim_PPOgBF7wKaB2efHZ1ZCegMLGdJ9L4OQE-BQ5hXPzLCrses3QqDg8w1inm7snMzRLknCB4h7tPD7Ps9exZPxMSar315J-yuoNii6cQU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuCCV4Q_ZYsflFYG57gTA9ojQDMme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QE4gFxHqcPT6xrGFv-Y3UjPQ9qZrRLu3ExiuJVur0rVghS3UEOCxbwK7htah8PsXFN8z1HLs2-2mr3RVB5Tf5CpzOXT0ddC8oCXd8jBBONQlE_wtkSj3DtnGsMRJAa9tHr1uoUGscnoWtCTSppFnSnlYOZRH_ZTD31xbPwYq_Jb_fMEuuDYyvuKp9OVfvzkWuveVbBEkOJi9ddK5-_I5FVL2WXLTA4qb7Hs9Ese4YkeSFyMMEaxpQUGuz-n89RfHb-__n_rHZxSc9_28-Z4s7Om7nUM4VrnMOxex3IVNMtyojbQlvL-4zPEZMbhJi7O2rSQ1MLGPH0yLKrbz0gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1jenIROT7kpS5DB0xA1XgoNFk_Ug%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4600:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:46 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: J2N1Xo5hChAvNycNrcmNGsQtolDV408Y-iGnJMyw9VdsG4yjhikyog==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame A84F 43 B
348 B 405ms
18ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=ph6XKqU7Kq9fguxPws2OQ_YCi50iPWexKJAttYDtHqwpNK6eOUVjX-mC2QR2dfy4OH1WO4mE5GgBMqhbr0cyG3n9cG-ihM0nv_ivC-JeD2reDKvrD9sIQ_pOmEXddTtjq0IQk2829_3Ild-fD-W3D0oXnNFFfaAl4RdyH9INohv4dJrpLfobgzVI-yiiJj7Qm7KezWfjrWYwm0Zg2yIKfFfwGbL5R2frH5d7vzTNfCJ0kUiXskSEMTtDL9JY4aa1v8TcYWH9dc1EIpp2YFVL4OLS0zDw62X3MzyHBzj6xcUgFMO4hw8KzTkd0vSgo3C3Xx0cqOBcvaZRK7O5uLoO6EzcugRecL3PMnOooDbHK2ujK4Huop618v41-rBUYhWQS_1C0JbvQZSziKR9gh8L6PxrVjRCtEASLJJeMJmirUjyR0PgayUQgJiGv4ZqsFj5vsXzrA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:46 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2750366
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C72B 0
0 80ms
79ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMHFI4Q_ZYqS0FejY6gTOh6mYB8me0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT7AU_QbeYgo_LgJkIuMgauiuVyczAxaPB33sytzM1wmk2zX-YCevd7R15rcDitd0CUhZ_oSD8brUGicBN7oNQL81J6WZEgEiC3vvHrWwRHzBi5FjWyFuUu8pzCVKkXU_BD5WbV10Di7cPuDiVkGEd05kfGfhTbn1x7PgUg3Gm2Wux3zofygCTZJX01UkziuqRRxk9k356dWfr_nu00m9fy1sxTEF2CTEitg7YFwYTxU-HlTre0s3z42f5Le1L4GnK6_8KKIlhTXYJXjSsMEqH44M7CHp0d-a4xV2Y-AyefQWw2WlIWE6lppBUrHqAqcPhluMP7gvUUZpyEXmEugAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY5MzM0NjE5NDA2Mjc2NDEYAA&sigh=9t2JJNWyRMk&uach_m=[UACH]&cid=CAQSGwCNIrLMDa_Hed8IWCDKi-DenFnENODXVy08xBgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=600&slotname=3952982610&adk=937441900&adf=3095482696&pi=t.ma~as.3952982610&w=120&lmt=1658392545&psa=0&format=120x600&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544971&bpp=1&bdt=1268&idt=253&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x250&correlator=1336665230993&frm=20&pv=1&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=25&ady=295&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Cd%7CeE%7Cp&abl=XS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EJgzEHWqhZ&p=https%3A//www.edocr.com&dtd=268
