662cfe98a96f5ea2c27cfe01950ad54698cbca9b1119ead0f088db52900fb6f4

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html
Size

93KB
MD5

622dacbc6b7faa7e1dfe21a2003bac25
SHA1

beeb6c9f653552772e8ba048e2b1e0436f436324
SHA256

662cfe98a96f5ea2c27cfe01950ad54698cbca9b1119ead0f088db52900fb6f4
SHA512

e1956dfb9f2e07c3a7689c8ccf9d8c9e8f1716607467c46ef37fd30a04962ce631b7d36e81ad8dc5dd6807dc7eaac26e9e7ecc8a0e693c5052b242c2d653ba54
SSDEEP

1536:lATNK30Cu/KW7M4Nw4TMx2/QPiCOgzquvlrfoB//y4f2yzEKHfLNKuISRtkuePJz:MKiM4Nw4TMx2/QPiCOguuvlrfoB//y4g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
1608	msedge.exe
1608	msedge.exe
3316	identity_helper.exe
3316	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2564	1608	msedge.exe	82
PID 1608 wrote to memory of 2564	1608	msedge.exe	82
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 3300	1608	msedge.exe	83
PID 1608 wrote to memory of 428	1608	msedge.exe	84
PID 1608 wrote to memory of 428	1608	msedge.exe	84
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85
PID 1608 wrote to memory of 2300	1608	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff1e8a46f8,0x7fff1e8a4708,0x7fff1e8a4718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2899453463951620885,4173341331753959180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

DNS

members.poemhunter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

members.poemhunter.com

IN A

Response

members.poemhunter.com

IN A

95.168.183.149
DNS

www.googletagservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.179.226
GET

http://members.poemhunter.com/members/aa_top_member_menu_hor.asp

msedge.exe

Remote address:

95.168.183.149:80

Request

GET /members/aa_top_member_menu_hor.asp HTTP/1.1
Host: members.poemhunter.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=UTF-8
Location: https://www.poemhunter.com/poets/
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 21 May 2024 07:31:39 GMT
Content-Length: 156
GET

http://www.googletagservices.com/tag/js/gpt.js

msedge.exe

Remote address:

142.250.179.226:80

Request

GET /tag/js/gpt.js HTTP/1.1
Host: www.googletagservices.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Tue, 21 May 2024 07:31:42 GMT
Expires: Tue, 21 May 2024 07:31:42 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Location: https://www.googletagservices.com/tag/js/gpt.js
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
DNS

www.poemhunter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.poemhunter.com

IN A

Response

www.poemhunter.com

IN CNAME

rae0auronmaq.merlincdn.net

rae0auronmaq.merlincdn.net

IN CNAME

eu-gb-lon-dp.merlincdn.net

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.181

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.140
DNS

b.scorecardresearch.com

msedge.exe

Remote address:

8.8.8.8:53

Request

b.scorecardresearch.com

IN A

Response

b.scorecardresearch.com

IN A

18.239.208.4

b.scorecardresearch.com

IN A

18.239.208.18

b.scorecardresearch.com

IN A

18.239.208.108

b.scorecardresearch.com

IN A

18.239.208.99
DNS

mc.yandex.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

87.250.251.119
GET

https://www.googletagservices.com/tag/js/gpt.js

msedge.exe

Remote address:

142.250.179.226:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: www.googletagservices.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.poemhunter.com/poets/

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /poets/ HTTP/2.0
host: www.poemhunter.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: text/html; charset=utf-8
cache-control: public,max-age=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload
fc: 1
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
age: 173
content-encoding: gzip
GET

https://www.poemhunter.com/bundles/css/main.min.css?v=1.0.0.1119

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /bundles/css/main.min.css?v=1.0.0.1119 HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: text/css
last-modified: Thu, 07 Dec 2023 01:25:42 GMT
etag: W/"1da28ac4b16ba37"
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
age: 563565
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
cache-control: max-age=186400
content-encoding: gzip
GET

https://www.poemhunter.com/assets/js/jquery-3.6.0.min.js

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /assets/js/jquery-3.6.0.min.js HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: application/javascript
last-modified: Thu, 07 Dec 2023 01:25:32 GMT
etag: W/"1da28ac451e539d"
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
age: 674221
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
cache-control: max-age=186405
content-encoding: gzip
GET

https://www.poemhunter.com/bundles/js/main.min.js?v=1.0.0.1119

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /bundles/js/main.min.js?v=1.0.0.1119 HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: application/javascript
last-modified: Thu, 07 Dec 2023 01:25:42 GMT
etag: W/"1da28ac4b14d039"
x-powered-by: ASP.NET
x-midtier: nl-naw3-ws-s14
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
age: 564425
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
cache-control: max-age=186405
content-encoding: gzip
GET

https://www.poemhunter.com/assets/img/logo-white.png

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /assets/img/logo-white.png HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: image/png
content-length: 4800
cache-control: public,max-age=2592000
expires: Wed, 22 May 2024 15:28:05 GMT
last-modified: Thu, 07 Dec 2023 01:25:30 GMT
etag: "1da28ac43edf3c0"
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
age: 2410802
accept-ranges: bytes
GET

https://www.poemhunter.com/assets/img/icon-search-white.svg

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /assets/img/icon-search-white.svg HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.poemhunter.com/bundles/css/main.min.css?v=1.0.0.1119
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: image/svg+xml
cache-control: public,max-age=2592000
expires: Wed, 22 May 2024 15:35:05 GMT
last-modified: Thu, 07 Dec 2023 01:25:30 GMT
etag: W/"1da28ac43ede3e4"
x-powered-by: ASP.NET
x-midtier: nl-naw3-ws-s14
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
age: 2410803
content-encoding: gzip
GET

https://www.poemhunter.com/assets/img/icon-arrow.svg

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /assets/img/icon-arrow.svg HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.poemhunter.com/bundles/css/main.min.css?v=1.0.0.1119
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: image/svg+xml
cache-control: public,max-age=2592000
expires: Sun, 19 May 2024 21:16:57 GMT
last-modified: Thu, 07 Dec 2023 01:25:30 GMT
etag: W/"1da28ac43ede01a"
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: HIT
via: HTTP/2.0 Merlin CDN
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
age: 2410353
content-encoding: gzip
POST

https://www.poemhunter.com/Ajax/Login/

msedge.exe

Remote address:

195.181.165.181:443

Request

POST /Ajax/Login/ HTTP/2.0
host: www.poemhunter.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: */*
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
origin: https://www.poemhunter.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: text/html; charset=utf-8
cache-control: no-store,no-cache
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ASP.NET
x-edge: gb-lon-dp-s01
server: MerlinCDN
via: HTTP/2.0 Merlin CDN
allow: GET, HEAD, POST
age: 3
content-encoding: gzip
POST

https://www.poemhunter.com/Ajax/SelectAccountControl/

msedge.exe

Remote address:

195.181.165.181:443

Request

POST /Ajax/SelectAccountControl/ HTTP/2.0
host: www.poemhunter.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: */*
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
origin: https://www.poemhunter.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:42 GMT
content-type: text/html; charset=utf-8
cache-control: no-store,no-cache
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ASP.NET
x-edge: gb-lon-dp-s01
server: MerlinCDN
via: HTTP/2.0 Merlin CDN
allow: GET, HEAD, POST
age: 3
content-encoding: gzip
GET

https://www.poemhunter.com/assets/js/jquery.lazyload.js?_=1716276701515

msedge.exe

Remote address:

195.181.165.181:443

Request

GET /assets/js/jquery.lazyload.js?_=1716276701515 HTTP/2.0
host: www.poemhunter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.poemhunter.com/poets/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:43 GMT
content-type: application/javascript
last-modified: Thu, 07 Dec 2023 01:25:30 GMT
etag: W/"1da28ac43ede9bd"
x-powered-by: ASP.NET
x-midtier: de-fra-dp-s05
x-cache-status: MISS
via: HTTP/2.0 Merlin CDN
age: 0
x-edge: gb-lon-dp-s01
server: MerlinCDN
allow: GET, HEAD, POST
cache-control: max-age=186405
content-encoding: gzip
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

62.242.123.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.242.123.52.in-addr.arpa

IN PTR

Response
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

149.183.168.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.183.168.95.in-addr.arpa

IN PTR

Response

149.183.168.95.in-addr.arpa

IN PTR

smtp poemhuntercom
GET

http://b.scorecardresearch.com/beacon.js

msedge.exe

Remote address:

18.239.208.4:80

Request

GET /beacon.js HTTP/1.1
Host: b.scorecardresearch.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 May 2024 13:20:45 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Tue, 21 May 2024 04:13:12 GMT
Cache-Control: max-age=86400
ETag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 500dd27a29c16a186d1b5c347c341348.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: BRU50-P1
X-Amz-Cf-Id: qf9H82CG9_v54ztZO2c-G-I9NQRT2xKO-XNnwp_6e0NeHt__YvF-Rw==
Age: 11912
GET

http://mc.yandex.ru/metrika/watch.js

msedge.exe

Remote address:

93.158.134.119:80

Request

GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved temporarily

Content-Length: 0
Location: https://mc.yandex.ru/metrika/watch.js
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

sb.scorecardresearch.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

18.239.208.108

sb.scorecardresearch.com

IN A

18.239.208.18

sb.scorecardresearch.com

IN A

18.239.208.99

sb.scorecardresearch.com

IN A

18.239.208.4
GET

https://sb.scorecardresearch.com/b?c1=2&c2=11114222&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716276701218&ns_c=UTF-8&c7=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html&c8=William%20Butler%20Yeats%20-%20Statistics%20of%20William%20Butler%20Yeats-%20Poem%20Hunter&c9=

msedge.exe

Remote address:

18.239.208.108:443

Request

GET /b?c1=2&c2=11114222&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716276701218&ns_c=UTF-8&c7=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html&c8=William%20Butler%20Yeats%20-%20Statistics%20of%20William%20Butler%20Yeats-%20Poem%20Hunter&c9= HTTP/2.0
host: sb.scorecardresearch.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Tue, 21 May 2024 07:31:42 GMT
accept-ch: UA, Platform, Arch, Model, Mobile
x-cache: Miss from cloudfront
via: 1.1 ccaf1a504c744888ea0273ccf57116f0.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: zjud7-WrKmS_tzvkryIN30IqwQEQuRNPYceo9yfrNonsnbV8p6QE7g==
DNS

securepubads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.200.34
GET

https://mc.yandex.ru/metrika/watch.js

msedge.exe

Remote address:

93.158.134.119:443

Request

GET /metrika/watch.js HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405090101/pubads_impl.js

msedge.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/managed/js/gpt/m202405090101/pubads_impl.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

mc.yandex.com

msedge.exe

Remote address:

8.8.8.8:53

Request

mc.yandex.com

IN A

Response

mc.yandex.com

IN CNAME

mc.yandex.ru

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

93.158.134.119
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.187.226
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

181.165.181.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.165.181.195.in-addr.arpa

IN PTR

Response

181.165.181.195.in-addr.arpa

IN PTR

unn-165-181-195-181 datapacketcom
DNS

4.208.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.208.239.18.in-addr.arpa

IN PTR

Response

4.208.239.18.in-addr.arpa

IN PTR

server-18-239-208-4bru50r cloudfrontnet
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

119.134.158.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.134.158.93.in-addr.arpa

IN PTR

Response

119.134.158.93.in-addr.arpa

IN PTR

mcyandexru
DNS

108.208.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.208.239.18.in-addr.arpa

IN PTR

Response

108.208.239.18.in-addr.arpa

IN PTR

server-18-239-208-108bru50r cloudfrontnet
DNS

34.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
DNS

104.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.201.58.216.in-addr.arpa

IN PTR

Response

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1041e100net

104.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f8�J

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f8�J
DNS

194.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.187.250.142.in-addr.arpa

IN PTR

Response

194.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f21e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0DFB91BD64A1625B08F4853B651A63D8; domain=.bing.com; expires=Sun, 15-Jun-2025 07:31:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 004703FBDB0144608F7A3BB3B2AB6AC1 Ref B: LON04EDGE0807 Ref C: 2024-05-21T07:31:43Z
date: Tue, 21 May 2024 07:31:43 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DFB91BD64A1625B08F4853B651A63D8; _EDGE_S=SID=35766950A3096A9C1AEB7DD6A2C96BA2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=VNJjcCHSLv6FTG7Sp5axOqKGam0vMfrOZEMLi_FUzZU; domain=.bing.com; expires=Sun, 15-Jun-2025 07:31:44 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 85DB32E0898F4108B5DAEBBAAE879FEC Ref B: LON04EDGE0807 Ref C: 2024-05-21T07:31:44Z
date: Tue, 21 May 2024 07:31:43 GMT
DNS

tpc.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

msedge.exe

Remote address:

172.217.16.225:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.poemhunter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266

Remote address:

23.62.61.129:443

Request

GET /aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DFB91BD64A1625B08F4853B651A63D8

