r.mtdv.me Open in urlscan Pro
2606:4700:3037::6815:1208 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://r.mtdv.me/r7r6LLpaxe
Submission: On April 26 via manual (April 26th 2023, 3:08:17 pm UTC) — Scanned from DE

Summary HTTP 93 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 15 domains to perform 93 HTTP transactions. The main IP is 2606:4700:3037::6815:1208, located in United States and belongs to CLOUDFLARENET, US. The main domain is r.mtdv.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 11th 2022. Valid for: a year.

This is the only time r.mtdv.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3037::6815:1208	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
18	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	50.19.126.24 50.19.126.24	14618 (AMAZON-AES) (AMAZON-AES)
4	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	85.14.248.71 85.14.248.71	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
93	21

3 2606:4700:3037::6815:1208 (United States)

ASN13335 (CLOUDFLARENET, US)

r.mtdv.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mtdv.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.19.126.24 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-126-24.compute-1.amazonaws.com

adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipds.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.71 (Kamp-Lintfort, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	criteo.net static.criteo.net — Cisco Umbrella Rank: 763 csm.eu.criteo.net — Cisco Umbrella Rank: 6433 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9652	248 KB
14	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 tpc.googlesyndication.com — Cisco Umbrella Rank: 177	221 KB
7	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1718	389 B
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	545 KB
6	criteo.com rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 13760 ads.eu.criteo.com — Cisco Umbrella Rank: 6413 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 7993	79 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 67	26 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 474	53 KB
3	mtdv.me r.mtdv.me cdn.mtdv.me	4 KB
2	adrta.com 1 redirects adrta.com — Cisco Umbrella Rank: 2206 ipds.adrta.com — Cisco Umbrella Rank: 3652	889 B
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	97 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 130 www.google.com — Cisco Umbrella Rank: 16	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	5 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 9403	1 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 5261	531 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1132	597 B
93	15

	Domain	Requested by
18	static.criteo.net	ads.eu.criteo.com cdnjs.cloudflare.com static.criteo.net
16	imageproxy.eu.criteo.net	ads.eu.criteo.com
7	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
7	region1.google-analytics.com	www.googletagmanager.com
7	pagead2.googlesyndication.com	r.mtdv.me pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
7	www.googletagmanager.com	r.mtdv.me www.googletagmanager.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net r.mtdv.me
4	csm.eu.criteo.net	ads.eu.criteo.com
3	cdn.jsdelivr.net	r.mtdv.me
2	cat.fr3.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net r.mtdv.me
2	www.googletagservices.com	googleads.g.doubleclick.net
2	r.mtdv.me	r.mtdv.me
1	www.google.com	tpc.googlesyndication.com
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	m.exactag.com	ads.eu.criteo.com
1	ipds.adrta.com	ads.eu.criteo.com
1	adrta.com	1 redirects
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdn.mtdv.me	r.mtdv.me
93	23

This site contains links to these domains. Also see Links.

Domain
mtdv.me

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-11` - `2023-07-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2023-06-25`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-04` - `2023-06-04`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-26` - `2023-06-29`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2022-08-19` - `2023-09-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://r.mtdv.me/r7r6LLpaxe
Frame ID: 3B1720166A03FB60A2D7DEA61F8E2716
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230420/r20190131/zrt_lookup.html
Frame ID: 121B50DA3B102D372ECFF84AB503F800
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&adk=1812271804&adf=3025194257&lmt=1682521692&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x540_l%7C308x540_r&format=0x0&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692204&bpp=5&bdt=200&idt=266&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5017082333712&frm=20&pv=2&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=289
Frame ID: 3C77FBE3E70748EF4F1B6F4CAA181084
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=90&slotname=7826328599&adk=347962083&adf=845057202&pi=t.ma~as.7826328599&w=864&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=12&format=864x90&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rh=90&rw=864&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692209&bpp=2&bdt=206&idt=289&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=368&ady=1045&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=fc66QYkJCv&p=https%3A//r.mtdv.me&dtd=295
Frame ID: BCC4C3A07D784EE52ED0A6FC2CA0CD4C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=280&slotname=1970650422&adk=3555021432&adf=820553741&pi=t.ma~as.1970650422&w=1200&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=1&format=1200x280&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692211&bpp=1&bdt=207&idt=295&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C864x90&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=FCWtbrzp05&p=https%3A//r.mtdv.me&dtd=298
Frame ID: 29CFDFAFCA0550CCB0D09CAD8C3709D9
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIHSkK0yaGAAGS-yKegLCpkaVhVaqkcQ&u=%7Cc8FNXLqlHdINiXTDe68vK%2Bk4llqYLKRLFiKz06dSBqg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi63Qge4QeWiL81fymOOh_Qx8jQkAlFhxD5tTIzI0xtD75fMV322SSJQZnG9Dygjvgp63V9Lrj9o70UL65XFUpJqFjHkezgV8rmn7v08GwmArLifwoYYANKQ__TUCAqbZNSuKiLxiNznief2w7TcQC-tvp5euc9vyLzMAaf91RX0AWtk2nbbgUx-7bbEYb7aMdNkwyrV1qrhRSrRD2cG11yp4dap5ngKFx9hAcyTob573-Pkh9Zkg6XSoEccRilRG9bk0sZ3L1Y_p14qEVwlPpa_XzyT_OwOHgqbwZMJwrWyv3GUgv4_OKwrm3CHSFqKZpNF7BzcZ98JoPCB91oc-3INeR3-a_4YQGQgEbFkjK32RpkuFoRTbjYIO3MF18dZ75qwnf4742aFI5BPoqYMHoWTvOc_SUCrSzA-fivk8t-zVWzGhZMOyQdCalEDXvrK7TOH_Srif0XedVx8ffQt0VX9jl37_G0oC9RDBbVrFgkhxC7jLSVmfv1GjI3Hx8uweStlmxHW__3pVsMDsugiSN5nMkdwy4isPFTriYzR3OLtv5&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7sdeXD5JZKm6IIbNzAb7pYbgDsme0rFcxbKY93DAjbcBEAEgAGCVqp-CsAeCARdjYS1wdWItNDAwNTgxMDkxMTkxNjk0NMgBCakCdrW9c4KIsj6oAwGqBMcBT9C6A4m2OE2v0AXGWUvQkfL_kOUURRP8sfuhPoYdvuXcwtXp-BB0BQwr544xwrvju9yee8NaVWnJLuDcVIW446aTBVfamj7cKhzMpPgiEXPXlmfwrmLeaqbxWi4YBbb0bc3e6il61c_SL9WPjJhIvWKTKJ345Y5FymKRgnpBQYW-URaV2L-9Y2DLYFqyFkzLLrESKnzwJhX2rEj7r4QGk7L_oEZxzqvgqNODhUnZ5vRNIi_pxb2IfBTRq0DKyKtI4K3Gue9bdoAGsJqfnOuR9LezAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2h83qkLJ2AUOefjBlqth7DrE4WoQ%26client%3Dca-pub-4005810911916944%26adurl%3D
Frame ID: BC32798E46D10EF5EA2D2129F4928D1F
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CNnpCXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS1AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QAvq_W57QYBkhTR-KzTvj5ID3uHlf-d-rNMEIQXel4BVpgN3f8yiABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQwMDU4MTA5MTE5MTY5NDQYAA&sigh=LV3WLg_k2mI&uach_m=[UACH]&cid=CAQSGwBygQiDF-N4nJhdMiiNLr9HrNcwX3JpCoLcPhgB
Frame ID: 9D5560E61C3403D1AB2BA3C4C502C560
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIsSYBy4MDAAtA-C5JKtSO_TCyZ4BoRw&u=%7Cc8FNXLqlHdLfVToUwPuE9G8bDeWhK9Ldv6ASeASgLZY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyE6SO8U8aAVVklOcJqeX2W57tpCZzXLeFkq1vxC4FyhRWV_4VVTxgRC3yqknT36nqu48LbqI0mz8VUI44UmEl5uhKveVva-KU6CJ117eFF0n90UKsRe-lJgld9BPJNBXYY4aXl20aFvuch2f968xQY35tNcGb3_dhaMB45cCx1JmxHtxZ2upadTu0JvaRhhI1LYKzCe2GZ4AJyHZLUlEyEfFxnXTQqW-VS0TaTufGgY6AF95_LVftjowMqlYr6Z8xgPMaurNFdBNC7dAxAnOL3HBFrOdFBiWZCt7RQouRHSFhQmWOkNyBKpbXtQGST_Ex6auv9-WUVEiTBQmtGdtqFrRZ6JDVljeuLffuoA3ZJCHhurCuIzjLtpb7-pwl_5kaxXxLDKyvbwrFQ7GJZ2JhuBmG3Y3FkOVz3L2hQbidqDrm3mUDbod3IUZob9bXuBU6IoF6ugi7YnclkBRaozwQljeJI7yW3ba2L4O2lNYbnoaVrnhrzPy8AasZCV18kQotioaMropaZ5XIcKhi2MSymoy81zAA2UXeNAYFW-Pk0NGgUGOr42AUl6UKxylp75qPrWzpivINXtuMpfukEJN1Z-JciwjlsdsC2AHyLNThV-a&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCys2pXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS4AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QQPieyRlf_Aqe0QspHQZFHInjss9V18cpgAk154Ua_jlxBXdb4Jf09MGABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0EwyfMwHFJQaw3GxJEakuEpLEvmg%26client%3Dca-pub-4005810911916944%26adurl%3D
Frame ID: 9B79FF70F2C021B2B9F3FF185F5242EC
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7F56BCEFDCE65465A5FEA5BF52B59318
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3C32C6E8CE6236E2373AB65B94146C19
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