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 21 Jul 2022 08:35:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame C72B 0
0 15ms
15ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EJi6MHjYBJ2DYgICAAAAayHmQ6TL8MYQ4A_ZYiQXkxsDnsd4gqyiABIAAA&wp=YtkP4QAFWiQKmqxoAApDzhEz5xzD_LSMeSWhOQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
server: Kestrel
server-processing-duration-in-ticks: 314240
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame D489 197 KB
58 KB 150ms
150ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFWiQKmqxoAApDzhEz5xzD_LSMeSWhOQ&u=%7COqM%2BtGRZEQ2tdlal0sQgazHN21T%2F9KtwFxsNhd1TTSg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUxwJ3f9OiGqxsikMzxb_t2rmW80QPib3I9MXt_0yTGwpf5h1DMPj7JZG3ONVsYub2crcwa9SEKiJICQnnzhUPc5A8Y2YB11_J2XclfPLZ1Tqk3waGDbirIW8DjwrpW5z7KYQJQ_6Ga4ql0EOrfjmqKTAydtZ5N_Yt7eUKGjSAbxQl2OOddJ-k4E1r4gHz-koCZP_y4IkJAviGXIUq_Z8vFsi9vTaVqE-m4Aka0-Rv2f-Q60T__2FNNXFRnE_iK2I72_ebuEAVOWTL1k2laTiapYyB0-FyOYWzC5EC7-Q4-mlOVUmAS8HaEwXDYE7WBEgaxl5ily9qSt0zFMljE4cW4CqyVxX_RwZc9BTt51wjN2baYTgsssGaqJ401Qu2KySynykWjDoHNAlYzhRVt6dMEGd74_O2Vnhy2eHLe9vT0y1YRkmk_nlCE0SSS45Pa-4I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEMhl4Q_ZYqS0FejY6gTOh6mYB8me0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QbeYgo_LgJkIuMgauiuVyczAxaPB33sytzM1wmk2zX-YCevd7R15rcDitd0CUhZ_oSD8brUGicBN7oNQL81J6WZEgEiC3vvHrWwRHzBi5FjWyFuUu8pzCVKkXU_BD5WbV10Di7cPuDiVkGEd05kfGfhTbn1x7PgUg3Gm2Wux3zofygCTZJX01UkziuqRRxk9k356dWfr_nu00m9fy1sxTEF2CTEitg7YFwYTxU-HlTre0s3z42f5Le1L4GnK6_8KKIlhTXYJXjSsMEqH44M7CHp0d-ewzdvS5jLuM_vAi-YIrtVFgsB-dFI4y8kythWUJPes4fhku2nKR82hEgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2NT9Yde3hwhKxl9cEzalZjLHAfqA%26client%3Dca-pub-6933461940627641%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a39f44e8ce51b3765ef7d3756e180cf4a41d2e5b60cfa66ea00457a4a4225e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 08:35:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=aytjTxJLfJK3Iw3jHeT7UbvJRe83U5uGdRsAHTTKL-3e4EYUN2vITCQDzkcyee2MuKJdqxa0GCz9E586x9qyB5jNdmYCF-EKQe84j2TcgunT-5zdSQXJ6hhHWxANeeRrXPXu1g-n08JQiJCSH5O3monVwzrxYXBcgp86Fmbli230VCR9s_Zw9fKk0O_EMFkpc_JTHMV6OcKeiBt3WeX8t4rxiP-WYk5cSNWieXA45Pok5-87pwgZQxo1UTV6P9TXb2hc2Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 134402279
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6EE6 0
0 136ms
135ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220719&jk=192624244478720&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 7DF5 12 KB
6 KB 89ms
18ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7DF5 25 KB
25 KB 252ms
33ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=116&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=696&s=bimwQ8eKKu-11yaXgkIA-g6s