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F01522E78D514C06893C06B7AED45232 Ref B: DUS30EDGE0406 Ref C: 2024-05-21T07:31:44Z
content-length: 0
date: Tue, 21 May 2024 07:31:44 GMT
set-cookie: _EDGE_S=SID=35766950A3096A9C1AEB7DD6A2C96BA2; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0DFB91BD64A1625B08F4853B651A63D8; path=/; httponly; expires=Sun, 15-Jun-2025 07:31:44 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.7d3d3e17.1716276704.13da600a
DNS

ads.eu.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ads.eu.criteo.com

IN A

Response

ads.eu.criteo.com

IN CNAME

ads.nl3.vip.prod.criteo.com

ads.nl3.vip.prod.criteo.com

IN A

178.250.1.17
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&u=%7CYcDY%2BpZv0G0IJ8hTAR8Ejh0a8tdlbyVDul%2BkiXVHzdU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgTYxIfrObes8kmYPTGcWqM8l1I1h3P7JcwZW79Xia7PJPKv7f7hj_jYA7rCZVjI-KyyRVT5JGhQNPEBzMRkUgv9q2rKk-FRhoCaxfw-YnBPBhyqyF8sH0ZwH6UwGDVgjWblLIJspoIUS3fG-lsN9WS8xaAFcFTItbiifL0gRmPGG8B_u_arUmBC86lRPTq1QeSBdJUy0_WRhhOKaqLF_OB1Y3n7ZLuayuEeKOEgxAgX0z800RerkMb7eTZ52FcXaGdIV7jfBckQMFsN7LhIftB5klFGB9ASIF0huaKkQ36V081j4Xr5wQIg9d6WzA23-OmB4mBayPAZlnSHxUuq5wDH0811eVV0epiLi-mLsIn0LGDO7miAs4CXzg1qRz9uDk0hJhaTAVI6hN9Ow4w2KHPsmEY1XV19vJbFtz_chXxyLrpTDZKubeOrq-EP41vX7J8NfkNx-H3q6pv5Wo1LDPBB58YQKqSv57MJ7jQJvKN-YOgRD8yp12Ygp_kKwR1tflAVQppMZCQr865DY8YCoAhW4N2IgkTmuZeX6CtltJ5-rtzqGkmNVDlZrUaCiompDQY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFN0h301MZvi8L9Ho18cPo-yEqAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qtrfl1i-6eAgZvG1nALder11E1cUOTWjtWnBjRjUJkKjqVNepiVX_TrcvRxTVfo-xaUudCTo3wNBJtvjn0CXcIERubsmN1l0NF6M2t9FOO2JVwy2rvsLB3rHoGIQdWC674HRqIilqZZQ7QqwDRHgbL6NvfNJdg5X8m4hJyvS35bYFdrrxlP4JDBfZaEgGounqKCF57KltWQkNl-DLiGAz0RewcPEyxV4_ghcWyvsf6pKodAf5MeTF1Cd5f3IOLkerw19HPH-ZTIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliu64r6nJ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3lAAsFypQ8OJole3XUcF4KuIsliQ%26client%3Dca-pub-3785345259461815%26adurl%3D

msedge.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&u=%7CYcDY%2BpZv0G0IJ8hTAR8Ejh0a8tdlbyVDul%2BkiXVHzdU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgTYxIfrObes8kmYPTGcWqM8l1I1h3P7JcwZW79Xia7PJPKv7f7hj_jYA7rCZVjI-KyyRVT5JGhQNPEBzMRkUgv9q2rKk-FRhoCaxfw-YnBPBhyqyF8sH0ZwH6UwGDVgjWblLIJspoIUS3fG-lsN9WS8xaAFcFTItbiifL0gRmPGG8B_u_arUmBC86lRPTq1QeSBdJUy0_WRhhOKaqLF_OB1Y3n7ZLuayuEeKOEgxAgX0z800RerkMb7eTZ52FcXaGdIV7jfBckQMFsN7LhIftB5klFGB9ASIF0huaKkQ36V081j4Xr5wQIg9d6WzA23-OmB4mBayPAZlnSHxUuq5wDH0811eVV0epiLi-mLsIn0LGDO7miAs4CXzg1qRz9uDk0hJhaTAVI6hN9Ow4w2KHPsmEY1XV19vJbFtz_chXxyLrpTDZKubeOrq-EP41vX7J8NfkNx-H3q6pv5Wo1LDPBB58YQKqSv57MJ7jQJvKN-YOgRD8yp12Ygp_kKwR1tflAVQppMZCQr865DY8YCoAhW4N2IgkTmuZeX6CtltJ5-rtzqGkmNVDlZrUaCiompDQY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFN0h301MZvi8L9Ho18cPo-yEqAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qtrfl1i-6eAgZvG1nALder11E1cUOTWjtWnBjRjUJkKjqVNepiVX_TrcvRxTVfo-xaUudCTo3wNBJtvjn0CXcIERubsmN1l0NF6M2t9FOO2JVwy2rvsLB3rHoGIQdWC674HRqIilqZZQ7QqwDRHgbL6NvfNJdg5X8m4hJyvS35bYFdrrxlP4JDBfZaEgGounqKCF57KltWQkNl-DLiGAz0RewcPEyxV4_ghcWyvsf6pKodAf5MeTF1Cd5f3IOLkerw19HPH-ZTIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliu64r6nJ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3lAAsFypQ8OJole3XUcF4KuIsliQ%26client%3Dca-pub-3785345259461815%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
date: Tue, 21 May 2024 07:31:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 40975856
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

rtb.fr3.eu.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtb.fr3.eu.criteo.com

IN A

Response

rtb.fr3.eu.criteo.com

IN CNAME

rtb.fr3.vip.prod.criteo.com

rtb.fr3.vip.prod.criteo.com

IN A

178.250.7.12
GET

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEN9NTGaocrMF6R2Bt82jAAASAAAKCkFRVUJEd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&cbvp=2

msedge.exe

Remote address:

178.250.7.12:443

Request

GET /google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEN9NTGaocrMF6R2Bt82jAAASAAAKCkFRVUJEd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&cbvp=2 HTTP/2.0
host: rtb.fr3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Tue, 21 May 2024 07:31:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 130063
strict-transport-security: max-age=31536000; preload;
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f1�H
DNS

129.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.61.62.23.in-addr.arpa

IN PTR

Response

129.61.62.23.in-addr.arpa

IN PTR

a23-62-61-129deploystaticakamaitechnologiescom
DNS

17.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.1.250.178.in-addr.arpa

IN PTR

Response
DNS

static.criteo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

cat.nl3.eu.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cat.nl3.eu.criteo.com

IN A

Response

cat.nl3.eu.criteo.com

IN CNAME

cat.nl3.vip.prod.criteo.com

cat.nl3.vip.prod.criteo.com

IN A

178.250.1.6
DNS

cdnjs.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=6qjOtxCZUBz-aW6NeB_hVU1FgHGTszyaBti7h6DmDU58nB66waOnVhKcHDKygAcQMZcvGBXEWgndYmzvYSdGR4xMjDF_AJ8FIslXUM1KKIpVraruIg9dUXofOHnuq4HlV7aaLESs7osjUPH5b2VkVukUPTuv0OpaGYJViG4mWgBTdkWyzaA1WlExHKXUmKPRv9KPmY0l9y-cHj5RzEFWr-o18dxGTogYllz1j52fLrYN_NJo0TxNxajMi54p5f7ZFyU1uIp6rsrm0OG9IYm0GQFOhKru1NTRLbLM7h2LzKFGMPaI98HKyAHINOR-hiK6PrIkrUt4nvpVSi9OYfiNUG6QEgbk4aLgKxrB3XFgKoyfteh5RMLLeu4zCcOSsCvSBGUtJkHZNWMCYzOCj_cSxFUOF0oXKTEXCRXFBi4-4k1b7GFiwygjy1Q5i5DParbYkCVzN-SVD5u0tpXjF7M7jyCl-bY

msedge.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=6qjOtxCZUBz-aW6NeB_hVU1FgHGTszyaBti7h6DmDU58nB66waOnVhKcHDKygAcQMZcvGBXEWgndYmzvYSdGR4xMjDF_AJ8FIslXUM1KKIpVraruIg9dUXofOHnuq4HlV7aaLESs7osjUPH5b2VkVukUPTuv0OpaGYJViG4mWgBTdkWyzaA1WlExHKXUmKPRv9KPmY0l9y-cHj5RzEFWr-o18dxGTogYllz1j52fLrYN_NJo0TxNxajMi54p5f7ZFyU1uIp6rsrm0OG9IYm0GQFOhKru1NTRLbLM7h2LzKFGMPaI98HKyAHINOR-hiK6PrIkrUt4nvpVSi9OYfiNUG6QEgbk4aLgKxrB3XFgKoyfteh5RMLLeu4zCcOSsCvSBGUtJkHZNWMCYzOCj_cSxFUOF0oXKTEXCRXFBi4-4k1b7GFiwygjy1Q5i5DParbYkCVzN-SVD5u0tpXjF7M7jyCl-bY HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
date: Tue, 21 May 2024 07:31:44 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1568767
strict-transport-security: max-age=31536000; preload;
DNS

imageproxy.eu.criteo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

imageproxy.eu.criteo.net

IN A

Response

imageproxy.eu.criteo.net

IN CNAME

imageproxy.nl3.vip.prod.criteo.net

imageproxy.nl3.vip.prod.criteo.net

IN A

178.250.1.15
GET

https://static.criteo.net/flash/icon/privacy_small.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/privacy_small.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
etag: W/"5e42ba84-6aa"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/close_button.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/close_button.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
content-length: 308
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
etag: "5e46a5e4-134"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/adchoices_en.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/adchoices_en.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
content-length: 293
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
etag: "626a59dc-125"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/back_button2.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/back_button2.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: text/javascript
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
etag: W/"5c9a64eb-3181"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/animejs/animejs.js

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /animejs/animejs.js HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
etag: W/"5e42b9ee-759"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/dt/11894/5180058/d6a9dd9727004aec8536ee46c0eb70fa_cpn_300x600_1.jpeg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /design/dt/11894/5180058/d6a9dd9727004aec8536ee46c0eb70fa_cpn_300x600_1.jpeg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/jpeg
content-length: 81287
last-modified: Thu, 09 May 2024 15:06:13 GMT
etag: "663ce665-13d87"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/criteo_logo_2021.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
last-modified: Thu, 27 May 2021 13:21:59 GMT
etag: W/"60af9cf7-891"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/privacy.svg

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/privacy.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
etag: W/"5e4d1491-646"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-400.css

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-400.css HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:11:03 GMT
etag: W/"6391f077-9fe"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-700.css

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-700.css HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:11:05 GMT
etag: W/"6391f079-9fe"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-400-latin.woff2 HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://ads.eu.criteo.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: text/plain; charset=UTF-8
last-modified: Thu, 08 Dec 2022 14:11:03 GMT
etag: W/"6391f077-4164"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-700-latin.woff2 HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://ads.eu.criteo.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://static.criteo.net/design/googlefont/opensans/opensans-700.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Tue, 21 May 2024 07:31:44 GMT
content-type: text/plain; charset=UTF-8
last-modified: Thu, 08 Dec 2022 14:11:05 GMT
etag: W/"6391f079-3ff4"
expires: Fri, 16 May 2025 07:31:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/webfont/1.6.28/webfontloader.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 4420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04030-30d9"
last-modified: Mon, 04 May 2020 16:17:52 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 284772
expires: Sun, 11 May 2025 07:31:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2UkKE81rNpsHRtcW7wLQ%2FGLpKnG8eW7Hdx97qZFXIj%2BaBuC%2B064Ztl8c1bbKg4UoKHHyo4BrrxrY8C5nNKR62PYm6oajQ%2BlNAuCIrq48iEdf3XJSq%2B4%2BbvaWyPN%2FonCAEEJMD6M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8872de5bda703da8-LHR
alt-svc: h3=":443"; ma=86400
GET

https://imageproxy.eu.criteo.net/img/img?h=268&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F11894%2F230512%2Fd36d5cdfaf0741f08ffcdcecaa3c5f65_logo_n_horizontal_%281%29.png&v=3&w=596&rid=4&s=FjnicC3djtEatl2rlrTcHyaA

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?h=268&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F11894%2F230512%2Fd36d5cdfaf0741f08ffcdcecaa3c5f65_logo_n_horizontal_%281%29.png&v=3&w=596&rid=4&s=FjnicC3djtEatl2rlrTcHyaA HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 57227
content-type: image/png
date: Tue, 07 May 2024 11:53:50 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Wed, 09 Apr 2025 04:12:02 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1193873
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_31.jpg&v=3&w=400&rid=4&s=uKC0F6WKHOiZ0K1IJB8_p3CQ&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_31.jpg&v=3&w=400&rid=4&s=uKC0F6WKHOiZ0K1IJB8_p3CQ&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 30814
content-type: image/webp
date: Tue, 07 May 2024 12:15:34 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 07 Apr 2025 19:43:18 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1192569
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_4.png&v=3&w=400&rid=4&s=z25MQgdCtGv3v7WvZ_Klf8iV