XDR Threat Landscape Talking Points

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

93
Requests

99 %
HTTPS

85 %
IPv6

15
Domains

23
Subdomains

21
IPs

3
Countries

1283 kB
Transfer

4231 kB
Size

15
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://mtdv.me/ib/rick
Title: Discord Bot

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://adrta.com/i?cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&paid=co&avid=65705&caid=339945&plid=11227311&publisherId=141479&kv1=728X90&kv2=https://googleads.g.doubleclick.net/&kv3=5518dfe1-1dd1-4254-a829-cca3de3e247a&kv4=2a01:4a0:5a::&kv7=317&kv11=64493e5c5a5d96c58689d3905b5eab58&kv12=786654&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/112.0.5615.121%20Safari/537.36&kv24=Windows_Web HTTP 302
https://ipds.adrta.com/i?__x=NECJLJEIFDGEIBEBQFOGLNJGINHIKGNLFNMAGKMJLGHNOIGGLBHOMIOGJHGEHOKJGIQJLBILNGJJHKPKHHI@JHEMKFFMFPJMKHLKEJHBFMPHKGFNPHIJJAE@HBE&cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&paid=co&avid=65705&caid=339945&plid=11227311&publisherId=141479&kv1=728X90&kv2=https://googleads.g.doubleclick.net/&kv3=5518dfe1-1dd1-4254-a829-cca3de3e247a&kv4=2a01:4a0:5a::&kv7=317&kv11=64493e5c5a5d96c58689d3905b5eab58&kv12=786654&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/112.0.5615.121%20Safari/537.36&kv24=Windows_Web

93 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request r7r6LLpaxe Show response
r.mtdv.me/ 13 KB
3 KB 467ms
307ms Document
text/html 2606:4700:3037::6815:1208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.mtdv.me/r7r6LLpaxe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ad6c03a9c32765bc7b05ae5a61cc0c973a4e852b0b8fa4584cb0668f1f7b816

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7bdfbd5d1a3e03ac-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 26 Apr 2023 15:08:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ctfI%2FN7gQ%2BnpbbgR5xoaNC8AavCLp2UmoLvbI%2FFXSQDANBurEHcnULtf4aDGBldTH5eBxvFrR24pFfqvaBhKpMegIlGm8GGrofAm1C%2F4Cm%2FhIA1JhRLL22yQAWyIB5PJpAFY630ATXI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
79 KB 54ms
28ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

883e0a95a1e6ab17d0352f93b1bf1a5b4b582b8d2927286f2a0b5b0744ce8ad4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ 190 KB
29 KB 44ms
23ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://r.mtdv.me/
Origin: https://r.mtdv.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5466876
x-jsd-version: 5.2.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230090-FRA, cache-yyz4561-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"2f88b-Yz6bIW1g1A6raHMXUTTpNbVU+JE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0y7wegf1vGHPnPSMNUogdPAlCIScgTz6bl8BsETDXWNdS0rQut9FO%2FBYJvZWd6QNYQhE%2Bhq2Mn2rzSilF7omTSAv97IqaeOCaesJa%2B2zWzgS5JFitAWtcoDdy40JzquEZb6zCu28jbmRdEXlVI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7bdfbd5f3dcf91e9-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
47 KB 110ms
75ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4005810911916944

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f9de7118bcab5d51299bc7c10dbf1fbe7fcf4bb0cb10f21a9826288945abed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Origin: https://r.mtdv.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47383
x-xss-protection: 0
server: cafe
etag: 9984793373487426314
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/ 19 KB
8 KB 42ms
22ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://r.mtdv.me/
Origin: https://r.mtdv.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5466869
x-jsd-version: 2.11.5
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230111-FRA, cache-yyz4556-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"4d36-iXnFvLmVc4BctoOR4R3Y2/669h0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFtJmE0aXrGRYdlECErToQEHgdrTVC1dCAcmoGhsnwLZ1Wh2HC5u7ngOGzh52B2Iw8LNnwV77WOIZUbzXF5OzpWMUU4LGzqNu3C%2F2eikCIY2Nv%2Fy1lQVff0uRaZ%2FQgivLdlrTcghHCLll%2F7FdvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7bdfbd5f3dd291e9-FRA

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/ 59 KB
17 KB 63ms
42ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.min.js

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ce9de398de7e7ec63e836b70090643c7c5a3f29ea4a519a67defdd206c13ac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://r.mtdv.me/
Origin: https://r.mtdv.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5466868
x-jsd-version: 5.2.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230087-FRA, cache-yyz4564-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"eac8-9zZZhZYveAktjurKbWYz1vv3VYM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjpPAQcExeRdhw8UdQERJ9M1gy4FeR01QSUCEr46SgGsR8XFqiT2uTyxLHZCFw%2B8x58kjBD5GfOf4j6X7kdyf55PjKff1E1SvbXmm8jIit5RivR%2Fkiclz1F0v3toaWOYql%2BwfN9i7Rlt7W7A7ew%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7bdfbd5f3dd491e9-FRA

GET
H2 206 rick.mp4
cdn.mtdv.me/video/ 879 KB
0 54ms
29ms Media
video/mp4 2606:4700:3037::6815:1208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mtdv.me/video/rick.mp4
Requested by: Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://r.mtdv.me/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
cf-cache-status: HIT
last-modified: Fri, 31 Mar 2023 21:28:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1228
etag: "606d1ff258ea6956030689bba79d2a31"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ilSN%2B0079v6eOm03tH5g75n08dg%2B%2Fc8XUMzPMbXJES2rai6CMOCeTeKPn3Fsr1fLb%2BwFG2f6G2ShghHsmLL769CnlC3jgsO5dWGpZvRV597kkPWM5qOsu45zs3ReZa52L70vhOepL0FnmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
Content-Range: bytes 0-16724502/16724503
cache-control: max-age=14400
cf-ray: 7bdfbd5f6d6b03ac-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 16724503

GET
H2 200 blog-cover
r.mtdv.me/assets/ 373 B
514 B 57ms
55ms Image
image/svg+xml 2606:4700:3037::6815:1208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.mtdv.me/assets/blog-cover?color1=0165cf&color2=00000
Requested by: Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69a5300a4bcbb08c4c178cb2d67c39e5b027cde5615c9da3aa317ed153fe4e35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/r7r6LLpaxe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djH1eBkYFWxkcWL0bri%2BJo3aiDjkyxYKBVIg1h5akroqeLcSDXw3grd967VIwpdI65TXr4Wn%2BNNogYcv%2F2eh3WgOxaoANkLqod3POCStVwJJRHcfgoFXRckCxHYciVElveNs%2FaT3A%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml; charset=utf-8
cache-control: no-cache
cf-ray: 7bdfbd5f7d8c03ac-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 50ms
46ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WCKGFQR8X8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8dde3b6a0ba62d9ff9be3f33a7c385b520ead7fa0bc41834ba92a047098f5b04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79449
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 54ms
50ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z96VBEQQ7C&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