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0b13f84a6dde5e31b8a9e05852d609f5aa9d41b1b86c26d2d4f773b7dca0a675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30155275
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 25396
expires: Wed, 05 Jul 2023 09:03:42 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 7DF5 0
128 B 60ms
17ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hXfJSRJLfJK3Iw3jNTDPuM1p_cMvH9xUgeyetKuv5NOMI77UCmMBHlDRTwgNSLOqwvqfB2KW1myHruO7YLHI0w-HQ3AV_7S9p_h8pXyxv2v4jRP8mZQHgNvMWjAMCzsPHGoNZD9sE_kBiG9TSe_j7encM8_QaEOV_urZiRc2J2CKuP37FgusIfF7k2bE37EL2O6D8UMcp1AQOl4sFJFX7-NUsFlqE1LnwUXa963Sawyb-CIiQEVik9oG2_NGlEioX4Zjhg&sds=2&rev=82042.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 7DF5 2 KB
1 KB 29ms
28ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 7DF5 2 KB
1 KB 30ms
29ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H/1.1 200
OK 1 Show response
www.edocr.com/pas/Page/q/ 66 KB
37 KB 326ms
326ms XHR
image/svg+xml 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Page/q/1?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ&Scale=1&ContentType=svgb

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b81046730df02e9b3b0af7898bb6bb07b6791b0c32b7d02e32b9a42b062b39f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Gid: HrTgHSaWmMYjVnBcm8ejLA
accept-language: de-DE,de;q=0.9
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H/1.1 200
OK 2 Show response
www.edocr.com/pas/Page/q/ 56 KB
30 KB 360ms
359ms XHR
image/svg+xml 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Page/q/2?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ&Scale=1&ContentType=svgb

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c6d55d2d769731b03cacc854e36a5e95d8b1d1f2b73d4fdf5b183a123be79e5e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Gid: MMiHbpOVAI84AQbMElW6HA
accept-language: de-DE,de;q=0.9
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H/1.1 200
OK 3 Show response
www.edocr.com/pas/Page/q/ 58 KB
31 KB 634ms
440ms XHR
image/svg+xml 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Page/q/3?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ&Scale=1&ContentType=svgb

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

515f22c3a8c5b58a84411be3544ec601e42ffc45b305e98bd27952bb428f8813

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Gid: s3TnGgTfoiTnqkQ49Y2e8Q
accept-language: de-DE,de;q=0.9
Accusoft-Parent-Pid: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame A84F 12 KB
6 KB 21ms
21ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 11 KB
11 KB 183ms
48ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=76&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=596&s=CxRtjByjbRtf0nK6cmCwL0fZ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28659705
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10911
expires: Sun, 18 Jun 2023 01:37:31 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 2 KB
2 KB 185ms
49ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoFormel-D-Group-3583DE-2008190935.gif%3Feb%3D1&v=3&w=400&s=DrzYj4BBZ_BeucmSC-VkbH0_&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

386531a08f54c0c8d3ba891ec58687e227a48302afa25312dd0cddeb858fe61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1907349
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1672
expires: Fri, 12 Aug 2022 10:24:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 2 KB
2 KB 170ms
35ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoFraGround-Fraport-Ground-Services-GmbH-222375DE.gif%3Feb%3D1&v=3&w=400&s=u8QjTuzx4yQwWOjyD8TMxXfP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1982313
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1960
expires: Sat, 13 Aug 2022 07:14:20 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 2 KB
2 KB 171ms
35ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDr-Meindl-u-Partner-Verrechnungsstelle-GmbH-139545DE.gif%3Feb%3D1&v=3&w=400&s=OEC11Z9rjyZetjUjA1x1yYe1&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cd5c0df13009943b3fdf4190f148764693d7a0d820d6c76430a5382d154a979e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1732
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 898 B
1 KB 183ms
49ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FG%2FlogoGKS-Gesellschaft-fur-Kommunikationsservice-mbH-148116DE.gif%3Feb%3D1&v=3&w=400&s=-mxUMyceAgOLfeiqGMGVBA-h&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

46b12afb08dc52a9f50161094e95fc99f08cbb726b869573c640365e1e6b6fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=329386
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 898
expires: Mon, 25 Jul 2022 04:05:33 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 2 KB
2 KB 169ms
34ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoAlfred-Ritter-GmbH-Co-KG-DE.gif%3Feb%3D1&v=3&w=400&s=HXFhq4KEcY8kt-Wdf6xUD0Ka&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