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_4.png&v=3&w=400&rid=4&s=z25MQgdCtGv3v7WvZ_Klf8iV HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 49894
content-type: image/webp
date: Tue, 07 May 2024 11:41:45 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Thu, 10 Apr 2025 04:21:52 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194597
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_81995.jpg&v=3&w=400&rid=4&s=-_2ekIVR2etJyKtwfAhdXU5E&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_81995.jpg&v=3&w=400&rid=4&s=-_2ekIVR2etJyKtwfAhdXU5E&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1537
content-type: image/png
date: Tue, 07 May 2024 11:39:59 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Tue, 29 Apr 2025 18:07:29 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194704
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_74954.jpg&v=3&w=400&rid=4&s=utHgGqqbWoGNWdaLeMW4XVWG&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_74954.jpg&v=3&w=400&rid=4&s=utHgGqqbWoGNWdaLeMW4XVWG&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 51026
content-type: image/webp
date: Tue, 07 May 2024 11:37:44 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Wed, 09 Apr 2025 11:16:00 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194840
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
DNS

csm.eu.criteo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

csm.eu.criteo.net

IN A

Response

csm.eu.criteo.net

IN CNAME

csm.nl3.vip.prod.criteo.net

csm.nl3.vip.prod.criteo.net

IN A

178.250.1.25
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:45 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 48
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:31:45 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
DNS

12.7.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.7.250.178.in-addr.arpa

IN PTR

Response
DNS

3.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

6.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.1.250.178.in-addr.arpa

IN PTR

Response
DNS

15.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.1.250.178.in-addr.arpa

IN PTR

Response
DNS

25.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.1.250.178.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1951e100net

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�J

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�J
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1951e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�J

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�J
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G
DNS

www.poemhunter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.poemhunter.com

IN A

Response

www.poemhunter.com

IN CNAME

rae0auronmaq.merlincdn.net

rae0auronmaq.merlincdn.net

IN CNAME

eu-gb-lon-dp.merlincdn.net

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.140

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.181
DNS

www.poemhunter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.poemhunter.com

IN A

Response

www.poemhunter.com

IN CNAME

rae0auronmaq.merlincdn.net

rae0auronmaq.merlincdn.net

IN CNAME

eu-gb-lon-dp.merlincdn.net

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.181

eu-gb-lon-dp.merlincdn.net

IN A

195.181.165.140
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&u=%7CnzHT0kHP1LEOYnXc7k20K4yXzQ5dJtBWa3s%2BQMSva7I%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgR0SUmYjNawkMdFu_5AQXxlolrPSm2QHKt_nK8LnQlMh_rGsspCIlZTTcBYQsZMKq9ojV23V72_Rh0RCgLwjSrIpi7k91jDfN2IOqs7H6WcWwz1RXXvgeZFIZ3FwtpfNGEf7YU7vf_7qqbNf_K8WgVx_I_B3Bo_eb9alFB0KlHn5y1MbbHa0GxYxCl2HYJ_DwkjxaYNFVTd6v34Ho6dMvhPlDJ_kUcLvk9ViS4tBV5wXscmigymf25I6LCV-tFZXwSdTEOVjHxJlZhZA6G3CXgpgHbCcT3ln-SakGCw18blcx5I-usN7f0WC0BPIjitSfWtbrnp2TIg9KwEHTOMUpXxJ9hHnICpPfsEvbEoKa54godJ3pljhEnAf48yd8bL1hDWBpzMWS2GnxQaJwHmKvpWceqky608u2W45dS6zFHGchKwFSD8HjxgtrMIl-1G0PrhsHeEqrzrcUiSPOzA51wl7m8HaAiE9t1aw4G0ua5HVKxmxt5g_UhL-U4atXFS8r6abr0Yv96fa_2wngHVRFXZei1PsiSxP30nK2lGgEGAshxfKsfcJAXV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGA_2G05MZrCsDOiRgrAP0fWOkAbkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qxr0JgOXWOMG2dgfZ3AosfCiOqkokTWnxPicG2cjpgaoMLExoHZ5vMPG-KgyEWL6ohpqFoklERTy7-QmeCvS31hwST1GrsOigSkUHkmgoRrBRDclmPBiqEBJcZvooxYHRj3n9xUp45DC_UKoQAcyCrP0te7wQ2yuyEvS6XjgsiRyUJYlJKN6twFlOxoy25AyU02dEJG0mDq6593w_bObaH8w8y1kjmyHBdPGwI_NU79aFty2rjL1XJy_wNspXL0xebQgl9-DvtIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliU57aWnZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1RfijCIYX4aA71bElyNQ3A1Zu_7Q%26client%3Dca-pub-3785345259461815%26adurl%3D

msedge.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&u=%7CnzHT0kHP1LEOYnXc7k20K4yXzQ5dJtBWa3s%2BQMSva7I%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgR0SUmYjNawkMdFu_5AQXxlolrPSm2QHKt_nK8LnQlMh_rGsspCIlZTTcBYQsZMKq9ojV23V72_Rh0RCgLwjSrIpi7k91jDfN2IOqs7H6WcWwz1RXXvgeZFIZ3FwtpfNGEf7YU7vf_7qqbNf_K8WgVx_I_B3Bo_eb9alFB0KlHn5y1MbbHa0GxYxCl2HYJ_DwkjxaYNFVTd6v34Ho6dMvhPlDJ_kUcLvk9ViS4tBV5wXscmigymf25I6LCV-tFZXwSdTEOVjHxJlZhZA6G3CXgpgHbCcT3ln-SakGCw18blcx5I-usN7f0WC0BPIjitSfWtbrnp2TIg9KwEHTOMUpXxJ9hHnICpPfsEvbEoKa54godJ3pljhEnAf48yd8bL1hDWBpzMWS2GnxQaJwHmKvpWceqky608u2W45dS6zFHGchKwFSD8HjxgtrMIl-1G0PrhsHeEqrzrcUiSPOzA51wl7m8HaAiE9t1aw4G0ua5HVKxmxt5g_UhL-U4atXFS8r6abr0Yv96fa_2wngHVRFXZei1PsiSxP30nK2lGgEGAshxfKsfcJAXV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGA_2G05MZrCsDOiRgrAP0fWOkAbkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qxr0JgOXWOMG2dgfZ3AosfCiOqkokTWnxPicG2cjpgaoMLExoHZ5vMPG-KgyEWL6ohpqFoklERTy7-QmeCvS31hwST1GrsOigSkUHkmgoRrBRDclmPBiqEBJcZvooxYHRj3n9xUp45DC_UKoQAcyCrP0te7wQ2yuyEvS6XjgsiRyUJYlJKN6twFlOxoy25AyU02dEJG0mDq6593w_bObaH8w8y1kjmyHBdPGwI_NU79aFty2rjL1XJy_wNspXL0xebQgl9-DvtIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliU57aWnZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1RfijCIYX4aA71bElyNQ3A1Zu_7Q%26client%3Dca-pub-3785345259461815%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 40255893
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEBpOTGZn042DpLCUWxTQAAASAAAKCkFRVVREd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&cbvp=2

msedge.exe

Remote address:

178.250.7.12:443

Request

GET /google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEBpOTGZn042DpLCUWxTQAAASAAAKCkFRVVREd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&cbvp=2 HTTP/2.0
host: rtb.fr3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
server-processing-duration-in-ticks: 143218
strict-transport-security: max-age=31536000; preload;
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=IVeeyxCZUBz-aW6NeB_hVU1FgHHki777IxCzGM0kh5H7JVOh0NWOPQ4S9nCic12AHDuMcmdSlRCPEQkKbx3NjVolK9WkVv9BqmJrFWnSwopWBZcuO83pzyzArAKwcYYdTQvBEyKgKz_MFm0J0XkiRzJ_vJcMJC_lXpYssYEucNXehUkhXC3Mn6E3DGMNzu2d5KbRP-0Yyr737SlAHj5-TsLpMePT2XMXnf6h7asatNlT1jTnOyWBNhDJFYxwZCeU2Po_L9SUiF5qo1AN8dk3z8GZ691E5US4REv8hGtOUd_DkXLtxyEI-rhhZ7HiVv0zojr64rz_XtNCYTKqMc_FSKIWz3Qrqfj7ssoqNR3RYImoreE9mlRogxRenIyL-VtIm3tFZ51301tRwcxpf-W0Wm3PfZen3ccWvHbPr_lignv1yPnuY0lKd1Q5F2GSmR9eSg4LbA

msedge.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=IVeeyxCZUBz-aW6NeB_hVU1FgHHki777IxCzGM0kh5H7JVOh0NWOPQ4S9nCic12AHDuMcmdSlRCPEQkKbx3NjVolK9WkVv9BqmJrFWnSwopWBZcuO83pzyzArAKwcYYdTQvBEyKgKz_MFm0J0XkiRzJ_vJcMJC_lXpYssYEucNXehUkhXC3Mn6E3DGMNzu2d5KbRP-0Yyr737SlAHj5-TsLpMePT2XMXnf6h7asatNlT1jTnOyWBNhDJFYxwZCeU2Po_L9SUiF5qo1AN8dk3z8GZ691E5US4REv8hGtOUd_DkXLtxyEI-rhhZ7HiVv0zojr64rz_XtNCYTKqMc_FSKIWz3Qrqfj7ssoqNR3RYImoreE9mlRogxRenIyL-VtIm3tFZ51301tRwcxpf-W0Wm3PfZen3ccWvHbPr_lignv1yPnuY0lKd1Q5F2GSmR9eSg4LbA HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1733712
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001fVhTBFAVGVhGLdS1rcM1bqgtNhWUSoOsvEzAbye88ALa38C3NZLbnpJopbzDLREJucYAjHdeORTmMlzARSW6kfqjySBY5lNLfBUpIQxKDoH0KuObnwRcm8rOXIxz9pY6beUnkHrefwdJgIBEg3UzKd1tzGVhXDiH5nTV2DyXM2aAktu9jPIF6YPKavsA9ii4EGh6wHCMtMlnzb5GJ7g4d13Htwo