11a8454c7cfdeaecb348336bbabaf1db834252f8d6803deee3d1473890ebd870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79450
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 35ms
31ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F9NPV4G8YN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6cedf3959ae9573952bfa6940f89bf37dcdeba71bb9d2356a4739a4af4831d6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79449
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 36ms
32ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7JRQF757RS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f871ff584bf2989748db46cb7b0b9a2961e3f4013095e23d5677eb1f7458d254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79461
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 44ms
41ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NSWGD717C6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a4faef1ba54ead4bf203b0be7c0c8b2ad982c483d678d63c452408e92d036ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79446
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 72ms
69ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0JVRYDXEHV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a3f7998748e7c1c2158313fffc0045d7a334117c2cddbba6cf5d2e47e5ae662f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79448
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 26 Apr 2023 15:08:12 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 48ms
20ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-X2WNN9J8QN&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X2WNN9J8QN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304190101/ 354 KB
119 KB 99ms
70ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4005810911916944&plah=r.mtdv.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4005810911916944

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d4b155ef3b2ea4fbedb7cef099d1260357f2a5f6f3837ae79839288571acb9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121815
x-xss-protection: 0
server: cafe
etag: 14340731889085735601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230420/r20190131/ Frame 121B 10 KB
5 KB 41ms
10ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230420/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4005810911916944

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 04:43:33 GMT
etag: 2378337311435320485
expires: Wed, 10 May 2023 04:43:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 16ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-F9NPV4G8YN&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F9NPV4G8YN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 16ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7JRQF757RS&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7JRQF757RS&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 16ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-WCKGFQR8X8&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WCKGFQR8X8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 16ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-NSWGD717C6&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NSWGD717C6&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 16ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z96VBEQQ7C&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z96VBEQQ7C&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 16ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0JVRYDXEHV&gtm=45je34j0&_p=2020057171&cid=486393071.1682521692&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682521692&sct=1&seg=0&dl=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&dt=XDR%20Threat%20Landscape%20Talking%20Points&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0JVRYDXEHV&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.mtdv.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 381 B
597 B 41ms
15ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=r.mtdv.me&callback=_gfp_s_&client=ca-pub-4005810911916944

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4005810911916944&plah=r.mtdv.me

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50c714fa9f1e281b3914b9ff966ce5988f717a43c0be93122f7786d705e3e3ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 245
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 47ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=r.mtdv.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 57ms
18ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=r.mtdv.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3C77 1 KB
552 B 194ms
192ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&adk=1812271804&adf=3025194257&lmt=1682521692&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x540_l%7C308x540_r&format=0x0&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692204&bpp=5&bdt=200&idt=266&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5017082333712&frm=20&pv=2&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=289

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ba6681dadb80edb1f0b7a754743085166d88725c8ec9d879fb86fc4116610f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 352
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:12 GMT
expires: Wed, 26 Apr 2023 15:08:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BCC4 29 KB
11 KB 352ms
351ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=90&slotname=7826328599&adk=347962083&adf=845057202&pi=t.ma~as.7826328599&w=864&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=12&format=864x90&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rh=90&rw=864&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692209&bpp=2&bdt=206&idt=289&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=368&ady=1045&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=fc66QYkJCv&p=https%3A//r.mtdv.me&dtd=295

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fbd39ab4e18466625476d2b18080d4a93774120cf0000c6af69c072263b9678b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10904
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:12 GMT
expires: Wed, 26 Apr 2023 15:08:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 29CF 23 KB
10 KB 214ms
213ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=280&slotname=1970650422&adk=3555021432&adf=820553741&pi=t.ma~as.1970650422&w=1200&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=1&format=1200x280&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692211&bpp=1&bdt=207&idt=295&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C864x90&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=FCWtbrzp05&p=https%3A//r.mtdv.me&dtd=298

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3e200888c131c3a4c90d49c1969480de5bf48ead063daf8edf6490218d24149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10158
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:12 GMT
expires: Wed, 26 Apr 2023 15:08:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame 29CF 3 KB
1 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=280&slotname=1970650422&adk=3555021432&adf=820553741&pi=t.ma~as.1970650422&w=1200&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=1&format=1200x280&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692211&bpp=1&bdt=207&idt=295&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C864x90&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=FCWtbrzp05&p=https%3A//r.mtdv.me&dtd=298

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 14:12:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 May 2023 14:12:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame 29CF 19 KB
8 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 12:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 May 2023 12:11:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 29CF 158 KB
49 KB 64ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 29CF 0
0 59ms
55ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cx8paXD5JZKm6IIbNzAb7pYbgDsme0rFcxbKY93DAjbcBEAEgAGCVqp-CsAeCARdjYS1wdWItNDAwNTgxMDkxMTkxNjk0NMgBCakCdrW9c4KIsj6oAwGqBMQBT9C6A4m2OE2v0AXGWUvQkfL_kOUURRP8sfuhPoYdvuXcwtXp-BB0BQwr544xwrvju9yee8NaVWnJLuDcVIW446aTBVfamj7cKhzMpPgiEXPXlmfwrmLeaqbxWi4YBbb0bc3e6il61c_SL9WPjJhIvWKTKJ345Y5FymKRgnpBQYW-URaV2L-9Y2DLYFqyFkzLLrESKnzwJhX2rEj7r4REkZNtJ8nt3RR8vHBTuO8h7-BHlCXH3T88tCl3Wf_U5LPNSinVBoAGsJqfnOuR9LezAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDAwNTgxMDkxMTkxNjk0NBgA&sigh=HmCV5ABwCR8&uach_m=[UACH]&cid=CAQSGwBygQiD6I-s78NamdaNqAaJwX6rvE6HSGZ0rRgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=280&slotname=1970650422&adk=3555021432&adf=820553741&pi=t.ma~as.1970650422&w=1200&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=1&format=1200x280&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692211&bpp=1&bdt=207&idt=295&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C864x90&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=FCWtbrzp05&p=https%3A//r.mtdv.me&dtd=298
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 15:08:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 29CF 0
0 113ms
22ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kLKVEMz6RLAJmAKdg2ICAgAAAI3q_f8N7VbzEFw-SWTD3w7J-6Aw_geNAAASAAAKCkFRVUREd0VCRHc&wp=ZEk-XAAIHSkK0yaGAAGS-yKegLCpkaVhVaqkcQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 172866
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame BC32 197 KB
59 KB 297ms
99ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIHSkK0yaGAAGS-yKegLCpkaVhVaqkcQ&u=%7Cc8FNXLqlHdINiXTDe68vK%2Bk4llqYLKRLFiKz06dSBqg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi63Qge4QeWiL81fymOOh_Qx8jQkAlFhxD5tTIzI0xtD75fMV322SSJQZnG9Dygjvgp63V9Lrj9o70UL65XFUpJqFjHkezgV8rmn7v08GwmArLifwoYYANKQ__TUCAqbZNSuKiLxiNznief2w7TcQC-tvp5euc9vyLzMAaf91RX0AWtk2nbbgUx-7bbEYb7aMdNkwyrV1qrhRSrRD2cG11yp4dap5ngKFx9hAcyTob573-Pkh9Zkg6XSoEccRilRG9bk0sZ3L1Y_p14qEVwlPpa_XzyT_OwOHgqbwZMJwrWyv3GUgv4_OKwrm3CHSFqKZpNF7BzcZ98JoPCB91oc-3INeR3-a_4YQGQgEbFkjK32RpkuFoRTbjYIO3MF18dZ75qwnf4742aFI5BPoqYMHoWTvOc_SUCrSzA-fivk8t-zVWzGhZMOyQdCalEDXvrK7TOH_Srif0XedVx8ffQt0VX9jl37_G0oC9RDBbVrFgkhxC7jLSVmfv1GjI3Hx8uweStlmxHW__3pVsMDsugiSN5nMkdwy4isPFTriYzR3OLtv5&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7sdeXD5JZKm6IIbNzAb7pYbgDsme0rFcxbKY93DAjbcBEAEgAGCVqp-CsAeCARdjYS1wdWItNDAwNTgxMDkxMTkxNjk0NMgBCakCdrW9c4KIsj6oAwGqBMcBT9C6A4m2OE2v0AXGWUvQkfL_kOUURRP8sfuhPoYdvuXcwtXp-BB0BQwr544xwrvju9yee8NaVWnJLuDcVIW446aTBVfamj7cKhzMpPgiEXPXlmfwrmLeaqbxWi4YBbb0bc3e6il61c_SL9WPjJhIvWKTKJ345Y5FymKRgnpBQYW-URaV2L-9Y2DLYFqyFkzLLrESKnzwJhX2rEj7r4QGk7L_oEZxzqvgqNODhUnZ5vRNIi_pxb2IfBTRq0DKyKtI4K3Gue9bdoAGsJqfnOuR9LezAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2h83qkLJ2AUOefjBlqth7DrE4WoQ%26client%3Dca-pub-4005810911916944%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