3bac61fc760ac2498af0e78daee95f9034520e6f307a8c083003463882ce0c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1828
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A84F 1 KB
2 KB 17ms
16ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoCDH-AG-83267DE.gif%3Feb%3D1&v=3&w=400&s=K43os7J-PdoyyDeQlhH89RDU&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f996571030e9b5945ce795ec9b3e30414cb5f790d8a533ffead139881bcdb4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=895847
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1454
expires: Sun, 31 Jul 2022 17:26:34 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A84F 0
127 B 18ms
18ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=XE3bdxJLfJK3Iw3j5c3z0xFBQ9u6RZGSaNnqKjLRNUiS6uQeWQC2udip0y2y28h7YXwWIuBJkgYK2HPH8werI22W5kKMql1zMwiI36po2NqBx_w-rpXg9i9rnFkzlU3TkK9W5fPFpQ4yEwYpuDxvUxJYGjyhBQUp6dLcjqyQFcCD7F0j-KC5o9sVAPMR2tTo-B1QbLt8ZkQUhTB8b6N-5YeVibzOk-hmqN7Am9_0D0dcX-IQegwnH7LszHD6HxznkGcRuQ&sds=2&rev=82042.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A84F 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A84F 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame 321F 36 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 16:09:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Jul 2023 16:09:39 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame D489 2 KB
1 KB 44ms
43ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFWiQKmqxoAApDzhEz5xzD_LSMeSWhOQ&u=%7COqM%2BtGRZEQ2tdlal0sQgazHN21T%2F9KtwFxsNhd1TTSg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUxwJ3f9OiGqxsikMzxb_t2rmW80QPib3I9MXt_0yTGwpf5h1DMPj7JZG3ONVsYub2crcwa9SEKiJICQnnzhUPc5A8Y2YB11_J2XclfPLZ1Tqk3waGDbirIW8DjwrpW5z7KYQJQ_6Ga4ql0EOrfjmqKTAydtZ5N_Yt7eUKGjSAbxQl2OOddJ-k4E1r4gHz-koCZP_y4IkJAviGXIUq_Z8vFsi9vTaVqE-m4Aka0-Rv2f-Q60T__2FNNXFRnE_iK2I72_ebuEAVOWTL1k2laTiapYyB0-FyOYWzC5EC7-Q4-mlOVUmAS8HaEwXDYE7WBEgaxl5ily9qSt0zFMljE4cW4CqyVxX_RwZc9BTt51wjN2baYTgsssGaqJ401Qu2KySynykWjDoHNAlYzhRVt6dMEGd74_O2Vnhy2eHLe9vT0y1YRkmk_nlCE0SSS45Pa-4I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEMhl4Q_ZYqS0FejY6gTOh6mYB8me0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QbeYgo_LgJkIuMgauiuVyczAxaPB33sytzM1wmk2zX-YCevd7R15rcDitd0CUhZ_oSD8brUGicBN7oNQL81J6WZEgEiC3vvHrWwRHzBi5FjWyFuUu8pzCVKkXU_BD5WbV10Di7cPuDiVkGEd05kfGfhTbn1x7PgUg3Gm2Wux3zofygCTZJX01UkziuqRRxk9k356dWfr_nu00m9fy1sxTEF2CTEitg7YFwYTxU-HlTre0s3z42f5Le1L4GnK6_8KKIlhTXYJXjSsMEqH44M7CHp0d-ewzdvS5jLuM_vAi-YIrtVFgsB-dFI4y8kythWUJPes4fhku2nKR82hEgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2NT9Yde3hwhKxl9cEzalZjLHAfqA%26client%3Dca-pub-6933461940627641%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame D489 2 KB
1 KB 19ms
18ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame D489 308 B
636 B 16ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame D489 293 B
621 B 15ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame D489 0
689 B 157ms
157ms Image
text/plain 2600:9000:223c:4600:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1658392545
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YtkP4QAFWiQKmqxoAApDzhEz5xzD_LSMeSWhOQ&u=%7COqM%2BtGRZEQ2tdlal0sQgazHN21T%2F9KtwFxsNhd1TTSg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUxwJ3f9OiGqxsikMzxb_t2rmW80QPib3I9MXt_0yTGwpf5h1DMPj7JZG3ONVsYub2crcwa9SEKiJICQnnzhUPc5A8Y2YB11_J2XclfPLZ1Tqk3waGDbirIW8DjwrpW5z7KYQJQ_6Ga4ql0EOrfjmqKTAydtZ5N_Yt7eUKGjSAbxQl2OOddJ-k4E1r4gHz-koCZP_y4IkJAviGXIUq_Z8vFsi9vTaVqE-m4Aka0-Rv2f-Q60T__2FNNXFRnE_iK2I72_ebuEAVOWTL1k2laTiapYyB0-FyOYWzC5EC7-Q4-mlOVUmAS8HaEwXDYE7WBEgaxl5ily9qSt0zFMljE4cW4CqyVxX_RwZc9BTt51wjN2baYTgsssGaqJ401Qu2KySynykWjDoHNAlYzhRVt6dMEGd74_O2Vnhy2eHLe9vT0y1YRkmk_nlCE0SSS45Pa-4I&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEMhl4Q_ZYqS0FejY6gTOh6mYB8me0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjkzMzQ2MTk0MDYyNzY0MaAB1bbS6gPIAQmpAjoNBbjpE7E-qAMBqgT-AU_QbeYgo_LgJkIuMgauiuVyczAxaPB33sytzM1wmk2zX-YCevd7R15rcDitd0CUhZ_oSD8brUGicBN7oNQL81J6WZEgEiC3vvHrWwRHzBi5FjWyFuUu8pzCVKkXU_BD5WbV10Di7cPuDiVkGEd05kfGfhTbn1x7PgUg3Gm2Wux3zofygCTZJX01UkziuqRRxk9k356dWfr_nu00m9fy1sxTEF2CTEitg7YFwYTxU-HlTre0s3z42f5Le1L4GnK6_8KKIlhTXYJXjSsMEqH44M7CHp0d-ewzdvS5jLuM_vAi-YIrtVFgsB-dFI4y8kythWUJPes4fhku2nKR82hEgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2NT9Yde3hwhKxl9cEzalZjLHAfqA%26client%3Dca-pub-6933461940627641%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4600:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:46 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: IB_4Qf66whzuGmJtku3b8GMpzjznNBhGODBag7M13HFSogSUslFKfQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame D489 43 B
347 B 168ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=qpVmGarVupovxQdf3gRWvIaYTPiSnHDfOjkRX_XexYv7B82zPXzwQkAnBXrlkpeBA-SVGztL0H0fVpBdro05vDfUa8QfxGP19cl5OAqpvNZakMQQwrZOT5NZLinVHEft2Qe5HMmSkY6Jlm1pkB6el2_Y-ENjFc9NZU-lH2Cr6Cc0v1orIRBETQ4uFEJF8-u7_38MjeqfNEtmkLtg8Tw54_f1Wq5kNXhSMjehjvAcmiSuNXT2Rk6eHtZqlDJNQE64Gw-qwwXbtHJbhGImjFioWCtQLVzV_IEkDfSvKw3aI6cidagkcJxao3eLWWruHGegls_g83KzL33v4BlP4ulFyKbs5pFBUA_rToNyBpb8n_TsKhY0haOLswvu_8OuQRo4ASrLqLUEVmERdTRhqanJ3fxZkJ_40hI5TBakRug7wADtGouie_QWfNzE-zki0_n5wACvxA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3279728
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C72B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74566ad95edfcecbe1e371ff7c0b3256d7ab07eb28804f9e16918b211ee91b10