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001fVhTBFAVGVhGLdS1rcM1bqgtNhWUSoOsvEzAbye88ALa38C3NZLbnpJopbzDLREJucYAjHdeORTmMlzARSW6kfqjySBY5lNLfBUpIQxKDoH0KuObnwRcm8rOXIxz9pY6beUnkHrefwdJgIBEg3UzKd1tzGVhXDiH5nTV2DyXM2aAktu9jPIF6YPKavsA9ii4EGh6wHCMtMlnzb5GJ7g4d13Htwo HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 57227
content-type: image/png
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 10 May 2025 03:43:16 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgRN8eDxYTTcuBtR66CST3nIHitaaIdvsTAgyEpBfhwJbFOH5pcWtV9wRGcTH4B0i3tFQ0LJmsRxCJVk2YO70dpk5S6ZGDTTjq2ytVJ44Ge63kJzDle6zGktpVOKjPbhrVeVMjk4ePKUkZaXmpYp?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgRN8eDxYTTcuBtR66CST3nIHitaaIdvsTAgyEpBfhwJbFOH5pcWtV9wRGcTH4B0i3tFQ0LJmsRxCJVk2YO70dpk5S6ZGDTTjq2ytVJ44Ge63kJzDle6zGktpVOKjPbhrVeVMjk4ePKUkZaXmpYp?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 49078
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 12 Apr 2025 11:24:29 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgMfTAYkCC7eOhLeRnYeYpqopQLp0ah47mXmgblgzomgtlZ7xq66DqMZkNFdADR4EAQUR6wFxwiYBn9fiwlWVviXAsT4d43pxHveELCj07q94r6TaUv6rfXux5sF7aIRYVjWZwUj4cLzhiHCxP0L?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgMfTAYkCC7eOhLeRnYeYpqopQLp0ah47mXmgblgzomgtlZ7xq66DqMZkNFdADR4EAQUR6wFxwiYBn9fiwlWVviXAsT4d43pxHveELCj07q94r6TaUv6rfXux5sF7aIRYVjWZwUj4cLzhiHCxP0L?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 54054
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Wed, 07 May 2025 19:32:18 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9h6XcnN0EbTtYQ5QG8JggVNAdsLlFEGg7YF5xCZJMZRrrV4jgmOFKeVX6UR4jR02q9IIJtWSnaWC778UvgwrYpdA3sSclRIiZrbvCjCORhDRUjsulBCCAxYlsHzLzg1QZQssLujWwvkdRFrr?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9h6XcnN0EbTtYQ5QG8JggVNAdsLlFEGg7YF5xCZJMZRrrV4jgmOFKeVX6UR4jR02q9IIJtWSnaWC778UvgwrYpdA3sSclRIiZrbvCjCORhDRUjsulBCCAxYlsHzLzg1QZQssLujWwvkdRFrr?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 79424
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 12 Apr 2025 11:07:57 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgJZvYjMrWyLRzUjZ1XRz8W8bwxiTPrPxw9XSXyz574agxVUvRJ1OOmC8q98DYvymv3igBczFyAIqKDknNXw3ytywLyPIOWmHgA69hf7jOt1fmxX2DvbJv73o5b3xoyfCSyZwcvNL9mLswxWXobI?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgJZvYjMrWyLRzUjZ1XRz8W8bwxiTPrPxw9XSXyz574agxVUvRJ1OOmC8q98DYvymv3igBczFyAIqKDknNXw3ytywLyPIOWmHgA69hf7jOt1fmxX2DvbJv73o5b3xoyfCSyZwcvNL9mLswxWXobI?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 59326
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Thu, 08 May 2025 02:51:33 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfe0aZK7S2358M9IXtirMXGwOHg7Re5M0EaZTZ1srecs8SJiy0j2Xo016mj0KvyRdQBAeOtWuRSLKkgTsA8KRsJ8C9vwBKM9Om18vEKFFg0boTpgfHCuY9fdg0dchZRENzmeeEmEr86umwGTGZ?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/004o0M12z4OPRwTU60xVgfdfe0aZK7S2358M9IXtirMXGwOHg7Re5M0EaZTZ1srecs8SJiy0j2Xo016mj0KvyRdQBAeOtWuRSLKkgTsA8KRsJ8C9vwBKM9Om18vEKFFg0boTpgfHCuY9fdg0dchZRENzmeeEmEr86umwGTGZ?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 48050
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 12 May 2025 08:53:18 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfeYeJLCYW1CvsVU3Ctho8WGYW2tTUga7JgK0tKfVFlEC1ayPBJYrOZ7U3O3vFkaFnwMFoXVFFeR8Z4hKjqTIbMLrA6QDGflyXRkcBsF4qDfY6Nw5PTbIA185q4uQkMUmsXRahNg2ND7pwmhIb?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/004o0M12z4OPRwTU60xVgfdfeYeJLCYW1CvsVU3Ctho8WGYW2tTUga7JgK0tKfVFlEC1ayPBJYrOZ7U3O3vFkaFnwMFoXVFFeR8Z4hKjqTIbMLrA6QDGflyXRkcBsF4qDfY6Nw5PTbIA185q4uQkMUmsXRahNg2ND7pwmhIb?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 48336
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 12 May 2025 07:09:41 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfeYeKfiwOgMOzxpAedENVWjqPx1IqrE7tCwphpSgOL9LINraSNxiOMPg1v6EWZvT5AW7QeT7TD26AhM3sa0PNOLXXAMI2xigryEY1NVPmJLDGHBnbanAtzm3h7GB8XipbFNCc4VKSJAbSDnKZ?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/004o0M12z4OPRwTU60xVgfdfeYeKfiwOgMOzxpAedENVWjqPx1IqrE7tCwphpSgOL9LINraSNxiOMPg1v6EWZvT5AW7QeT7TD26AhM3sa0PNOLXXAMI2xigryEY1NVPmJLDGHBnbanAtzm3h7GB8XipbFNCc4VKSJAbSDnKZ?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 32800
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 12 May 2025 08:07:03 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgEsdPYmwhWwPzrwk6ufEgy9DPssonf16UI6fjjDf5SUibSH5pikYYjkETgufV4rQro2yYzKnJvr8f2RjwnAF2IBCgkJoJ0nWDkH3wH6vWDzqjUBXswAyMZ4q4ulRIZcrj4RFodKdX4nIokM6hHg?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgEsdPYmwhWwPzrwk6ufEgy9DPssonf16UI6fjjDf5SUibSH5pikYYjkETgufV4rQro2yYzKnJvr8f2RjwnAF2IBCgkJoJ0nWDkH3wH6vWDzqjUBXswAyMZ4q4ulRIZcrj4RFodKdX4nIokM6hHg?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 79590
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sun, 11 May 2025 12:58:27 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgPmuAswJXT71sb8GwliCQHMPS3eWUHmz0GddMpyU7odUvXIpWKvLq9OFwqjOPjzwvza48l7m3pYTkJs1F5nUIbkHi7FfupSbwgRKx6Ucw21csVvzqq7PumY0lZNdm1x1dnBHQ8lmqPSv6nHCshc?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgPmuAswJXT71sb8GwliCQHMPS3eWUHmz0GddMpyU7odUvXIpWKvLq9OFwqjOPjzwvza48l7m3pYTkJs1F5nUIbkHi7FfupSbwgRKx6Ucw21csVvzqq7PumY0lZNdm1x1dnBHQ8lmqPSv6nHCshc?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 83554
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 12 May 2025 12:27:17 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9VxRtZOAfhTyMJF4KgjXP2LiRC9dvOkXnQ3vJrEfr3ooted2dX8euI5JIeDUYUmd479NXVmnaH76S2pMUVLJlD000l9UD5UAg0NrPWNQht0J0qXTx6JTzFTEpb48mZqnuKLd2rLVMVnL2TBv?b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9VxRtZOAfhTyMJF4KgjXP2LiRC9dvOkXnQ3vJrEfr3ooted2dX8euI5JIeDUYUmd479NXVmnaH76S2pMUVLJlD000l9UD5UAg0NrPWNQht0J0qXTx6JTzFTEpb48mZqnuKLd2rLVMVnL2TBv?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 51026
content-type: image/webp
date: Tue, 21 May 2024 07:32:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 10 May 2025 23:27:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:32:43 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 48
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:32:45 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 5330
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:32:50 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&u=%7CwHMebL%2B0Xlie3c3zsNP7ea4RPOlqkKe0ECOA7hn1ryc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgT3SpxNxQU-ektoZn1HlmObbYQ_H3_VnUrf3K1uyqrHDt6dB_2tcetI3254XCi1Ykmw3LpCfDw09pOnMg3VrNoivFpTaUtLqzcL2nvvAJhuktd7KNItUb6w20kjegD02ztU8kr3xme53yy5P2KubEjQ5L88LliqZuS2ZoSCc2hpTqXV-BC5NfCd-zfKay52ZJ64lXXOMvR4SrpKEnE0jXZYc0aKse0jUmppWzMvnQ-3o4vXsNlHtwHcLYFk88_GBQN0UynAfqcPYKqT-txow1sK6tMrTUQmfP294DzDIxFcNxz7D-J2hR-jt_s8D5iyDUP8yIlTtYt0BsCl3oaxglhc1rUODynsYnkSV_zQTHklyiVh5WuGaD0pm5OQxNZm9Wpoyl7Fg8Fl6GpLjuqdpDuDFu0CwcW-6zMmJGL0ydBTJTgTysqpOtAp5JAL6sUQNdwkPmOJKNWIhWYP4KbjN_nGgOYjJlfsWeUVZje7wmzv5rwyKlp4peiz2hM04jKNXu6-8XAqTl6fXiQ6UG8rrI0gHfJ9CTGq1Jfzcj8TSXZex65RiEacRegSFC8JbTSPmzw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQh-zOU5MZqDeDMyfv8IPjvG20Afkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_QKuaSNPZIyo7m4h5BJnVeMJBaPBF19YwVxW-2IVOtENV7_uB8SjPS8_CNV_0tIvq06t2QbGJByjpzv1Sx06BGbwkKikVbSX4_Z9LvgW7BxzZPUf0uI_oxeNYoui_YqTVxl3cmIa4QOCn8a7cbUvKYVaAXHf0CjvrNo5SPdkBx7m2vN9nTso2FnmkPLLQB4nvrF8aGtUZu_iLT_eefmE_uAE8Lr677nXZUBzbf5Y7D72DguYfDvIvW9bHsQHDLt4Or5SlV6jiKkoAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOljqjd6knZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0OWACD1PhcM7Gizeq3NZriWqwesw%26client%3Dca-pub-3785345259461815%26adurl%3D

msedge.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&u=%7CwHMebL%2B0Xlie3c3zsNP7ea4RPOlqkKe0ECOA7hn1ryc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgT3SpxNxQU-ektoZn1HlmObbYQ_H3_VnUrf3K1uyqrHDt6dB_2tcetI3254XCi1Ykmw3LpCfDw09pOnMg3VrNoivFpTaUtLqzcL2nvvAJhuktd7KNItUb6w20kjegD02ztU8kr3xme53yy5P2KubEjQ5L88LliqZuS2ZoSCc2hpTqXV-BC5NfCd-zfKay52ZJ64lXXOMvR4SrpKEnE0jXZYc0aKse0jUmppWzMvnQ-3o4vXsNlHtwHcLYFk88_GBQN0UynAfqcPYKqT-txow1sK6tMrTUQmfP294DzDIxFcNxz7D-J2hR-jt_s8D5iyDUP8yIlTtYt0BsCl3oaxglhc1rUODynsYnkSV_zQTHklyiVh5WuGaD0pm5OQxNZm9Wpoyl7Fg8Fl6GpLjuqdpDuDFu0CwcW-6zMmJGL0ydBTJTgTysqpOtAp5JAL6sUQNdwkPmOJKNWIhWYP4KbjN_nGgOYjJlfsWeUVZje7wmzv5rwyKlp4peiz2hM04jKNXu6-8XAqTl6fXiQ6UG8rrI0gHfJ9CTGq1Jfzcj8TSXZex65RiEacRegSFC8JbTSPmzw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQh-zOU5MZqDeDMyfv8IPjvG20Afkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_QKuaSNPZIyo7m4h5BJnVeMJBaPBF19YwVxW-2IVOtENV7_uB8SjPS8_CNV_0tIvq06t2QbGJByjpzv1Sx06BGbwkKikVbSX4_Z9LvgW7BxzZPUf0uI_oxeNYoui_YqTVxl3cmIa4QOCn8a7cbUvKYVaAXHf0CjvrNo5SPdkBx7m2vN9nTso2FnmkPLLQB4nvrF8aGtUZu_iLT_eefmE_uAE8Lr677nXZUBzbf5Y7D72DguYfDvIvW9bHsQHDLt4Or5SlV6jiKkoAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOljqjd6knZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0OWACD1PhcM7Gizeq3NZriWqwesw%26client%3Dca-pub-3785345259461815%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
date: Tue, 21 May 2024 07:33:13 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=6F-is3MWIuOiSq2rfeqJhM_gA6L5XS0xeKByyhGgi8NTzQ69cZU0pjUbNZLdIMBTRsdALXPR5v2u0UKaVCoMhPo_QWds9bIChBOk1eUrzkt_993bKi-mTJStuOJt8Na0isl_tnocUbb2rhyNj1WTZdKdhoo5H0-E3pn9RpPqITBgqOh65hVMrpTAwhFJLJSTMXLxugAS7gL6VnT5XvnjFaw-hwa1QFuiVZH_n1kowfXGrDzpeYmBLGUOR8mqeh6al8-2OA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 36765211
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

rtb.nl3.eu.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rtb.nl3.eu.criteo.com

IN A

Response

rtb.nl3.eu.criteo.com

IN CNAME

rtb.nl3.vip.prod.criteo.com

rtb.nl3.vip.prod.criteo.com

IN A

178.250.1.10
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
GET

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEDhOTGZjQVkM6ROU5zyEAAASAAAKCkFRVUJBUUVQQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&cbvp=2

msedge.exe

Remote address:

178.250.1.10:443

Request

GET /google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEDhOTGZjQVkM6ROU5zyEAAASAAAKCkFRVUJBUUVQQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&cbvp=2 HTTP/2.0
host: rtb.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Tue, 21 May 2024 07:33:13 GMT
server: Kestrel
server-processing-duration-in-ticks: 194856
strict-transport-security: max-age=31536000; preload;
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=5x58DBCZUBz-aW6NeB_hVU1FgHHylR59EhUILo4TqKw0YHCxXx13ySmszxLlm_3w8vlp9ApdXdltuDQCLHRuZDgdV_iXHb6LYwQxAhXZ7TYbV1UtEQ_owdNG8ysibk9s0QFAjhyMYH2FmuQ54O07_Ok8xSzqQy9akmOStU35MEpabEJj4oOq7k_2h6tqd9AY7zrDzh9PQVD-_gsUKbL0RDdxFHV-FxtJkBy7_N-J9TfYPNOy03Me3pcN665TH_tETIEdikRivmmvF9erZmduPhSNcH-zJpxYUNvo8bReC7LIqVHe0y4TRA6akTp4TYyJ7G_7bMVOBBDRV9Y8O3XZXrXcSw57GJ1YgUI8gQzO3XYDVUgX9SWYHx1ZxoHf1Z0ED6iT_XGY9VE0TAXFoY0oYzSJ4YEwBj7g_NVsZIOTCkf_cZDtshHeKWgVg8BK0RVw8s5n0BvpRqSMB7O5tSi6vGNBZRU

msedge.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=5x58DBCZUBz-aW6NeB_hVU1FgHHylR59EhUILo4TqKw0YHCxXx13ySmszxLlm_3w8vlp9ApdXdltuDQCLHRuZDgdV_iXHb6LYwQxAhXZ7TYbV1UtEQ_owdNG8ysibk9s0QFAjhyMYH2FmuQ54O07_Ok8xSzqQy9akmOStU35MEpabEJj4oOq7k_2h6tqd9AY7zrDzh9PQVD-_gsUKbL0RDdxFHV-FxtJkBy7_N-J9TfYPNOy03Me3pcN665TH_tETIEdikRivmmvF9erZmduPhSNcH-zJpxYUNvo8bReC7LIqVHe0y4TRA6akTp4TYyJ7G_7bMVOBBDRV9Y8O3XZXrXcSw57GJ1YgUI8gQzO3XYDVUgX9SWYHx1ZxoHf1Z0ED6iT_XGY9VE0TAXFoY0oYzSJ4YEwBj7g_NVsZIOTCkf_cZDtshHeKWgVg8BK0RVw8s5n0BvpRqSMB7O5tSi6vGNBZRU HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
date: Tue, 21 May 2024 07:33:13 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1636984
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=6F-is3MWIuOiSq2rfeqJhM_gA6L5XS0xeKByyhGgi8NTzQ69cZU0pjUbNZLdIMBTRsdALXPR5v2u0UKaVCoMhPo_QWds9bIChBOk1eUrzkt_993bKi-mTJStuOJt8Na0isl_tnocUbb2rhyNj1WTZdKdhoo5H0-E3pn9RpPqITBgqOh65hVMrpTAwhFJLJSTMXLxugAS7gL6VnT5XvnjFaw-hwa1QFuiVZH_n1kowfXGrDzpeYmBLGUOR8mqeh6al8-2OA&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=6F-is3MWIuOiSq2rfeqJhM_gA6L5XS0xeKByyhGgi8NTzQ69cZU0pjUbNZLdIMBTRsdALXPR5v2u0UKaVCoMhPo_QWds9bIChBOk1eUrzkt_993bKi-mTJStuOJt8Na0isl_tnocUbb2rhyNj1WTZdKdhoo5H0-E3pn9RpPqITBgqOh65hVMrpTAwhFJLJSTMXLxugAS7gL6VnT5XvnjFaw-hwa1QFuiVZH_n1kowfXGrDzpeYmBLGUOR8mqeh6al8-2OA&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:33:13 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_222.jpg&v=3&w=400&rid=4&s=99T8VuaPv0hFK3lr6nffO9cd&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_222.jpg&v=3&w=400&rid=4&s=99T8VuaPv0hFK3lr6nffO9cd&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 59326
content-type: image/webp
date: Tue, 07 May 2024 11:37:06 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 07 Apr 2025 17:44:14 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194967
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3_5.png&v=3&w=400&rid=4&s=cqp34ncbm8MkFHvBvrLUHULU

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3_5.png&v=3&w=400&rid=4&s=cqp34ncbm8MkFHvBvrLUHULU HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1691
content-type: image/png
date: Tue, 07 May 2024 12:03:13 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Fri, 18 Apr 2025 07:48:34 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1193400
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_82377.jpg&v=3&w=400&rid=4&s=nM1WVen9qjAykiYoDUWaw4VS&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_82377.jpg&v=3&w=400&rid=4&s=nM1WVen9qjAykiYoDUWaw4VS&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 57942
content-type: image/webp
date: Tue, 07 May 2024 11:58:26 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Fri, 11 Apr 2025 14:51:27 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1193687
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
DNS

10.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.1.250.178.in-addr.arpa

IN PTR

Response
DNS

10.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.1.250.178.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8CFFD5DAD68C47CCA043ADEE62B2D245 Ref B: LON04EDGE1206 Ref C: 2024-05-21T07:33:17Z
date: Tue, 21 May 2024 07:33:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C62861AEE8F47F7B2D41C7ED45A7521 Ref B: LON04EDGE1206 Ref C: 2024-05-21T07:33:17Z
date: Tue, 21 May 2024 07:33:16 GMT
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&u=%7Cx0f7wT2BflUe0kajrsMkVpkV1ibcBoJ6rDTzG4no4u4%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgQ63iAGoRHAOwEP-YW7dDh_FwmIAzzqdmP-5u0Wiy8fipfz0Yli473qfzmE8nLY8e47nekc-qMZD4P0Q-rMuEubMyhGpbsh9b88kf6CcPwM-gVenqQvVqsZh2Eq2Rtl0BMPVGMvqAsZHuw3r1zdAvV2IlUUZMBWgRZflFyJ5vPjMdbxs8kT318A66QkmtT5iNbSeP83CY7reJcuT5h33OipAuWNFs_u-GxUawmZwuIOObCiz2eBHi7LVgKh5ZLcZb6Lj9ZyDZs0j4cozq_t18p5WxJDHBetQ4k_aPz1I6-uyEHPlGmEEe5vvyPQYhxSThaDjZRnanRdvApDDvg02SPe3WE5R_C4e-VzkXo8y_yiTLr3Q-waK37btVZd66gR3sIPAKEz982B3ARB7D6n-Yp3vkMyN34PvthZrWjDFVlyj5MgvffRSxtbQWtWZIofhkdJ_6FEdQBFKB5hFUkxfmd39Y2VwjZNRUS8yERTfmzyJET2S-VXUyOqfV5WGkhyW4Cll8XkmaIBjPH-Fto4lAMkKbz9Z5Qg8Bxo0i5z8bZq34VsIM0T_l9jXmowa-YZcqk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTSsPV05MZtHyDPaWgrAP6_e9gAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qz35xvH36c9e_CWIHadx0g7-jS7ARIPrDTqvvtVssswK1XO7NsjJecfodUfEFHJXnfzN8p3gb8tfPSVTPMIMvGV62cKn_NQtbdcXVJxWv393qhu5f6JNH--0QkyKG8OSv5QstvXkYvqR0SucvgLcCyLzztDzH-9yZ_ofTLis2Ma6H1YJ4t_ODwi_zG8RFgascQotQ8-tfauiPOwRXUV12aSKP43TPm8-famgQGxby5jZ8Inb4usy4LolnqQFFoPTutJ-6HEMIr4AGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOlj7rIWznZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2u6a6kPbyxRbBrPX1Wqf91T5rkEA%26client%3Dca-pub-3785345259461815%26adurl%3D

msedge.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&u=%7Cx0f7wT2BflUe0kajrsMkVpkV1ibcBoJ6rDTzG4no4u4%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgQ63iAGoRHAOwEP-YW7dDh_FwmIAzzqdmP-5u0Wiy8fipfz0Yli473qfzmE8nLY8e47nekc-qMZD4P0Q-rMuEubMyhGpbsh9b88kf6CcPwM-gVenqQvVqsZh2Eq2Rtl0BMPVGMvqAsZHuw3r1zdAvV2IlUUZMBWgRZflFyJ5vPjMdbxs8kT318A66QkmtT5iNbSeP83CY7reJcuT5h33OipAuWNFs_u-GxUawmZwuIOObCiz2eBHi7LVgKh5ZLcZb6Lj9ZyDZs0j4cozq_t18p5WxJDHBetQ4k_aPz1I6-uyEHPlGmEEe5vvyPQYhxSThaDjZRnanRdvApDDvg02SPe3WE5R_C4e-VzkXo8y_yiTLr3Q-waK37btVZd66gR3sIPAKEz982B3ARB7D6n-Yp3vkMyN34PvthZrWjDFVlyj5MgvffRSxtbQWtWZIofhkdJ_6FEdQBFKB5hFUkxfmd39Y2VwjZNRUS8yERTfmzyJET2S-VXUyOqfV5WGkhyW4Cll8XkmaIBjPH-Fto4lAMkKbz9Z5Qg8Bxo0i5z8bZq34VsIM0T_l9jXmowa-YZcqk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTSsPV05MZtHyDPaWgrAP6_e9gAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qz35xvH36c9e_CWIHadx0g7-jS7ARIPrDTqvvtVssswK1XO7NsjJecfodUfEFHJXnfzN8p3gb8tfPSVTPMIMvGV62cKn_NQtbdcXVJxWv393qhu5f6JNH--0QkyKG8OSv5QstvXkYvqR0SucvgLcCyLzztDzH-9yZ_ofTLis2Ma6H1YJ4t_ODwi_zG8RFgascQotQ8-tfauiPOwRXUV12aSKP43TPm8-famgQGxby5jZ8Inb4usy4LolnqQFFoPTutJ-6HEMIr4AGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOlj7rIWznZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2u6a6kPbyxRbBrPX1Wqf91T5rkEA%26client%3Dca-pub-3785345259461815%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
date: Tue, 21 May 2024 07:33:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 41927463
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEFZOTGZpLuQdi1yrVcSMAAASAAAKCkFRVUJBUUVCQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&cbvp=2

msedge.exe

Remote address:

178.250.1.10:443

Request

GET /google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEFZOTGZpLuQdi1yrVcSMAAASAAAKCkFRVUJBUUVCQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&cbvp=2 HTTP/2.0
host: rtb.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Tue, 21 May 2024 07:33:42 GMT
server: Kestrel
server-processing-duration-in-ticks: 163506
strict-transport-security: max-age=31536000; preload;
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=V7cwlhCZUBz-aW6NeB_hVU1FgHFAxU6PW5G6YbansxUptlaeKacPFeuff4alWWsCxb5mOhZmUiMEKwdrVMZHXA2vLSmLgCN_spRrULvLZ2v5zBpNlYjudZIWpCFjUxqdMc9yz2thaLKklUUSJhnBUwydkwjB_j4r3tby6P4a-m_WTkAU0Be44K3hlSwEemuXTYaynjqJk2tSzikZx52-8uhmdGfrLsICXo-651KxeTGHGnYu5PnXeYA3RU8H91rmwS7O0B4I6MNFfo0syGL1YadVRKa_K3PhX5Q4ZVWQqFB7285Crxe7oQWll11HeRjJDmwYUW33nFGiHJ1su7bVrkvg2PlRcLklBql_SN0VoPVSaRfOcsRkUWWBkczItQkoCCn25W_1hkeKGX6Kz9S0zj4I8j3cFEcyx7n2RuYwnFPNVx2ScgRCU-LJLzcgC8N8rzuTWWtKMPhFTzhSEO4enz6FFXE

msedge.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=V7cwlhCZUBz-aW6NeB_hVU1FgHFAxU6PW5G6YbansxUptlaeKacPFeuff4alWWsCxb5mOhZmUiMEKwdrVMZHXA2vLSmLgCN_spRrULvLZ2v5zBpNlYjudZIWpCFjUxqdMc9yz2thaLKklUUSJhnBUwydkwjB_j4r3tby6P4a-m_WTkAU0Be44K3hlSwEemuXTYaynjqJk2tSzikZx52-8uhmdGfrLsICXo-651KxeTGHGnYu5PnXeYA3RU8H91rmwS7O0B4I6MNFfo0syGL1YadVRKa_K3PhX5Q4ZVWQqFB7285Crxe7oQWll11HeRjJDmwYUW33nFGiHJ1su7bVrkvg2PlRcLklBql_SN0VoPVSaRfOcsRkUWWBkczItQkoCCn25W_1hkeKGX6Kz9S0zj4I8j3cFEcyx7n2RuYwnFPNVx2ScgRCU-LJLzcgC8N8rzuTWWtKMPhFTzhSEO4enz6FFXE HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
date: Tue, 21 May 2024 07:33:43 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1916300
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:33:43 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true

msedge.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 5284
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 21 May 2024 07:33:50 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_1.jpg&v=3&w=400&rid=4&s=kDzdngVf6xNz1-dX5vnJm_Ki&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_1.jpg&v=3&w=400&rid=4&s=kDzdngVf6xNz1-dX5vnJm_Ki&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 66156
content-type: image/webp
date: Tue, 07 May 2024 11:50:58 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Wed, 09 Apr 2025 12:28:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194165
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_25208.jpg&v=3&w=400&rid=4&s=uYd6xKPhQv2ivwrtJBWpnUQ5&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_25208.jpg&v=3&w=400&rid=4&s=uYd6xKPhQv2ivwrtJBWpnUQ5&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 48336
content-type: image/webp
date: Tue, 07 May 2024 11:51:43 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Fri, 11 Apr 2025 07:49:27 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1194119
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_70821.jpg&v=3&w=400&rid=4&s=JYxXbF5j0A-A_YVv41092SNj&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_70821.jpg&v=3&w=400&rid=4&s=JYxXbF5j0A-A_YVv41092SNj&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 49344
content-type: image/webp
date: Tue, 07 May 2024 11:32:39 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 12 Apr 2025 10:36:56 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1195263
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_156.jpg&v=3&w=400&rid=4&s=wIzSzuR3CPaxLfqYf54AXinh&b=400