56499c6d406ec6413126c2f7160ad4bb14dff0b3a3fd8e249c304660d2da53ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:12 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=Jqpe83drZzdHrKfak1jDu8NxWNK826ESYVowtslr0RNdULx0TnKUnF8Vg4nJ_a_hY17KN1PJqwAej4J7sobMJDnutPJ5h9UdI9TIWLC1s1d6ggeFJJJnNBZd-U0d7RhjXDpI4gVnoqXnWJfZAsR0SRMdZu-GDGG6dZRSFGpqUltlhJUhqEjhjNMFDDysCvnmsOItB_VVOHiEvq7n4-S2q7RpMUyI3NFgkd61wckubB1aHVz2lT04asQAQIET_-C_-6PJqw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 75130564
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 29CF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebaa196d0b2937da4ea3208c8a1c3bf69191dc7299812bee5f89ba96cd5cc33e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9D55 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNnpCXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS1AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QAvq_W57QYBkhTR-KzTvj5ID3uHlf-d-rNMEIQXel4BVpgN3f8yiABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQwMDU4MTA5MTE5MTY5NDQYAA&sigh=LV3WLg_k2mI&uach_m=[UACH]&cid=CAQSGwBygQiDF-N4nJhdMiiNLr9HrNcwX3JpCoLcPhgB

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=90&slotname=7826328599&adk=347962083&adf=845057202&pi=t.ma~as.7826328599&w=864&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=12&format=864x90&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rh=90&rw=864&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692209&bpp=2&bdt=206&idt=289&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=368&ady=1045&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=fc66QYkJCv&p=https%3A//r.mtdv.me&dtd=295
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 26 Apr 2023 15:08:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 9D55 0
0 23ms
22ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kOnfFN6BMNgFWp2DYgICAAAAM1cwk1FQ_mEQXD5JZOMPP8BG_f5MqPEAABIAAAoKQVFVQkR3RUJEdw&wp=ZEk-XAAIsSYBy4MDAAtA-C5JKtSO_TCyZ4BoRw

Requested by

Host: r.mtdv.me
URL: https://r.mtdv.me/r7r6LLpaxe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 190526
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9B79 51 KB
20 KB 86ms
23ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIsSYBy4MDAAtA-C5JKtSO_TCyZ4BoRw&u=%7Cc8FNXLqlHdLfVToUwPuE9G8bDeWhK9Ldv6ASeASgLZY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyE6SO8U8aAVVklOcJqeX2W57tpCZzXLeFkq1vxC4FyhRWV_4VVTxgRC3yqknT36nqu48LbqI0mz8VUI44UmEl5uhKveVva-KU6CJ117eFF0n90UKsRe-lJgld9BPJNBXYY4aXl20aFvuch2f968xQY35tNcGb3_dhaMB45cCx1JmxHtxZ2upadTu0JvaRhhI1LYKzCe2GZ4AJyHZLUlEyEfFxnXTQqW-VS0TaTufGgY6AF95_LVftjowMqlYr6Z8xgPMaurNFdBNC7dAxAnOL3HBFrOdFBiWZCt7RQouRHSFhQmWOkNyBKpbXtQGST_Ex6auv9-WUVEiTBQmtGdtqFrRZ6JDVljeuLffuoA3ZJCHhurCuIzjLtpb7-pwl_5kaxXxLDKyvbwrFQ7GJZ2JhuBmG3Y3FkOVz3L2hQbidqDrm3mUDbod3IUZob9bXuBU6IoF6ugi7YnclkBRaozwQljeJI7yW3ba2L4O2lNYbnoaVrnhrzPy8AasZCV18kQotioaMropaZ5XIcKhi2MSymoy81zAA2UXeNAYFW-Pk0NGgUGOr42AUl6UKxylp75qPrWzpivINXtuMpfukEJN1Z-JciwjlsdsC2AHyLNThV-a&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCys2pXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS4AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QQPieyRlf_Aqe0QspHQZFHInjss9V18cpgAk154Ua_jlxBXdb4Jf09MGABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0EwyfMwHFJQaw3GxJEakuEpLEvmg%26client%3Dca-pub-4005810911916944%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=90&slotname=7826328599&adk=347962083&adf=845057202&pi=t.ma~as.7826328599&w=864&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=12&format=864x90&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rh=90&rw=864&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692209&bpp=2&bdt=206&idt=289&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=368&ady=1045&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=fc66QYkJCv&p=https%3A//r.mtdv.me&dtd=295

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f0cb7c74530618b52b60bd66510f4d94de505c38f6fb44467dac39aea000b442

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:12 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=gIxWindrZzdHrKfaO3_CYk68deUywkV9KNi-6uGoOeGf3s5X13JFKPv3FYLGwZYTtNC0HyXZDB89A5F7bv_IoJOiEdq9GsLD0p6HcGqFGpejyXWjYijUs7cP-_OAro5vDoswTBS9bCR-NLcvJBpql40tZgYLnja347RrrbIr_VNeQziatnpZ0lYpiQFhdcSspKWAxfztr-Vjbl_sLDbNiUCt1ARcNurAZnsLQAySifvBGj4SFVcXC6yhfdA3eKyVw6yzxQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3507092
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame 9D55 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 14:12:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 May 2023 14:12:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/ Frame 9D55 19 KB
8 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230420/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 12:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11444945707709536616
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 May 2023 12:11:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D55 158 KB
48 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49532
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1682335668691775"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:08:12 GMT

GET
DATA 200
OK truncated
/ Frame 9D55 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b7379965eafa80c98ca184ca835964285bc94697edf65751442663efd428723

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9B79 2 KB
1 KB 55ms
16ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIsSYBy4MDAAtA-C5JKtSO_TCyZ4BoRw&u=%7Cc8FNXLqlHdLfVToUwPuE9G8bDeWhK9Ldv6ASeASgLZY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyE6SO8U8aAVVklOcJqeX2W57tpCZzXLeFkq1vxC4FyhRWV_4VVTxgRC3yqknT36nqu48LbqI0mz8VUI44UmEl5uhKveVva-KU6CJ117eFF0n90UKsRe-lJgld9BPJNBXYY4aXl20aFvuch2f968xQY35tNcGb3_dhaMB45cCx1JmxHtxZ2upadTu0JvaRhhI1LYKzCe2GZ4AJyHZLUlEyEfFxnXTQqW-VS0TaTufGgY6AF95_LVftjowMqlYr6Z8xgPMaurNFdBNC7dAxAnOL3HBFrOdFBiWZCt7RQouRHSFhQmWOkNyBKpbXtQGST_Ex6auv9-WUVEiTBQmtGdtqFrRZ6JDVljeuLffuoA3ZJCHhurCuIzjLtpb7-pwl_5kaxXxLDKyvbwrFQ7GJZ2JhuBmG3Y3FkOVz3L2hQbidqDrm3mUDbod3IUZob9bXuBU6IoF6ugi7YnclkBRaozwQljeJI7yW3ba2L4O2lNYbnoaVrnhrzPy8AasZCV18kQotioaMropaZ5XIcKhi2MSymoy81zAA2UXeNAYFW-Pk0NGgUGOr42AUl6UKxylp75qPrWzpivINXtuMpfukEJN1Z-JciwjlsdsC2AHyLNThV-a&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCys2pXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS4AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QQPieyRlf_Aqe0QspHQZFHInjss9V18cpgAk154Ua_jlxBXdb4Jf09MGABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0EwyfMwHFJQaw3GxJEakuEpLEvmg%26client%3Dca-pub-4005810911916944%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9B79 2 KB
1 KB 84ms
45ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9B79 308 B
636 B 83ms
44ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9B79 293 B
621 B 80ms
42ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 9B79 43 B
348 B 112ms
24ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=xxlwBNZke_rnEA2egG17eTgCiFII39MzeVyjdrof-pATwGz4dbtXo1bZvjd1ySlkBEuN2ahQoMRW5UHc7Nnhql8m_LgPHYfROSxtJMrnZ9I3y0pEUY4VtJawmSbpijxJbWkSiiYjXqQVL0rw-BwAAkMepWPiRz33VCyQ4T5QVVEqTV5mDEll5lXPijCb1LD3D8fVfY9wbK3nAMudT4WxgIZi_fWzjUBgaML3cS6SOobIXL8lItmHJZC9WmkbGY8gCWjyBOVTg7ss7eeWD0N9dBO1_69C0_wXRMQq3-viW94qGuG4wmx6-LOwV9o9kK9h9MAC86YcLRnPqzjVNSHPRRM4OCpqbWo0Ci1WYC7jWkEazUH4KTTMii-eYupedSaVvmuPAciZBNXqZaBzzPHres-fML4W60AhIU_Da_O-LiJZtSnt