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame D489 12 KB
6 KB 21ms
20ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame D489 6 KB
7 KB 44ms
36ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=110&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=236&s=EpKOa2bJ51bL2CB4_NQSVxv6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c6172adb8ef067681fb653febb8db61f5d978cefe06bfa35dbe88cb93bd1a08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28659705
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6577
expires: Sun, 18 Jun 2023 01:37:31 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame D489 0
127 B 19ms
18ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=aytjTxJLfJK3Iw3jHeT7UbvJRe83U5uGdRsAHTTKL-3e4EYUN2vITCQDzkcyee2MuKJdqxa0GCz9E586x9qyB5jNdmYCF-EKQe84j2TcgunT-5zdSQXJ6hhHWxANeeRrXPXu1g-n08JQiJCSH5O3monVwzrxYXBcgp86Fmbli230VCR9s_Zw9fKk0O_EMFkpc_JTHMV6OcKeiBt3WeX8t4rxiP-WYk5cSNWieXA45Pok5-87pwgZQxo1UTV6P9TXb2hc2Q&sds=2&rev=82042.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame D489 2 KB
1 KB 18ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame D489 2 KB
1 KB 17ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 16 Jul 2023 08:35:46 GMT

GET
H/1.1 200
OK Text Show response
www.edocr.com/pas/Document/q/0-0/ 48 KB
12 KB 469ms
327ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/0-0/Text?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bac1eda72db19f81d7e159d70d6099cbe0997bb92ead863eb5c0c12e20ad25ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Accusoft-Gid: 1qSz52BUp3hXIqsGAD9EDQ
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept: application/json
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:47 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 321F 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Z3pfjQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 08:35:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4D29 42 B
64 B 74ms
73ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvMYHtbLyF5DqEcyFaLTSeNCNOXQqbooZuIkaZGVDjqpfRNcSrHIulP_dwf7Nx0FeGEo9rSkXi_uy22eLE-u5U-58U&sig=Cg0ArKJSzPD8IhueTrk2EAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220718&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=402904232&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1658392545249&rpt=513&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c39b8da49b4b191f00365068d8401cc38c6747b58dbb1a7f5aab9601504e201f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 106ms
105ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220719&jk=192624244478720&bg=!bG-lbyvNAAZlvz3gRb87ACkAdvg8WoKTNNDyqJScrd5qVbGnUzDJLptn2L0_Yxxx82qec2zkWRApLwIAAACjUgAAAAJoAQcKAI9zdqOCDidn4NGxY7Br9wp5KPPawr2UQvAg2V7rUZ-M2v4FvwrTr6sSBEQ3N04LRMsUVGbbONRAYAEbMSr7cwKVgndJmqOk6CGCplo3EQp5LXILNYXzrQDKZMmJhLnGR7A85lBaovqmp-Xq5Ik5JFGjHn9NhbF-NOMutWP4UpfxBM_UF2R1TJNvbzjoVVgAY5kCpcuDme37L9NUPiJOs9Hb8ReyfmhBKOhlo3oW9veTw59PQuTDTBMQiQfgzRs92omKuj3hQP51HcULDNTXGEBrdWxkA1XLTt62Xk8APk_rGDtkT7tS-V5FREXuCD0IaS_34mvt8ls7Oc6hyGyi48aHya0aazt9DGg8T6sN5cOt_ihCeihjdbOutWMFxNM1e8JRT_SfcpRsV1UWx9dwwrThLwEprBAxB8-2kftRuGHBnXmspvXwHqC3UbRRk616Fd-NRIsQ0upR3YuTvUZCfiM78blCN9znKViu_-dvrVqwqMzvrDR4jxjIHfzFLuVoDHVtdlz27X41sb6-jJfVCSqydVYUz2jgwyI0Z2m0dVhBGfYInwiutdTJnra9_F2GQxqRdwP0WFz0L5GhYSTSAR8NE1pHtB33r68anDJ42sW0ukdw_RE1mIP9hldn72mgDA5jYyNRdiWbZnSMVaRyuBP-qk2tOU6JF-DvlNDKL_B28obEmtCu8CPYORXEe_NeCTJQGghjdz7oCltpBBFiz2spbXCkbHZDngfj5e35PReCFRnOn0jxq6np19lZtdceQLnPCDhw28zYUVxLLTA7FrxExBLbd02QyjckwqJ_khuzhnfwaHmKkIwVVmrL9-fc6bJReg2oUkHtSzcgC0Tckg5gOGx-pnPvmRIehInuuFi_m505YjsDemxppcSb0KIy_AWpRXaNYXKgH-6YsMCb-9ZrppvEBvaxyuob6QTK_3CKpwy64TCaUwIPNnMiy1shTCQOXMljalkk_kI4Zb0-9d__yCEoEFTatGpErCkt7O0jhvWI8cVBnUn5cRSNQ5a7JP3L5y1GdIaufH32akE5_auQpPJe2OWE3ulfJpl4DObPA0o6rLu1eskFHAmBYCryZFgHhcu1xoSD
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.edocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C72B 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvnYtt0yo0-7so8o2ss96i_XJ7ZBDTo7IcKj_2gjy-K1_ulhAOVxMskEcWFCutJ1Am_SPxw0X47AQ5rhv7wJqX41_g&sig=Cg0ArKJSzMv6U8M-L26LEAE&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220718&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=937441900&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1658392545240&rpt=1245&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 08:35:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A84F 0
127 B 17ms
17ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:47 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H2 200 all
csm.eu.criteo.net/ Frame D489 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:47 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H/1.1 200
OK Text Show response
www.edocr.com/pas/Document/q/1-1/ 75 KB
18 KB 293ms
293ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/1-1/Text?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2df081b4146a09cdc09c36172b0f6ab4fed6584ed914f1fd2686a04d0afdcc24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Accusoft-Gid: AMxHn6VhD3OtuTWPHDIJQA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept: application/json
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:48 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H/1.1 200
OK Text Show response
www.edocr.com/pas/Document/q/2-2/ 92 KB
21 KB 348ms
348ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/2-2/Text?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

92e61f30033a5b8e3ba9a4bdaf4e8e5af770425ef2c4cbc3d1d1f5f641cb071b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Accusoft-Gid: THCdr4eJt3PVMPMMaBIJ6w
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept: application/json
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:48 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