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_156.jpg&v=3&w=400&rid=4&s=wIzSzuR3CPaxLfqYf54AXinh&b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1628
content-type: image/png
date: Tue, 07 May 2024 12:02:08 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Fri, 18 Apr 2025 07:48:34 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1193494
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3.png&v=3&w=400&rid=4&s=Cx9p1eNAdO8Iqtq5iVmAIF20

msedge.exe

Remote address:

178.250.1.15:443

Request

GET /img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3.png&v=3&w=400&rid=4&s=Cx9p1eNAdO8Iqtq5iVmAIF20 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 32800
content-type: image/webp
date: Tue, 07 May 2024 12:16:51 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Fri, 11 Apr 2025 14:00:34 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 1192612
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;

216.239.32.178:445

www.google-analytics.com

156 B
3
95.168.183.149:80

http://members.poemhunter.com/members/aa_top_member_menu_hor.asp

http

msedge.exe

764 B
619 B
6
5

HTTP Request

GET http://members.poemhunter.com/members/aa_top_member_menu_hor.asp

HTTP Response

301
142.250.179.226:80

http://www.googletagservices.com/tag/js/gpt.js

http

msedge.exe

641 B
845 B
7
6

HTTP Request

GET http://www.googletagservices.com/tag/js/gpt.js

HTTP Response

302
142.250.179.226:443

https://www.googletagservices.com/tag/js/gpt.js

tls, http2

msedge.exe

2.5kB
38.2kB
33
37

HTTP Request

GET https://www.googletagservices.com/tag/js/gpt.js
195.181.165.181:443

https://www.poemhunter.com/assets/js/jquery.lazyload.js?_=1716276701515

tls, http2

msedge.exe

5.4kB
109.7kB
72
100

HTTP Request

GET https://www.poemhunter.com/poets/

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/bundles/css/main.min.css?v=1.0.0.1119

HTTP Request

GET https://www.poemhunter.com/assets/js/jquery-3.6.0.min.js

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/bundles/js/main.min.js?v=1.0.0.1119

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/assets/img/logo-white.png

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/assets/img/icon-search-white.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/assets/img/icon-arrow.svg

HTTP Request

POST https://www.poemhunter.com/Ajax/Login/

HTTP Request

POST https://www.poemhunter.com/Ajax/SelectAccountControl/

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.poemhunter.com/assets/js/jquery.lazyload.js?_=1716276701515

HTTP Response

200
18.239.208.4:80

http://b.scorecardresearch.com/beacon.js

http

msedge.exe

681 B
3.1kB
8
8

HTTP Request

GET http://b.scorecardresearch.com/beacon.js

HTTP Response

200
93.158.134.119:80

http://mc.yandex.ru/metrika/watch.js

http

msedge.exe

631 B
390 B
7
6

HTTP Request

GET http://mc.yandex.ru/metrika/watch.js

HTTP Response

302
18.239.208.108:443

https://sb.scorecardresearch.com/b?c1=2&c2=11114222&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716276701218&ns_c=UTF-8&c7=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html&c8=William%20Butler%20Yeats%20-%20Statistics%20of%20William%20Butler%20Yeats-%20Poem%20Hunter&c9=

tls, http2

msedge.exe

1.9kB
6.9kB
14
16

HTTP Request

GET https://sb.scorecardresearch.com/b?c1=2&c2=11114222&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716276701218&ns_c=UTF-8&c7=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F622dacbc6b7faa7e1dfe21a2003bac25_JaffaCakes118.html&c8=William%20Butler%20Yeats%20-%20Statistics%20of%20William%20Butler%20Yeats-%20Poem%20Hunter&c9=

HTTP Response

204
93.158.134.119:443

https://mc.yandex.ru/metrika/watch.js

tls, http2

msedge.exe

5.6kB
71.1kB
49
75

HTTP Request

GET https://mc.yandex.ru/metrika/watch.js
142.250.200.34:443

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405090101/pubads_impl.js

tls, http2

msedge.exe

4.8kB
158.7kB
80
122

HTTP Request

GET https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405090101/pubads_impl.js
216.239.34.178:445

www.google-analytics.com

208 B
4
216.239.38.178:445

www.google-analytics.com

208 B
4
216.239.36.178:445

www.google-analytics.com

208 B
4
142.250.187.226:443

googleads.g.doubleclick.net

tls, http2

msedge.exe

1.0kB
6.1kB
10
9
216.58.213.14:139

www.google-analytics.com

208 B
4
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

tls, http2

2.5kB
9.0kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

HTTP Response

204
172.217.16.225:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

msedge.exe

2.0kB
13.5kB
19
20

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
23.62.61.129:443

https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266

tls, http2

1.4kB
5.4kB
16
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266

HTTP Response

200
178.250.1.17:443

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&u=%7CYcDY%2BpZv0G0IJ8hTAR8Ejh0a8tdlbyVDul%2BkiXVHzdU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgTYxIfrObes8kmYPTGcWqM8l1I1h3P7JcwZW79Xia7PJPKv7f7hj_jYA7rCZVjI-KyyRVT5JGhQNPEBzMRkUgv9q2rKk-FRhoCaxfw-YnBPBhyqyF8sH0ZwH6UwGDVgjWblLIJspoIUS3fG-lsN9WS8xaAFcFTItbiifL0gRmPGG8B_u_arUmBC86lRPTq1QeSBdJUy0_WRhhOKaqLF_OB1Y3n7ZLuayuEeKOEgxAgX0z800RerkMb7eTZ52FcXaGdIV7jfBckQMFsN7LhIftB5klFGB9ASIF0huaKkQ36V081j4Xr5wQIg9d6WzA23-OmB4mBayPAZlnSHxUuq5wDH0811eVV0epiLi-mLsIn0LGDO7miAs4CXzg1qRz9uDk0hJhaTAVI6hN9Ow4w2KHPsmEY1XV19vJbFtz_chXxyLrpTDZKubeOrq-EP41vX7J8NfkNx-H3q6pv5Wo1LDPBB58YQKqSv57MJ7jQJvKN-YOgRD8yp12Ygp_kKwR1tflAVQppMZCQr865DY8YCoAhW4N2IgkTmuZeX6CtltJ5-rtzqGkmNVDlZrUaCiompDQY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFN0h301MZvi8L9Ho18cPo-yEqAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qtrfl1i-6eAgZvG1nALder11E1cUOTWjtWnBjRjUJkKjqVNepiVX_TrcvRxTVfo-xaUudCTo3wNBJtvjn0CXcIERubsmN1l0NF6M2t9FOO2JVwy2rvsLB3rHoGIQdWC674HRqIilqZZQ7QqwDRHgbL6NvfNJdg5X8m4hJyvS35bYFdrrxlP4JDBfZaEgGounqKCF57KltWQkNl-DLiGAz0RewcPEyxV4_ghcWyvsf6pKodAf5MeTF1Cd5f3IOLkerw19HPH-ZTIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliu64r6nJ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3lAAsFypQ8OJole3XUcF4KuIsliQ%26client%3Dca-pub-3785345259461815%26adurl%3D

tls, http2

msedge.exe

3.9kB
58.9kB
33
50

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&u=%7CYcDY%2BpZv0G0IJ8hTAR8Ejh0a8tdlbyVDul%2BkiXVHzdU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgTYxIfrObes8kmYPTGcWqM8l1I1h3P7JcwZW79Xia7PJPKv7f7hj_jYA7rCZVjI-KyyRVT5JGhQNPEBzMRkUgv9q2rKk-FRhoCaxfw-YnBPBhyqyF8sH0ZwH6UwGDVgjWblLIJspoIUS3fG-lsN9WS8xaAFcFTItbiifL0gRmPGG8B_u_arUmBC86lRPTq1QeSBdJUy0_WRhhOKaqLF_OB1Y3n7ZLuayuEeKOEgxAgX0z800RerkMb7eTZ52FcXaGdIV7jfBckQMFsN7LhIftB5klFGB9ASIF0huaKkQ36V081j4Xr5wQIg9d6WzA23-OmB4mBayPAZlnSHxUuq5wDH0811eVV0epiLi-mLsIn0LGDO7miAs4CXzg1qRz9uDk0hJhaTAVI6hN9Ow4w2KHPsmEY1XV19vJbFtz_chXxyLrpTDZKubeOrq-EP41vX7J8NfkNx-H3q6pv5Wo1LDPBB58YQKqSv57MJ7jQJvKN-YOgRD8yp12Ygp_kKwR1tflAVQppMZCQr865DY8YCoAhW4N2IgkTmuZeX6CtltJ5-rtzqGkmNVDlZrUaCiompDQY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFN0h301MZvi8L9Ho18cPo-yEqAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qtrfl1i-6eAgZvG1nALder11E1cUOTWjtWnBjRjUJkKjqVNepiVX_TrcvRxTVfo-xaUudCTo3wNBJtvjn0CXcIERubsmN1l0NF6M2t9FOO2JVwy2rvsLB3rHoGIQdWC674HRqIilqZZQ7QqwDRHgbL6NvfNJdg5X8m4hJyvS35bYFdrrxlP4JDBfZaEgGounqKCF57KltWQkNl-DLiGAz0RewcPEyxV4_ghcWyvsf6pKodAf5MeTF1Cd5f3IOLkerw19HPH-ZTIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliu64r6nJ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3lAAsFypQ8OJole3XUcF4KuIsliQ%26client%3Dca-pub-3785345259461815%26adurl%3D

HTTP Response

200
178.250.7.12:443

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEN9NTGaocrMF6R2Bt82jAAASAAAKCkFRVUJEd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&cbvp=2

tls, http2

msedge.exe

1.8kB
4.7kB
13
12

HTTP Request

GET https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEN9NTGaocrMF6R2Bt82jAAASAAAKCkFRVUJEd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxN3wAL3ngC9fRRAAE2Iy_bywyvGsJ-k_6RAw&cbvp=2

HTTP Response

200
178.250.1.6:443

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=6qjOtxCZUBz-aW6NeB_hVU1FgHGTszyaBti7h6DmDU58nB66waOnVhKcHDKygAcQMZcvGBXEWgndYmzvYSdGR4xMjDF_AJ8FIslXUM1KKIpVraruIg9dUXofOHnuq4HlV7aaLESs7osjUPH5b2VkVukUPTuv0OpaGYJViG4mWgBTdkWyzaA1WlExHKXUmKPRv9KPmY0l9y-cHj5RzEFWr-o18dxGTogYllz1j52fLrYN_NJo0TxNxajMi54p5f7ZFyU1uIp6rsrm0OG9IYm0GQFOhKru1NTRLbLM7h2LzKFGMPaI98HKyAHINOR-hiK6PrIkrUt4nvpVSi9OYfiNUG6QEgbk4aLgKxrB3XFgKoyfteh5RMLLeu4zCcOSsCvSBGUtJkHZNWMCYzOCj_cSxFUOF0oXKTEXCRXFBi4-4k1b7GFiwygjy1Q5i5DParbYkCVzN-SVD5u0tpXjF7M7jyCl-bY

tls, http2

msedge.exe

2.1kB
4.9kB
13
12

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=6qjOtxCZUBz-aW6NeB_hVU1FgHGTszyaBti7h6DmDU58nB66waOnVhKcHDKygAcQMZcvGBXEWgndYmzvYSdGR4xMjDF_AJ8FIslXUM1KKIpVraruIg9dUXofOHnuq4HlV7aaLESs7osjUPH5b2VkVukUPTuv0OpaGYJViG4mWgBTdkWyzaA1WlExHKXUmKPRv9KPmY0l9y-cHj5RzEFWr-o18dxGTogYllz1j52fLrYN_NJo0TxNxajMi54p5f7ZFyU1uIp6rsrm0OG9IYm0GQFOhKru1NTRLbLM7h2LzKFGMPaI98HKyAHINOR-hiK6PrIkrUt4nvpVSi9OYfiNUG6QEgbk4aLgKxrB3XFgKoyfteh5RMLLeu4zCcOSsCvSBGUtJkHZNWMCYzOCj_cSxFUOF0oXKTEXCRXFBi4-4k1b7GFiwygjy1Q5i5DParbYkCVzN-SVD5u0tpXjF7M7jyCl-bY

HTTP Response

200
178.250.1.3:443

https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

tls, http2

msedge.exe

7.5kB
138.7kB
115
109

HTTP Request

GET https://static.criteo.net/flash/icon/privacy_small.svg

HTTP Request

GET https://static.criteo.net/flash/icon/close_button.svg

HTTP Request

GET https://static.criteo.net/flash/icon/adchoices_en.svg

HTTP Request

GET https://static.criteo.net/flash/icon/back_button2.svg

HTTP Request

GET https://static.criteo.net/animejs/animejs.js

HTTP Request

GET https://static.criteo.net/design/dt/11894/5180058/d6a9dd9727004aec8536ee46c0eb70fa_cpn_300x600_1.jpeg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.criteo.net/flash/icon/criteo_logo_2021.svg