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1763297
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i
ipds.adrta.com/ Frame 9B79
Redirect Chain

https://adrta.com/i?cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&paid=co&avid=65705&caid=339945&plid=11227311&publisherId=141479&kv1=728X90&kv2=https://googleads.g.doubleclick.net/&kv3=5518dfe1-1dd1...
https://ipds.adrta.com/i?__x=NECJLJEIFDGEIBEBQFOGLNJGINHIKGNLFNMAGKMJLGHNOIGGLBHOMIOGJHGEHOKJGIQJLBILNGJJHKPKHHI@JHEMKFFMFPJMKHLKEJHBFMPHKGFNPHIJJAE@HBE&cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&...

43 B
182 B

119ms
95ms

Image
image/gif

50.19.126.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipds.adrta.com/i?__x=NECJLJEIFDGEIBEBQFOGLNJGINHIKGNLFNMAGKMJLGHNOIGGLBHOMIOGJHGEHOKJGIQJLBILNGJJHKPKHHI@JHEMKFFMFPJMKHLKEJHBFMPHKGFNPHIJJAE@HBE&cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&paid=co&avid=65705&caid=339945&plid=11227311&publisherId=141479&kv1=728X90&kv2=https://googleads.g.doubleclick.net/&kv3=5518dfe1-1dd1-4254-a829-cca3de3e247a&kv4=2a01:4a0:5a::&kv7=317&kv11=64493e5c5a5d96c58689d3905b5eab58&kv12=786654&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/112.0.5615.121%20Safari/537.36&kv24=Windows_Web
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIsSYBy4MDAAtA-C5JKtSO_TCyZ4BoRw&u=%7Cc8FNXLqlHdLfVToUwPuE9G8bDeWhK9Ldv6ASeASgLZY%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyE6SO8U8aAVVklOcJqeX2W57tpCZzXLeFkq1vxC4FyhRWV_4VVTxgRC3yqknT36nqu48LbqI0mz8VUI44UmEl5uhKveVva-KU6CJ117eFF0n90UKsRe-lJgld9BPJNBXYY4aXl20aFvuch2f968xQY35tNcGb3_dhaMB45cCx1JmxHtxZ2upadTu0JvaRhhI1LYKzCe2GZ4AJyHZLUlEyEfFxnXTQqW-VS0TaTufGgY6AF95_LVftjowMqlYr6Z8xgPMaurNFdBNC7dAxAnOL3HBFrOdFBiWZCt7RQouRHSFhQmWOkNyBKpbXtQGST_Ex6auv9-WUVEiTBQmtGdtqFrRZ6JDVljeuLffuoA3ZJCHhurCuIzjLtpb7-pwl_5kaxXxLDKyvbwrFQ7GJZ2JhuBmG3Y3FkOVz3L2hQbidqDrm3mUDbod3IUZob9bXuBU6IoF6ugi7YnclkBRaozwQljeJI7yW3ba2L4O2lNYbnoaVrnhrzPy8AasZCV18kQotioaMropaZ5XIcKhi2MSymoy81zAA2UXeNAYFW-Pk0NGgUGOr42AUl6UKxylp75qPrWzpivINXtuMpfukEJN1Z-JciwjlsdsC2AHyLNThV-a&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCys2pXD5JZKbiIoOGrr4P-IGtoAbJntKxXNWdkfdwwI23ARABIABglaqfgrAHggEXY2EtcHViLTQwMDU4MTA5MTE5MTY5NDTIAQmpAna1vXOCiLI-qAMBqgS4AU_QUckRrjVdB_cVqp_20of-tFY5ladEivq3RtdSbWrFqHfVXnWIn5jlrsTax82IOtoU9J-l-DB33SCKRdtlrwerhgc6Wi0UHfAhYChggqY0D7kveApnkc5jwhjMYnkjXhm5188Rmi57xjIX7emwPTXWcwO-Ng6YGqNpZdJvCes67Pa9YniRFsxGp1QBDi0QQPieyRlf_Aqe0QspHQZFHInjss9V18cpgAk154Ua_jlxBXdb4Jf09MGABpuwitK0wJLFogGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0EwyfMwHFJQaw3GxJEakuEpLEvmg%26client%3Dca-pub-4005810911916944%26adurl%3D
Protocol: H2
Server: 50.19.126.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-126-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 26 Apr 2023 15:08:13 GMT
cache-control: no-cache
server: nginx
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://ipds.adrta.com/i?__x=NECJLJEIFDGEIBEBQFOGLNJGINHIKGNLFNMAGKMJLGHNOIGGLBHOMIOGJHGEHOKJGIQJLBILNGJJHKPKHHI@JHEMKFFMFPJMKHLKEJHBFMPHKGFNPHIJJAE@HBE&cb=64493e5c5a5d96c58689d3905b5eab58&clid=co&paid=co&avid=65705&caid=339945&plid=11227311&publisherId=141479&kv1=728X90&kv2=https://googleads.g.doubleclick.net/&kv3=5518dfe1-1dd1-4254-a829-cca3de3e247a&kv4=2a01:4a0:5a::&kv7=317&kv11=64493e5c5a5d96c58689d3905b5eab58&kv12=786654&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/112.0.5615.121%20Safari/537.36&kv24=Windows_Web
date: Wed, 26 Apr 2023 15:08:13 GMT
server: nginx
content-length: 0

GET
H2 200 eaaaba265b8644639dd516f73cd9af29_image_ad_728x90.png
static.criteo.net/design/dt/70777/221011/ Frame 9B79 34 KB
34 KB 72ms
35ms Image
image/png 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/70777/221011/eaaaba265b8644639dd516f73cd9af29_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8601f3abb11959a638ddc95fa4ac63b6bcdbcf0c293c9bc16a7b576c4e3fd543