GET
H/1.1 200
OK Text Show response
www.edocr.com/pas/Document/q/3-3/ 83 KB
19 KB 282ms
282ms XHR
application/json 52.1.53.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.edocr.com/pas/Document/q/3-3/Text?DocumentID=u1j42ZdrFl5Xwe6Xu5WUCKQ

Requested by

Host: www.edocr.com
URL: https://www.edocr.com/v/static/bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.1.53.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-53-182.compute-1.amazonaws.com

Software

nginx /

Resource Hash

65b4b0bad0b0b1fd76f6868f4304b97fd055976546368a3e18cd27911bfbbf2c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accusoft-Parent-Name: ViewerControl
Accusoft-Gid: 7hC9cI74luUvlrqMDXUX8g
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept: application/json
Referer: https://www.edocr.com/v/9jboaxw9/BigXperts/fix-quickbooks-payroll-tax-table-update-error-ps03
Accusoft-Parent-Pid: 0
Accusoft-Parent-Taskid: 0

Response headers

date: Thu, 21 Jul 2022 08:35:48 GMT
content-encoding: gzip
X-Content-Type-Options: nosniff
transfer-encoding: chunked
access-control-allow-methods: GET
Connection: keep-alive
accusoft-data-encrypted: false
Referrer-Policy: origin-when-cross-origin
server: nginx
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
Content-Security-Policy: frame-ancestors 'none'
access-control-allow-headers: *
build-number: 2669