HTTP Request

GET https://static.criteo.net/flash/icon/privacy.svg

HTTP Response

200

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-400.css

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-700.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

HTTP Response

200

HTTP Response

200
178.250.1.3:443

static.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

tls, http2

msedge.exe

1.8kB
8.6kB
16
17

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

HTTP Response

200
178.250.1.15:443

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_74954.jpg&v=3&w=400&rid=4&s=utHgGqqbWoGNWdaLeMW4XVWG&b=400

tls, http2

msedge.exe

8.5kB
202.3kB
131
150

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?h=268&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F11894%2F230512%2Fd36d5cdfaf0741f08ffcdcecaa3c5f65_logo_n_horizontal_%281%29.png&v=3&w=596&rid=4&s=FjnicC3djtEatl2rlrTcHyaA

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_31.jpg&v=3&w=400&rid=4&s=uKC0F6WKHOiZ0K1IJB8_p3CQ&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_4.png&v=3&w=400&rid=4&s=z25MQgdCtGv3v7WvZ_Klf8iV

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_81995.jpg&v=3&w=400&rid=4&s=-_2ekIVR2etJyKtwfAhdXU5E&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_74954.jpg&v=3&w=400&rid=4&s=utHgGqqbWoGNWdaLeMW4XVWG&b=400

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
178.250.1.15:443

imageproxy.eu.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

msedge.exe

1.0kB
4.2kB
10
8
178.250.1.25:443

https://csm.eu.criteo.net/all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true

tls, http2

msedge.exe

2.7kB
5.1kB
19
19

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true

HTTP Response

200

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=8a_sw3MWIuOiSq2rCUdetYzJ045E86swzjXzMVflUqenJKbl9GpobVPtUPqCTdzWA_BPEuvCQCiuJqITGPSIf0OXZCP9_dzAXw4wU4UDEvMDFdiQFWoz9dfIIdSvoT_kus2MI8zdDrhIX62YObRzm8_RIcYSu3dSjEucRffpXH-QaRgIpzxUaBOzxeYzRwYr7q4c2vNw36dnJtRF0QznxyUVsB_MiLqQ0EDYS1HZ2TwOqmGuLX07WGdk4X7XTiEicifonQ&sds=2&rev=92426&sendBeacon=true

HTTP Response

200
178.250.1.17:443

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&u=%7CnzHT0kHP1LEOYnXc7k20K4yXzQ5dJtBWa3s%2BQMSva7I%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgR0SUmYjNawkMdFu_5AQXxlolrPSm2QHKt_nK8LnQlMh_rGsspCIlZTTcBYQsZMKq9ojV23V72_Rh0RCgLwjSrIpi7k91jDfN2IOqs7H6WcWwz1RXXvgeZFIZ3FwtpfNGEf7YU7vf_7qqbNf_K8WgVx_I_B3Bo_eb9alFB0KlHn5y1MbbHa0GxYxCl2HYJ_DwkjxaYNFVTd6v34Ho6dMvhPlDJ_kUcLvk9ViS4tBV5wXscmigymf25I6LCV-tFZXwSdTEOVjHxJlZhZA6G3CXgpgHbCcT3ln-SakGCw18blcx5I-usN7f0WC0BPIjitSfWtbrnp2TIg9KwEHTOMUpXxJ9hHnICpPfsEvbEoKa54godJ3pljhEnAf48yd8bL1hDWBpzMWS2GnxQaJwHmKvpWceqky608u2W45dS6zFHGchKwFSD8HjxgtrMIl-1G0PrhsHeEqrzrcUiSPOzA51wl7m8HaAiE9t1aw4G0ua5HVKxmxt5g_UhL-U4atXFS8r6abr0Yv96fa_2wngHVRFXZei1PsiSxP30nK2lGgEGAshxfKsfcJAXV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGA_2G05MZrCsDOiRgrAP0fWOkAbkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qxr0JgOXWOMG2dgfZ3AosfCiOqkokTWnxPicG2cjpgaoMLExoHZ5vMPG-KgyEWL6ohpqFoklERTy7-QmeCvS31hwST1GrsOigSkUHkmgoRrBRDclmPBiqEBJcZvooxYHRj3n9xUp45DC_UKoQAcyCrP0te7wQ2yuyEvS6XjgsiRyUJYlJKN6twFlOxoy25AyU02dEJG0mDq6593w_bObaH8w8y1kjmyHBdPGwI_NU79aFty2rjL1XJy_wNspXL0xebQgl9-DvtIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliU57aWnZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1RfijCIYX4aA71bElyNQ3A1Zu_7Q%26client%3Dca-pub-3785345259461815%26adurl%3D

tls, http2

msedge.exe

4.2kB
64.6kB
38
56

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&u=%7CnzHT0kHP1LEOYnXc7k20K4yXzQ5dJtBWa3s%2BQMSva7I%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgR0SUmYjNawkMdFu_5AQXxlolrPSm2QHKt_nK8LnQlMh_rGsspCIlZTTcBYQsZMKq9ojV23V72_Rh0RCgLwjSrIpi7k91jDfN2IOqs7H6WcWwz1RXXvgeZFIZ3FwtpfNGEf7YU7vf_7qqbNf_K8WgVx_I_B3Bo_eb9alFB0KlHn5y1MbbHa0GxYxCl2HYJ_DwkjxaYNFVTd6v34Ho6dMvhPlDJ_kUcLvk9ViS4tBV5wXscmigymf25I6LCV-tFZXwSdTEOVjHxJlZhZA6G3CXgpgHbCcT3ln-SakGCw18blcx5I-usN7f0WC0BPIjitSfWtbrnp2TIg9KwEHTOMUpXxJ9hHnICpPfsEvbEoKa54godJ3pljhEnAf48yd8bL1hDWBpzMWS2GnxQaJwHmKvpWceqky608u2W45dS6zFHGchKwFSD8HjxgtrMIl-1G0PrhsHeEqrzrcUiSPOzA51wl7m8HaAiE9t1aw4G0ua5HVKxmxt5g_UhL-U4atXFS8r6abr0Yv96fa_2wngHVRFXZei1PsiSxP30nK2lGgEGAshxfKsfcJAXV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGA_2G05MZrCsDOiRgrAP0fWOkAbkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qxr0JgOXWOMG2dgfZ3AosfCiOqkokTWnxPicG2cjpgaoMLExoHZ5vMPG-KgyEWL6ohpqFoklERTy7-QmeCvS31hwST1GrsOigSkUHkmgoRrBRDclmPBiqEBJcZvooxYHRj3n9xUp45DC_UKoQAcyCrP0te7wQ2yuyEvS6XjgsiRyUJYlJKN6twFlOxoy25AyU02dEJG0mDq6593w_bObaH8w8y1kjmyHBdPGwI_NU79aFty2rjL1XJy_wNspXL0xebQgl9-DvtIAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOliU57aWnZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1RfijCIYX4aA71bElyNQ3A1Zu_7Q%26client%3Dca-pub-3785345259461815%26adurl%3D

HTTP Response

200
178.250.7.12:443

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEBpOTGZn042DpLCUWxTQAAASAAAKCkFRVVREd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&cbvp=2

tls, http2

msedge.exe

1.8kB
885 B
10
9

HTTP Request

GET https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEBpOTGZn042DpLCUWxTQAAASAAAKCkFRVVREd0VCRHcmcz1tuPHEzvClDGy2t-VD&wp=ZkxOGwADFjAAAIjoAAO60Qd8aaeK2mlzPpAGTA&cbvp=2

HTTP Response

200
178.250.1.6:443

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=IVeeyxCZUBz-aW6NeB_hVU1FgHHki777IxCzGM0kh5H7JVOh0NWOPQ4S9nCic12AHDuMcmdSlRCPEQkKbx3NjVolK9WkVv9BqmJrFWnSwopWBZcuO83pzyzArAKwcYYdTQvBEyKgKz_MFm0J0XkiRzJ_vJcMJC_lXpYssYEucNXehUkhXC3Mn6E3DGMNzu2d5KbRP-0Yyr737SlAHj5-TsLpMePT2XMXnf6h7asatNlT1jTnOyWBNhDJFYxwZCeU2Po_L9SUiF5qo1AN8dk3z8GZ691E5US4REv8hGtOUd_DkXLtxyEI-rhhZ7HiVv0zojr64rz_XtNCYTKqMc_FSKIWz3Qrqfj7ssoqNR3RYImoreE9mlRogxRenIyL-VtIm3tFZ51301tRwcxpf-W0Wm3PfZen3ccWvHbPr_lignv1yPnuY0lKd1Q5F2GSmR9eSg4LbA

tls, http2

msedge.exe

2.0kB
1.1kB
10
9

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=IVeeyxCZUBz-aW6NeB_hVU1FgHHki777IxCzGM0kh5H7JVOh0NWOPQ4S9nCic12AHDuMcmdSlRCPEQkKbx3NjVolK9WkVv9BqmJrFWnSwopWBZcuO83pzyzArAKwcYYdTQvBEyKgKz_MFm0J0XkiRzJ_vJcMJC_lXpYssYEucNXehUkhXC3Mn6E3DGMNzu2d5KbRP-0Yyr737SlAHj5-TsLpMePT2XMXnf6h7asatNlT1jTnOyWBNhDJFYxwZCeU2Po_L9SUiF5qo1AN8dk3z8GZ691E5US4REv8hGtOUd_DkXLtxyEI-rhhZ7HiVv0zojr64rz_XtNCYTKqMc_FSKIWz3Qrqfj7ssoqNR3RYImoreE9mlRogxRenIyL-VtIm3tFZ51301tRwcxpf-W0Wm3PfZen3ccWvHbPr_lignv1yPnuY0lKd1Q5F2GSmR9eSg4LbA

HTTP Response

200
178.250.1.15:443

https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9VxRtZOAfhTyMJF4KgjXP2LiRC9dvOkXnQ3vJrEfr3ooted2dX8euI5JIeDUYUmd479NXVmnaH76S2pMUVLJlD000l9UD5UAg0NrPWNQht0J0qXTx6JTzFTEpb48mZqnuKLd2rLVMVnL2TBv?b=400

tls, http2

msedge.exe

15.4kB
666.6kB
263
487

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001fVhTBFAVGVhGLdS1rcM1bqgtNhWUSoOsvEzAbye88ALa38C3NZLbnpJopbzDLREJucYAjHdeORTmMlzARSW6kfqjySBY5lNLfBUpIQxKDoH0KuObnwRcm8rOXIxz9pY6beUnkHrefwdJgIBEg3UzKd1tzGVhXDiH5nTV2DyXM2aAktu9jPIF6YPKavsA9ii4EGh6wHCMtMlnzb5GJ7g4d13Htwo

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgRN8eDxYTTcuBtR66CST3nIHitaaIdvsTAgyEpBfhwJbFOH5pcWtV9wRGcTH4B0i3tFQ0LJmsRxCJVk2YO70dpk5S6ZGDTTjq2ytVJ44Ge63kJzDle6zGktpVOKjPbhrVeVMjk4ePKUkZaXmpYp?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgMfTAYkCC7eOhLeRnYeYpqopQLp0ah47mXmgblgzomgtlZ7xq66DqMZkNFdADR4EAQUR6wFxwiYBn9fiwlWVviXAsT4d43pxHveELCj07q94r6TaUv6rfXux5sF7aIRYVjWZwUj4cLzhiHCxP0L?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9h6XcnN0EbTtYQ5QG8JggVNAdsLlFEGg7YF5xCZJMZRrrV4jgmOFKeVX6UR4jR02q9IIJtWSnaWC778UvgwrYpdA3sSclRIiZrbvCjCORhDRUjsulBCCAxYlsHzLzg1QZQssLujWwvkdRFrr?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgJZvYjMrWyLRzUjZ1XRz8W8bwxiTPrPxw9XSXyz574agxVUvRJ1OOmC8q98DYvymv3igBczFyAIqKDknNXw3ytywLyPIOWmHgA69hf7jOt1fmxX2DvbJv73o5b3xoyfCSyZwcvNL9mLswxWXobI?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfe0aZK7S2358M9IXtirMXGwOHg7Re5M0EaZTZ1srecs8SJiy0j2Xo016mj0KvyRdQBAeOtWuRSLKkgTsA8KRsJ8C9vwBKM9Om18vEKFFg0boTpgfHCuY9fdg0dchZRENzmeeEmEr86umwGTGZ?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfeYeJLCYW1CvsVU3Ctho8WGYW2tTUga7JgK0tKfVFlEC1ayPBJYrOZ7U3O3vFkaFnwMFoXVFFeR8Z4hKjqTIbMLrA6QDGflyXRkcBsF4qDfY6Nw5PTbIA185q4uQkMUmsXRahNg2ND7pwmhIb?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/004o0M12z4OPRwTU60xVgfdfeYeKfiwOgMOzxpAedENVWjqPx1IqrE7tCwphpSgOL9LINraSNxiOMPg1v6EWZvT5AW7QeT7TD26AhM3sa0PNOLXXAMI2xigryEY1NVPmJLDGHBnbanAtzm3h7GB8XipbFNCc4VKSJAbSDnKZ?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgEsdPYmwhWwPzrwk6ufEgy9DPssonf16UI6fjjDf5SUibSH5pikYYjkETgufV4rQro2yYzKnJvr8f2RjwnAF2IBCgkJoJ0nWDkH3wH6vWDzqjUBXswAyMZ4q4ulRIZcrj4RFodKdX4nIokM6hHg?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgPmuAswJXT71sb8GwliCQHMPS3eWUHmz0GddMpyU7odUvXIpWKvLq9OFwqjOPjzwvza48l7m3pYTkJs1F5nUIbkHi7FfupSbwgRKx6Ucw21csVvzqq7PumY0lZNdm1x1dnBHQ8lmqPSv6nHCshc?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001JwffMZvFsIgCoZ3WYb9VGgDJ9VxRtZOAfhTyMJF4KgjXP2LiRC9dvOkXnQ3vJrEfr3ooted2dX8euI5JIeDUYUmd479NXVmnaH76S2pMUVLJlD000l9UD5UAg0NrPWNQht0J0qXTx6JTzFTEpb48mZqnuKLd2rLVMVnL2TBv?b=400