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Oct 2022 14:06:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6345785d-87c6"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 34758
expires: Sat, 20 Apr 2024 15:08:13 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9B79 0
128 B 83ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=gIxWindrZzdHrKfaO3_CYk68deUywkV9KNi-6uGoOeGf3s5X13JFKPv3FYLGwZYTtNC0HyXZDB89A5F7bv_IoJOiEdq9GsLD0p6HcGqFGpejyXWjYijUs7cP-_OAro5vDoswTBS9bCR-NLcvJBpql40tZgYLnja347RrrbIr_VNeQziatnpZ0lYpiQFhdcSspKWAxfztr-Vjbl_sLDbNiUCt1ARcNurAZnsLQAySifvBGj4SFVcXC6yhfdA3eKyVw6yzxQ&sds=2&rev=85950&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9B79 2 KB
1 KB 60ms
43ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9B79 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame BC32 2 KB
1 KB 30ms
20ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZEk-XAAIHSkK0yaGAAGS-yKegLCpkaVhVaqkcQ&u=%7Cc8FNXLqlHdINiXTDe68vK%2Bk4llqYLKRLFiKz06dSBqg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi63Qge4QeWiL81fymOOh_Qx8jQkAlFhxD5tTIzI0xtD75fMV322SSJQZnG9Dygjvgp63V9Lrj9o70UL65XFUpJqFjHkezgV8rmn7v08GwmArLifwoYYANKQ__TUCAqbZNSuKiLxiNznief2w7TcQC-tvp5euc9vyLzMAaf91RX0AWtk2nbbgUx-7bbEYb7aMdNkwyrV1qrhRSrRD2cG11yp4dap5ngKFx9hAcyTob573-Pkh9Zkg6XSoEccRilRG9bk0sZ3L1Y_p14qEVwlPpa_XzyT_OwOHgqbwZMJwrWyv3GUgv4_OKwrm3CHSFqKZpNF7BzcZ98JoPCB91oc-3INeR3-a_4YQGQgEbFkjK32RpkuFoRTbjYIO3MF18dZ75qwnf4742aFI5BPoqYMHoWTvOc_SUCrSzA-fivk8t-zVWzGhZMOyQdCalEDXvrK7TOH_Srif0XedVx8ffQt0VX9jl37_G0oC9RDBbVrFgkhxC7jLSVmfv1GjI3Hx8uweStlmxHW__3pVsMDsugiSN5nMkdwy4isPFTriYzR3OLtv5&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7sdeXD5JZKm6IIbNzAb7pYbgDsme0rFcxbKY93DAjbcBEAEgAGCVqp-CsAeCARdjYS1wdWItNDAwNTgxMDkxMTkxNjk0NMgBCakCdrW9c4KIsj6oAwGqBMcBT9C6A4m2OE2v0AXGWUvQkfL_kOUURRP8sfuhPoYdvuXcwtXp-BB0BQwr544xwrvju9yee8NaVWnJLuDcVIW446aTBVfamj7cKhzMpPgiEXPXlmfwrmLeaqbxWi4YBbb0bc3e6il61c_SL9WPjJhIvWKTKJ345Y5FymKRgnpBQYW-URaV2L-9Y2DLYFqyFkzLLrESKnzwJhX2rEj7r4QGk7L_oEZxzqvgqNODhUnZ5vRNIi_pxb2IfBTRq0DKyKtI4K3Gue9bdoAGsJqfnOuR9LezAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2h83qkLJ2AUOefjBlqth7DrE4WoQ%26client%3Dca-pub-4005810911916944%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame BC32 2 KB
1 KB 28ms
18ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame BC32 308 B
636 B 26ms
19ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame BC32 293 B
621 B 27ms
20ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame BC32 43 B
347 B 31ms
24ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=xu44gQppRPGR_vd8Azq2od9jglnaAQOrF0Y2d-oBA9Eeago8yH9PuTynlHY3zHybawGrLHhsGaR4QkW1RPL9CBza35esKt528GAyzzoCDX40sY3yK4m8FiVFBrIPPMpqq_Q5UfpKkz7lKSwUbBlXJMmbDPXG6vH7g42w3U-aQnslPrTrP7g4LiAAaRWNfIGBAIpB5WTd86t9uHFYZw5U55P6ZXzQZV930rZunaVpupI_5kUpMqsozoGbLy8gw32tJ80rBgPKY3b2dnpG1o6U2VJ7P7b9sRA4J7DMHYrT6-PO3FXVwwHpeZ1DbL4tZ-nJWktjN8N8eHh40GAqVMV-lDms5t_twdmfkF2FhOrJ3adfaJ9KdZq8FowgoKaW0NuQ9IERkYlJ3d54mKXbNzqGfde5tY0FrW76yeXnyt5ivV6SWpXI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1808468
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame BC32 43 B
1 KB 102ms
17ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=15&extPu=13929-criteo&extLi=264882&consent_string=&iab=1&rnd=64493e5c5450e7ccfbd01ace46e3daf8

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Wed, 26 Apr 2023 15:08:12 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mi, 26 Apr 2023 03:08:13 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://ads.eu.criteo.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1051
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame BC32 12 KB
5 KB 45ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 509956
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NtbE7y%2BypmAtjlPuMx6W%2BgA%2BkmrSbKKpik%2F%2FPpWMvscounjqm2QTyOJRz3zRktowImvMnCDxe2JjsiXFKL3cKeo3JpUZp4rZbnGPaKKkoj%2BhJ5PMvETg05pqrH5ulzuhTGVI3fhL2uwlO98VDQGWMh4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bdfbd65c86430f6-FRA
expires: Mon, 15 Apr 2024 15:08:13 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame BC32 12 KB
6 KB 24ms
22ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 9 KB
9 KB 104ms
26ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=8721&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F8721%2F151110%2Ff72c9b427a974b29a26231c07646f1bb_breuninger_de_all.png&v=3&w=196&s=Qk29_Xqno-XIzcTn3HX8hVxe

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

601a3a7fbb71568a8bcbcf149c30f7ac5d627c9232eabb0543786b3460d3ce00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
content-length: 9413
expires: Sat, 30 Mar 2024 12:35:49 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 2 KB
2 KB 99ms
21ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F12%2F100141065117000_0_1670577312622.jpg&v=3&w=400&s=2XHR00IE3pglkHRo8o-MG-1a&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2c19dceb44773ef9a325e49f232d340c5af667a1275936719e72d2cee0e6f728

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 2272
expires: Thu, 20 Jul 2023 17:03:53 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 13 KB
13 KB 125ms
47ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F3%2F100141656117000_0_1678788098179.jpg&v=3&w=400&s=NOQPnyGa1UdFgVqApwvTtqTB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2519659f7e937e24dd172c11aa55ba4ec5d9716376008df057cec44d527b5138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 13470
expires: Thu, 20 Jul 2023 12:15:49 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 17 KB
17 KB 133ms
55ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F11%2F100141840417000_0_1669113506030.jpg&v=3&w=400&s=N43xS0bk6hlf0Z2tK69ewPQX&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c2d0f33cef4a13ba60d16524a5bfe793f9be391193eeed3bfc8eaee28f90a8d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 17140
expires: Thu, 20 Jul 2023 01:29:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 18 KB
18 KB 146ms
68ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F12%2F100138489619000_0_1669984282954.jpg&v=3&w=400&s=Vrd-m1YvnuLqx8BTgmq9rUdP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f409bf74991df5b1908d9aeb310109e25b7050f987b27210b52ad0c9ef5b712e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 18058
expires: Wed, 19 Jul 2023 20:42:52 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 9 KB
10 KB 141ms
63ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F2%2F100141066217001_0_1676466952565.jpg&v=3&w=400&s=JDyXLGYJIfVPo4DDNwVGYKFU&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7976ec1c69c3c12eb249bea249b4806d559244dc1d8b256d01116dfc5d654476

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 9640
expires: Thu, 20 Jul 2023 16:36:08 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 3 KB
3 KB 51ms
50ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F7%2F100065688614001_0_1658048552767.jpg&v=3&w=400&s=-Xk7J4_JGpKJO_TPF-uaES8e&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a82985601ab0a9179fa93ca51d4fed1596fe4fdee98c474cfbc4605041b347c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 2994
expires: Wed, 19 Jul 2023 15:22:34 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 15 KB
15 KB 65ms
64ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F3%2F100141466313000_0_1679051061247.jpg&v=3&w=400&s=evXegh5VJhZ-Nq6c-mphl7AZ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2e297b1ec58bbfea4ad016d50c1a674e8dc18775b7dfad2d32b7629666b008b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 15636
expires: Tue, 04 Jul 2023 15:17:00 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 1 KB
1 KB 66ms
65ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F4%2F100140535911000_0_1680589840501.jpg&v=3&w=400&s=-cWAmz2OYWAyksComYeDyOoM&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

34087f3d952d32b3f6766df1dc3335a70a00282f532ce831d56c7b9ff18f86c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 1198
expires: Wed, 05 Jul 2023 16:07:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 11 KB
11 KB 56ms
54ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F1%2F100141935311000_0_1673348418306.jpg&v=3&w=400&s=mtndCOttBNhSdKcJHlmkry-s&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9f6f628bf54394a9d6a725da164cfb84ae10d83bf9099fb497a8ec67346e3fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 11174
expires: Thu, 20 Jul 2023 05:19:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 25 KB
26 KB 72ms
71ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F1%2F100143588617000_0_1675078389919.jpg&v=3&w=400&s=xFiJ_ZaLlRK64dvGlFBefudx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7673f9b474ba8a6b6336219175f3b24ce629f8e165748c9c477ca5a57fbf11c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 26050
expires: Wed, 05 Jul 2023 08:03:47 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 5 KB
5 KB 63ms
62ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F2%2F100119044618701_0_1677073525479.jpg&v=3&w=400&s=Iru0J41ufe_EZtm4u1FrEhgE&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fe704d595f59c8197d8a2fad4db3241827afb5a9b52fbc8e155e4825f936c20b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 5008
expires: Fri, 21 Jul 2023 09:36:14 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 3 KB
3 KB 71ms
70ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F7%2F100120021413000_0_1657610953727.jpg&v=3&w=400&s=cpS36O3KTPfjceDvr7vEnJii&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

dde9943b20a712edfe9ac747dc27d79652db0366bfea40c77cb1712836fd10c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 2884
expires: Fri, 14 Jul 2023 22:22:29 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 20 KB
20 KB 73ms
72ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F12%2F100140877916000_0_1670401641381.jpg&v=3&w=400&s=3mttOp7vQCJYcuRXp7NWJYMs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2c693308b095c76bf7bd717db78d32ff555408eadce0786bad3176dd172967f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 20472
expires: Thu, 20 Jul 2023 05:27:22 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 4 KB
4 KB 73ms
72ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F23%2F4%2F100140511119000_0_1681198245304.jpg&v=3&w=400&s=TxxqAnQB5xhoH6TGvVu3aMXb&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