POST
H2 200 all
csm.eu.criteo.net/ Frame 7DF5 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 08:35:48 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.edocr.com/	1970-01-20 22:11:04	Name: _ga Value: GA1.2.794975046.1658392544
.edocr.com/	1970-01-20 04:41:18	Name: _gid Value: GA1.2.373447245.1658392544
.edocr.com/	1970-01-20 04:39:52	Name: _gat Value: 1
.edocr.com/	1970-01-20 14:01:28	Name: __gads Value: ID=99453045bf427a81-22c0520fd5cd00ec:T=1658392545:RT=1658392545:S=ALNI_Mablj55efhEhQ74qUS0gaFvce3FfQ
.doubleclick.net/	1970-01-20 14:01:28	Name: IDE Value: AHWqTUm-9WkP2rxwHM-1V4RL4DL08nwuBOlrA05FOkbQMnvBYAsrcj05zXoukp7G9LU
.doubleclick.net/	1970-01-20 04:39:53	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6933461940627641&output=html&h=250&slotname=8628223775&adk=2306401753&adf=1981261236&pi=t.ma~as.8628223775&w=350&lmt=1658392545&psa=0&format=350x250&url=https%3A%2F%2Fwww.edocr.com%2Fv%2F9jboaxw9%2FBigXperts%2Ffix-quickbooks-payroll-tax-table-update-error-ps03&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1658392544966&bpp=5&bdt=1262&idt=236&shv=r20220719&mjsv=m202207180101&ptt=9&saldr=aa&abxe=1&correlator=1336665230993&frm=20&pv=2&ga_vid=794975046.1658392544&ga_sid=1658392545&ga_hid=2121609870&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-975&ady=474&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44763506%2C44768326%2C31068534%2C42531608%2C31064018&oid=2&pvsid=192624244478720&tmod=1072973465&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CaeE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ssKpTjRGXm&p=https%3A//www.edocr.com&dtd=250 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.fr.eu.criteo.com
csm.eu.criteo.net
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
secure-gl.imrworldwide.com
static.criteo.net
tpc.googlesyndication.com
www.edocr.com
www.google-analytics.com
www.google.com
www.googletagservices.com
172.217.18.2
178.250.0.139
178.250.0.160
178.250.0.162
2001:4860:4802:32::178
2600:9000:223c:4600:1e:a43d:b640:93a1
2a00:1450:4001:800::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2002
2a02:2638:1::2
2a02:2638::2
2a02:2638::3
2a02:2638::b
52.1.53.182
093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b13f84a6dde5e31b8a9e05852d609f5aa9d41b1b86c26d2d4f773b7dca0a675
0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6
25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121
2630ffd8107f22408a1675aba4b3b7ab6df50a410230e2dfa2a3b17e2914c513
2afc356dde206a3dd70b4d3928f9a97e99553e4cbc2c547436a48c03a7e194b2
2df081b4146a09cdc09c36172b0f6ab4fed6584ed914f1fd2686a04d0afdcc24
32f3c2c635adc25e8a904cc1643fa6173c993cfa69a0694ef03b565842407aa5
333a28978a4b2e752ea9277742336a1980e051e7e93a7105fbd3e5fdb12fe1a4
386531a08f54c0c8d3ba891ec58687e227a48302afa25312dd0cddeb858fe61a
3bac61fc760ac2498af0e78daee95f9034520e6f307a8c083003463882ce0c8f
433476986d0c96368126d839b1125ca7e9ef44c4b9002719dbddf9388304484b
46b12afb08dc52a9f50161094e95fc99f08cbb726b869573c640365e1e6b6fd2
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
515f22c3a8c5b58a84411be3544ec601e42ffc45b305e98bd27952bb428f8813
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607
5ef869cd58e508708332a1b1f58963eaa344e2b1aff1fcd84473956196b7c6d4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65b4b0bad0b0b1fd76f6868f4304b97fd055976546368a3e18cd27911bfbbf2c
65e4e63638e9c69fe634cc25b595b20afe3e704f5eb8adf36a551e3c23a12ecf
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
74566ad95edfcecbe1e371ff7c0b3256d7ab07eb28804f9e16918b211ee91b10
74b0d456947efd30670e3e82b0bb5b545da2022429cb218095d1c9e4a45989c7
75a730322672cc93ca96bc526141aaf2dd5a3188236a8c8a8647bd98df38341c
8a36eee908720292125b730b9af7742b425dbf7a1a98d441aa365442dc02861b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c15b7c7e83550d314d85c9bfc480b75a6d699b2875c279690f7637536d8fe0f
8cee0f9c9c0b36ea3fb53e508ee2381ae8b9b4945979a119b31fb15aeed2f2fd
8d0ed652a9b49031aecebacdcbde21eec36aa96e9c1949bf77c1c013b9574c29
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
92e61f30033a5b8e3ba9a4bdaf4e8e5af770425ef2c4cbc3d1d1f5f641cb071b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a39f44e8ce51b3765ef7d3756e180cf4a41d2e5b60cfa66ea00457a4a4225e8e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
b1ba9fa4ad8fdf667f000a62ef0aebcd3b169d9e70a0e7079072471016139c68
b7c15369d1a5748064a4a61379be72a29d031f0005a98ae402a64849f24a7afa
b81046730df02e9b3b0af7898bb6bb07b6791b0c32b7d02e32b9a42b062b39f6
b8657baaa6b95a17c934001c3338f3cdff05bf8ce67ffe25c3b7ab53cd580241
bac1eda72db19f81d7e159d70d6099cbe0997bb92ead863eb5c0c12e20ad25ee
bb58ccdee8997078799e15f1a9b17770f5ac5507e1f68921759748d3230054ad
be2809d7c26098cde3d07112c0fff0fba627e01ec9cff26781c717dfb515fa7a
c39b8da49b4b191f00365068d8401cc38c6747b58dbb1a7f5aab9601504e201f
c6172adb8ef067681fb653febb8db61f5d978cefe06bfa35dbe88cb93bd1a08d
c6d55d2d769731b03cacc854e36a5e95d8b1d1f2b73d4fdf5b183a123be79e5e
cd5c0df13009943b3fdf4190f148764693d7a0d820d6c76430a5382d154a979e
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e0e446e63aed7f260a003e9f1477be39196b43fbf341c4910e1a4e86ead6a1f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cd6f65b8286c987193fe0b62fd94ed084a00642a3fd17c250c49a88014796c
ee8921e2e4b41acde18c4b585146502459b6484658888cbf993baeea897f6e95
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f340a9066786375cd529dca01211845255527af2eb415e3a2f67770afe4e59c8
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f996571030e9b5945ce795ec9b3e30414cb5f790d8a533ffead139881bcdb4ba

www.edocr.com Open in urlscan Pro 52.1.53.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

98 Requests

100 %HTTPS

72 %IPv6

11 Domains

18 Subdomains

19 IPs

3 Countries

1561 kBTransfer

4746 kBSize

6 Cookies

0 Outgoing links

Redirected requests

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.edocr.com Open in urlscan Pro
52.1.53.182 Public Scan

Screenshot
Live screenshot

Full Image

98
Requests

100 %
HTTPS

72 %
IPv6

11
Domains

18
Subdomains

19
IPs

3
Countries

1561 kB
Transfer

4746 kB
Size

6
Cookies

98 HTTP transactions
7 data transactions