49f87b158ba76bca756e0d6255c8e102347d0f6580b8f81edabd207dcfd2b169

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 3884
expires: Mon, 10 Jul 2023 22:44:50 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame BC32 8 KB
9 KB 66ms
65ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=8721&q=80&r=0&u=https%3A%2F%2Fcms.brnstc.de%2Fproduct_images%2F1122x1536_retina%2Fcpro%2Fmedia%2Fimages%2Fproduct%2F22%2F6%2F100107620713000_0_1655322995219.jpg&v=3&w=400&s=43efjKvWTY4nO2wfGSiVZ5p9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

239a32c5ccde89958a10cae32a0e16ab5f8c47ac4bed177a57ec0292d393a94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=7776000
content-length: 8678
expires: Thu, 13 Jul 2023 16:16:27 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BC32 0
127 B 14ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=Jqpe83drZzdHrKfak1jDu8NxWNK826ESYVowtslr0RNdULx0TnKUnF8Vg4nJ_a_hY17KN1PJqwAej4J7sobMJDnutPJ5h9UdI9TIWLC1s1d6ggeFJJJnNBZd-U0d7RhjXDpI4gVnoqXnWJfZAsR0SRMdZu-GDGG6dZRSFGpqUltlhJUhqEjhjNMFDDysCvnmsOItB_VVOHiEvq7n4-S2q7RpMUyI3NFgkd61wckubB1aHVz2lT04asQAQIET_-C_-6PJqw&sds=2&rev=85950&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 15:08:12 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame BC32 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame BC32 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 sourcesanspro-400.css
static.criteo.net/design/googlefont/sourcesanspro/ Frame BC32 2 KB
854 B 18ms
17ms Stylesheet
text/css 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

edb79682e63246515260549ce35ef25b28017be72a0f1f7701eff54b6cc54f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:17:04 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f1e0-8a8"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 sourcesanspro-700.css
static.criteo.net/design/googlefont/sourcesanspro/ Frame BC32 2 KB
854 B 17ms
16ms Stylesheet
text/css 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

50d455c07f26ae94481e9cb2dd5129a6d0127a650d4e3609370d247b53e4f814

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:17:06 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f1e2-8a8"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 sourcesanspro-400-latin.woff2
static.criteo.net/design/googlefont/sourcesanspro/ Frame BC32 13 KB
13 KB 66ms
33ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d51105af85114f8e1637892f3971892eeaff4acb5d8ce2cbeb0eae526c1a1372

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:17:03 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f1df-32ec"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 sourcesanspro-700-latin.woff2
static.criteo.net/design/googlefont/sourcesanspro/ Frame BC32 13 KB
13 KB 26ms
25ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

43e7c5032ef551716251cd76d2d271ff8a66bda855fbf366d176e1629f33f8e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/sourcesanspro/sourcesanspro-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:17:05 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f1e1-327c"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 20 Apr 2024 15:08:13 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 64ms
63ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230420&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2abdb5b36aabd599af47fb4212543cc39021f6f0538f6b0515cd1956cfcb3512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11089
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Apr 2023 15:08:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7F56 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 14:56:02 GMT
expires: Thu, 25 Apr 2024 14:56:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3C32 783 B
1 KB 47ms
23ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

54783adc76ba6592dcee43cd10a9bf467c845f1f873d1b33e3197ada45ff3b12

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zMXIrdnOV4WjK_yo6k1xlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://r.mtdv.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-zMXIrdnOV4WjK_yo6k1xlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:08:13 GMT
expires: Wed, 26 Apr 2023 15:08:13 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 281 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 949aeae32555f7b3778cc85d65c4bf7b0135edd78f70bfb791efe6932276337d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 BnousL5ILBVKPox_BhCtx9cLC8w-HAhp3a1hPLgmzAw.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F56 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BnousL5ILBVKPox_BhCtx9cLC8w-HAhp3a1hPLgmzAw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

067a2eb0be482c154a3e8c7f0610adc7d70b0bcc3e1c0869ddad613cb826cc0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 07:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14156
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Apr 2024 07:27:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3C32 0
0 42ms
42ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230420&jk=304144206133442&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7F56 0
10 B 11ms
11ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ge2Ajg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 15:08:13 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9D55 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst-Qj-iUT9bjXoa0Q4Hb9zbWeILMWc6PWT76_pCkFDz9NAvpsUhmkPJIf80DG_-YP-bwJTDyUMdFF4ng13CeI6E85Y&sig=Cg0ArKJSzFpfndUCIoAzEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230424&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=347962083&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1682521692869&rpt=73&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Apr 2023 15:08:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9B79 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 15:08:13 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
45ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230420&jk=304144206133442&bg=!LyylLHjNAAYfNdXmPzU7ADkAdvg8WjlxCG_cmz1JD-B6J0fXdL8eLHjy90qGjlENogJtuXutdnKgiYUO9RU9D38kF10Eo_DexKkCAAAAaFIAAAACaAEHmQLOin7pr8h2avqo7rRgDcdGUWjm1LHBtsGdDpwgG10ajaNvfxEegiqdQMMdiemijrCeu6NOLHaK5NEbJ5d7Z-StJmFjYQvdwS7tNItjJFxiyyBqy0NsC6ABhLBHiQsAvubSqB6rkoaaDSHYmO-WpGV8_gf8uio3RvTigTRcfC6myuNSg61lbK3o6hI3aZa9fUNTnnoaxw4cOl7JLn7hqh8UMvPAdq89ntxgB2UIn2kd3wdFXC4kaK3aObSakWmEx4bJ5aU-Mc42fkbnwQbk0A8h-xaGBa-CbHoCI3Nur68p1QO2pIL22oxCEdyt_JzvHvqiBeU_ls8Wll85-HoTF87lXTasGRpFsqqb65rTu_r2MlPQOvXvxhY1ntyHpIlk14zDto1mSn9s7lY0TzthgO5fc-LEZvk4QsYEDbvWPwlGNX-RbfR4pxWmovNxl6k0P0cLBQsljCi7oU8fbOQ7H8iO9KptPM676c59X6dNtp8iXDdiP4GNMmbkcclWh8ZHAj6MQvF-yZnpcWrKPd-vQPO1YIHfKoMKKDboAajahiSKsF11erfHcQipLY2X4iliVAaQbI0v_Rg7szemNxtv4G2b1UAk0SoUAlQ8AYV0wYgYbP0F4yA09AE7vxcOaI08RdbLnCEvDm-v4Ot5R8NLYWsVqgk-0gBghRkm4yNSVPjtPQ4zz6VHqd2obSKX_2X89_GE2GJYYPhwz2U74bExPtsrmn73YjB9ox36F-CeH3m6Ca6ICHjZ5kBaB735MkeCxrXQG6h9KSOtzLw8q6wC7DAzBwDiSPD4qRe6lehGn3P9ahrkXPawCZE4VpZxSikORCDrdXwdhzFU0PS8dulThRrorH2EtVM479uTwzefNK9hk1StPjJzm_ySMMHn8e9SPy0_X909qi5b4esuBKoa69cojx-domVNfgUbB9xwpDkwYG1ItUJ_bLVFw_xh1zp3zw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.mtdv.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

POST
H2 200 all
csm.eu.criteo.net/ Frame BC32 0
127 B 14ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 26 Apr 2023 15:08:14 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_X2WNN9J8QN Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga Value: GA1.1.486393071.1682521692
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_F9NPV4G8YN Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_7JRQF757RS Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_WCKGFQR8X8 Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_NSWGD717C6 Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_Z96VBEQQ7C Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:58:01	Name: _ga_0JVRYDXEHV Value: GS1.1.1682521692.1.0.1682521692.0.0.0
.mtdv.me/	1970-01-20 20:43:37	Name: __gads Value: ID=af1af66c7d1a2eda-22bd939eaddd0097:T=1682521692:RT=1682521692:S=ALNI_MZBAxuDygoLgtshGDx5mkm9opM9cg
.mtdv.me/	1970-01-20 20:43:37	Name: __gpi Value: UID=00000befd288f4f7:T=1682521692:RT=1682521692:S=ALNI_MZ_QDlvcDSBxav_Opibfs9HYCQBKA
.doubleclick.net/	1970-01-20 20:43:37	Name: IDE Value: AHWqTUlQ8k6ArK9y53JuXnxs9Tuqq6LSeG4fbCiDLkUdVyOfQSjmrZdrEiwIO7Byg8A
.doubleclick.net/	1970-01-20 11:22:02	Name: test_cookie Value: CheckForPermission
m.exactag.com/	1970-01-20 13:31:37	Name: exactag_new_gk Value: fd142eeaecc84553beb107be521c301f%7c25.06.2023+15%3a08%3a13
m.exactag.com/	1970-01-20 15:41:13	Name: exactag_new_uk Value: a4a75699ab6948c2a490d574c02c6eca%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 022df2ff31f944d29f7a20c0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4005810911916944&output=html&h=280&slotname=1970650422&adk=3555021432&adf=820553741&pi=t.ma~as.1970650422&w=1200&fwrn=4&fwrnh=100&lmt=1682521692&rafmt=1&format=1200x280&url=https%3A%2F%2Fr.mtdv.me%2Fr7r6LLpaxe&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1682521692211&bpp=1&bdt=207&idt=295&shv=r20230420&mjsv=m202304190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C864x90&nras=1&correlator=5017082333712&frm=20&pv=1&ga_vid=486393071.1682521692&ga_sid=1682521692&ga_hid=2020057171&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31071755%2C44782467&oid=2&pvsid=304144206133442&tmod=1901369230&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=FCWtbrzp05&p=https%3A//r.mtdv.me&dtd=298 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adrta.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.fr3.eu.criteo.com
cdn.jsdelivr.net
cdn.mtdv.me
cdnjs.cloudflare.com
csm.eu.criteo.net
googleads.g.doubleclick.net
imageproxy.eu.criteo.net
ipds.adrta.com
m.exactag.com
pagead2.googlesyndication.com
partner.googleadservices.com
r.mtdv.me
region1.google-analytics.com
rtb.fr3.eu.criteo.com
static.criteo.net
tpc.googlesyndication.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
178.250.7.9
2001:4860:4802:34::36
2606:4700:3037::6815:1208
2606:4700::6810:5914
2606:4700::6811:180e
2a00:1450:4001:803::2001
2a00:1450:4001:803::2008
2a00:1450:4001:809::2002
2a00:1450:4001:810::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a02:2638:3::1a
2a02:2638:d::13
2a02:2638:d::2
2a02:2638:d::4
2a02:2638:d::c
50.19.126.24
85.14.248.71
067a2eb0be482c154a3e8c7f0610adc7d70b0bcc3e1c0869ddad613cb826cc0c
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0ce9de398de7e7ec63e836b70090643c7c5a3f29ea4a519a67defdd206c13ac1
11a8454c7cfdeaecb348336bbabaf1db834252f8d6803deee3d1473890ebd870
239a32c5ccde89958a10cae32a0e16ab5f8c47ac4bed177a57ec0292d393a94a
2519659f7e937e24dd172c11aa55ba4ec5d9716376008df057cec44d527b5138
2abdb5b36aabd599af47fb4212543cc39021f6f0538f6b0515cd1956cfcb3512
2c19dceb44773ef9a325e49f232d340c5af667a1275936719e72d2cee0e6f728
2c693308b095c76bf7bd717db78d32ff555408eadce0786bad3176dd172967f6
2db6489d44c93f3301f1969a58df60a3d7e36c3c892fc0976dadf1f761d569cc
2e297b1ec58bbfea4ad016d50c1a674e8dc18775b7dfad2d32b7629666b008b0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34087f3d952d32b3f6766df1dc3335a70a00282f532ce831d56c7b9ff18f86c5
43e7c5032ef551716251cd76d2d271ff8a66bda855fbf366d176e1629f33f8e4
49f87b158ba76bca756e0d6255c8e102347d0f6580b8f81edabd207dcfd2b169
4ba6681dadb80edb1f0b7a754743085166d88725c8ec9d879fb86fc4116610f8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50c714fa9f1e281b3914b9ff966ce5988f717a43c0be93122f7786d705e3e3ac
50d455c07f26ae94481e9cb2dd5129a6d0127a650d4e3609370d247b53e4f814
54783adc76ba6592dcee43cd10a9bf467c845f1f873d1b33e3197ada45ff3b12
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56499c6d406ec6413126c2f7160ad4bb14dff0b3a3fd8e249c304660d2da53ef
601a3a7fbb71568a8bcbcf149c30f7ac5d627c9232eabb0543786b3460d3ce00
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
69a5300a4bcbb08c4c178cb2d67c39e5b027cde5615c9da3aa317ed153fe4e35
6cedf3959ae9573952bfa6940f89bf37dcdeba71bb9d2356a4739a4af4831d6a
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7673f9b474ba8a6b6336219175f3b24ce629f8e165748c9c477ca5a57fbf11c4
79159c859ad82bb982f7f91b91d4b50cf81faef5611aca61321908c656ebad6e
7976ec1c69c3c12eb249bea249b4806d559244dc1d8b256d01116dfc5d654476
7f9de7118bcab5d51299bc7c10dbf1fbe7fcf4bb0cb10f21a9826288945abed5
8601f3abb11959a638ddc95fa4ac63b6bcdbcf0c293c9bc16a7b576c4e3fd543
883e0a95a1e6ab17d0352f93b1bf1a5b4b582b8d2927286f2a0b5b0744ce8ad4
8ad6c03a9c32765bc7b05ae5a61cc0c973a4e852b0b8fa4584cb0668f1f7b816
8b7379965eafa80c98ca184ca835964285bc94697edf65751442663efd428723
8dde3b6a0ba62d9ff9be3f33a7c385b520ead7fa0bc41834ba92a047098f5b04
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
949aeae32555f7b3778cc85d65c4bf7b0135edd78f70bfb791efe6932276337d
9f6f628bf54394a9d6a725da164cfb84ae10d83bf9099fb497a8ec67346e3fd0
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3f7998748e7c1c2158313fffc0045d7a334117c2cddbba6cf5d2e47e5ae662f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4faef1ba54ead4bf203b0be7c0c8b2ad982c483d678d63c452408e92d036ae8
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a82985601ab0a9179fa93ca51d4fed1596fe4fdee98c474cfbc4605041b347c9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b3e200888c131c3a4c90d49c1969480de5bf48ead063daf8edf6490218d24149
c2d0f33cef4a13ba60d16524a5bfe793f9be391193eeed3bfc8eaee28f90a8d6
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
d4b155ef3b2ea4fbedb7cef099d1260357f2a5f6f3837ae79839288571acb9d7
d51105af85114f8e1637892f3971892eeaff4acb5d8ce2cbeb0eae526c1a1372
da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626
dde9943b20a712edfe9ac747dc27d79652db0366bfea40c77cb1712836fd10c2
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebaa196d0b2937da4ea3208c8a1c3bf69191dc7299812bee5f89ba96cd5cc33e
ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8
edb79682e63246515260549ce35ef25b28017be72a0f1f7701eff54b6cc54f1c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0cb7c74530618b52b60bd66510f4d94de505c38f6fb44467dac39aea000b442
f409bf74991df5b1908d9aeb310109e25b7050f987b27210b52ad0c9ef5b712e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f871ff584bf2989748db46cb7b0b9a2961e3f4013095e23d5677eb1f7458d254
fbd39ab4e18466625476d2b18080d4a93774120cf0000c6af69c072263b9678b
fe704d595f59c8197d8a2fad4db3241827afb5a9b52fbc8e155e4825f936c20b

r.mtdv.me Open in urlscan Pro 2606:4700:3037::6815:1208 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

93 Requests

99 %HTTPS

85 %IPv6

15 Domains

23 Subdomains

21 IPs

3 Countries

1283 kBTransfer

4231 kBSize

15 Cookies

1 Outgoing links

Redirected requests

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

r.mtdv.me Open in urlscan Pro
2606:4700:3037::6815:1208 Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

99 %
HTTPS

85 %
IPv6

15
Domains

23
Subdomains

21
IPs

3
Countries

1283 kB
Transfer

4231 kB
Size

15
Cookies

93 HTTP transactions
3 data transactions