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
178.250.1.25:443

https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

tls, http2

msedge.exe

8.5kB
1.6kB
22
16

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

HTTP Response

200

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

HTTP Response

200

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=EFeVenMWIuOiSq2rmzOkEv1RYtOddW43Yeaqhgm2N5Yl7KlvpEyF3zm1uFOGbvIMUo75s5LQriWDHkKR9JBgDXyOJ_HchuWWkfEUeOtUL1R-A0ux7Yf9M5VgAL7nN9re1MtJa8IuK4LUc-zs2zgaBXovaLUGID7HRtIzK-dGUsNO7itD9VKFv1TVVrtibC8XC9q4SeHBDNUQGgh0aHLQF7SScm20lHjqhLJR0ILokW9qrtgX6GluIseZlFY2469aGqoLzg&sds=2&rev=92426&sendBeacon=true

HTTP Response

200
178.250.1.17:443

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&u=%7CwHMebL%2B0Xlie3c3zsNP7ea4RPOlqkKe0ECOA7hn1ryc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgT3SpxNxQU-ektoZn1HlmObbYQ_H3_VnUrf3K1uyqrHDt6dB_2tcetI3254XCi1Ykmw3LpCfDw09pOnMg3VrNoivFpTaUtLqzcL2nvvAJhuktd7KNItUb6w20kjegD02ztU8kr3xme53yy5P2KubEjQ5L88LliqZuS2ZoSCc2hpTqXV-BC5NfCd-zfKay52ZJ64lXXOMvR4SrpKEnE0jXZYc0aKse0jUmppWzMvnQ-3o4vXsNlHtwHcLYFk88_GBQN0UynAfqcPYKqT-txow1sK6tMrTUQmfP294DzDIxFcNxz7D-J2hR-jt_s8D5iyDUP8yIlTtYt0BsCl3oaxglhc1rUODynsYnkSV_zQTHklyiVh5WuGaD0pm5OQxNZm9Wpoyl7Fg8Fl6GpLjuqdpDuDFu0CwcW-6zMmJGL0ydBTJTgTysqpOtAp5JAL6sUQNdwkPmOJKNWIhWYP4KbjN_nGgOYjJlfsWeUVZje7wmzv5rwyKlp4peiz2hM04jKNXu6-8XAqTl6fXiQ6UG8rrI0gHfJ9CTGq1Jfzcj8TSXZex65RiEacRegSFC8JbTSPmzw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQh-zOU5MZqDeDMyfv8IPjvG20Afkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_QKuaSNPZIyo7m4h5BJnVeMJBaPBF19YwVxW-2IVOtENV7_uB8SjPS8_CNV_0tIvq06t2QbGJByjpzv1Sx06BGbwkKikVbSX4_Z9LvgW7BxzZPUf0uI_oxeNYoui_YqTVxl3cmIa4QOCn8a7cbUvKYVaAXHf0CjvrNo5SPdkBx7m2vN9nTso2FnmkPLLQB4nvrF8aGtUZu_iLT_eefmE_uAE8Lr677nXZUBzbf5Y7D72DguYfDvIvW9bHsQHDLt4Or5SlV6jiKkoAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOljqjd6knZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0OWACD1PhcM7Gizeq3NZriWqwesw%26client%3Dca-pub-3785345259461815%26adurl%3D

tls, http2

msedge.exe

4.6kB
54.8kB
42
44

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&u=%7CwHMebL%2B0Xlie3c3zsNP7ea4RPOlqkKe0ECOA7hn1ryc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgT3SpxNxQU-ektoZn1HlmObbYQ_H3_VnUrf3K1uyqrHDt6dB_2tcetI3254XCi1Ykmw3LpCfDw09pOnMg3VrNoivFpTaUtLqzcL2nvvAJhuktd7KNItUb6w20kjegD02ztU8kr3xme53yy5P2KubEjQ5L88LliqZuS2ZoSCc2hpTqXV-BC5NfCd-zfKay52ZJ64lXXOMvR4SrpKEnE0jXZYc0aKse0jUmppWzMvnQ-3o4vXsNlHtwHcLYFk88_GBQN0UynAfqcPYKqT-txow1sK6tMrTUQmfP294DzDIxFcNxz7D-J2hR-jt_s8D5iyDUP8yIlTtYt0BsCl3oaxglhc1rUODynsYnkSV_zQTHklyiVh5WuGaD0pm5OQxNZm9Wpoyl7Fg8Fl6GpLjuqdpDuDFu0CwcW-6zMmJGL0ydBTJTgTysqpOtAp5JAL6sUQNdwkPmOJKNWIhWYP4KbjN_nGgOYjJlfsWeUVZje7wmzv5rwyKlp4peiz2hM04jKNXu6-8XAqTl6fXiQ6UG8rrI0gHfJ9CTGq1Jfzcj8TSXZex65RiEacRegSFC8JbTSPmzw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQh-zOU5MZqDeDMyfv8IPjvG20Afkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_QKuaSNPZIyo7m4h5BJnVeMJBaPBF19YwVxW-2IVOtENV7_uB8SjPS8_CNV_0tIvq06t2QbGJByjpzv1Sx06BGbwkKikVbSX4_Z9LvgW7BxzZPUf0uI_oxeNYoui_YqTVxl3cmIa4QOCn8a7cbUvKYVaAXHf0CjvrNo5SPdkBx7m2vN9nTso2FnmkPLLQB4nvrF8aGtUZu_iLT_eefmE_uAE8Lr677nXZUBzbf5Y7D72DguYfDvIvW9bHsQHDLt4Or5SlV6jiKkoAGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOljqjd6knZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0OWACD1PhcM7Gizeq3NZriWqwesw%26client%3Dca-pub-3785345259461815%26adurl%3D

HTTP Response

200
178.250.1.10:443

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEDhOTGZjQVkM6ROU5zyEAAASAAAKCkFRVUJBUUVQQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&cbvp=2

tls, http2

msedge.exe

1.7kB
4.5kB
10
9

HTTP Request

GET https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEDhOTGZjQVkM6ROU5zyEAAASAAAKCkFRVUJBUUVQQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOOQADLyACT8_MAA24jjrIVYSNPjWO1E9j0w&cbvp=2

HTTP Response

200
178.250.1.6:443

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=5x58DBCZUBz-aW6NeB_hVU1FgHHylR59EhUILo4TqKw0YHCxXx13ySmszxLlm_3w8vlp9ApdXdltuDQCLHRuZDgdV_iXHb6LYwQxAhXZ7TYbV1UtEQ_owdNG8ysibk9s0QFAjhyMYH2FmuQ54O07_Ok8xSzqQy9akmOStU35MEpabEJj4oOq7k_2h6tqd9AY7zrDzh9PQVD-_gsUKbL0RDdxFHV-FxtJkBy7_N-J9TfYPNOy03Me3pcN665TH_tETIEdikRivmmvF9erZmduPhSNcH-zJpxYUNvo8bReC7LIqVHe0y4TRA6akTp4TYyJ7G_7bMVOBBDRV9Y8O3XZXrXcSw57GJ1YgUI8gQzO3XYDVUgX9SWYHx1ZxoHf1Z0ED6iT_XGY9VE0TAXFoY0oYzSJ4YEwBj7g_NVsZIOTCkf_cZDtshHeKWgVg8BK0RVw8s5n0BvpRqSMB7O5tSi6vGNBZRU

tls, http2

msedge.exe

2.7kB
1.1kB
11
9

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=5x58DBCZUBz-aW6NeB_hVU1FgHHylR59EhUILo4TqKw0YHCxXx13ySmszxLlm_3w8vlp9ApdXdltuDQCLHRuZDgdV_iXHb6LYwQxAhXZ7TYbV1UtEQ_owdNG8ysibk9s0QFAjhyMYH2FmuQ54O07_Ok8xSzqQy9akmOStU35MEpabEJj4oOq7k_2h6tqd9AY7zrDzh9PQVD-_gsUKbL0RDdxFHV-FxtJkBy7_N-J9TfYPNOy03Me3pcN665TH_tETIEdikRivmmvF9erZmduPhSNcH-zJpxYUNvo8bReC7LIqVHe0y4TRA6akTp4TYyJ7G_7bMVOBBDRV9Y8O3XZXrXcSw57GJ1YgUI8gQzO3XYDVUgX9SWYHx1ZxoHf1Z0ED6iT_XGY9VE0TAXFoY0oYzSJ4YEwBj7g_NVsZIOTCkf_cZDtshHeKWgVg8BK0RVw8s5n0BvpRqSMB7O5tSi6vGNBZRU

HTTP Response

200
178.250.1.25:443

https://csm.eu.criteo.net/all?cppv=3&cpp=6F-is3MWIuOiSq2rfeqJhM_gA6L5XS0xeKByyhGgi8NTzQ69cZU0pjUbNZLdIMBTRsdALXPR5v2u0UKaVCoMhPo_QWds9bIChBOk1eUrzkt_993bKi-mTJStuOJt8Na0isl_tnocUbb2rhyNj1WTZdKdhoo5H0-E3pn9RpPqITBgqOh65hVMrpTAwhFJLJSTMXLxugAS7gL6VnT5XvnjFaw-hwa1QFuiVZH_n1kowfXGrDzpeYmBLGUOR8mqeh6al8-2OA&sds=2&rev=92426&sendBeacon=true

tls, http2

msedge.exe

2.0kB
1.0kB
11
11

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=6F-is3MWIuOiSq2rfeqJhM_gA6L5XS0xeKByyhGgi8NTzQ69cZU0pjUbNZLdIMBTRsdALXPR5v2u0UKaVCoMhPo_QWds9bIChBOk1eUrzkt_993bKi-mTJStuOJt8Na0isl_tnocUbb2rhyNj1WTZdKdhoo5H0-E3pn9RpPqITBgqOh65hVMrpTAwhFJLJSTMXLxugAS7gL6VnT5XvnjFaw-hwa1QFuiVZH_n1kowfXGrDzpeYmBLGUOR8mqeh6al8-2OA&sds=2&rev=92426&sendBeacon=true

HTTP Response

200
178.250.1.15:443

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_82377.jpg&v=3&w=400&rid=4&s=nM1WVen9qjAykiYoDUWaw4VS&b=400

tls, http2

msedge.exe

4.5kB
124.4kB
62
98

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_222.jpg&v=3&w=400&rid=4&s=99T8VuaPv0hFK3lr6nffO9cd&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3_5.png&v=3&w=400&rid=4&s=cqp34ncbm8MkFHvBvrLUHULU

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_82377.jpg&v=3&w=400&rid=4&s=nM1WVen9qjAykiYoDUWaw4VS&b=400

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

57.0kB
1.5MB
1100
1093

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13
178.250.1.17:443

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&u=%7Cx0f7wT2BflUe0kajrsMkVpkV1ibcBoJ6rDTzG4no4u4%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgQ63iAGoRHAOwEP-YW7dDh_FwmIAzzqdmP-5u0Wiy8fipfz0Yli473qfzmE8nLY8e47nekc-qMZD4P0Q-rMuEubMyhGpbsh9b88kf6CcPwM-gVenqQvVqsZh2Eq2Rtl0BMPVGMvqAsZHuw3r1zdAvV2IlUUZMBWgRZflFyJ5vPjMdbxs8kT318A66QkmtT5iNbSeP83CY7reJcuT5h33OipAuWNFs_u-GxUawmZwuIOObCiz2eBHi7LVgKh5ZLcZb6Lj9ZyDZs0j4cozq_t18p5WxJDHBetQ4k_aPz1I6-uyEHPlGmEEe5vvyPQYhxSThaDjZRnanRdvApDDvg02SPe3WE5R_C4e-VzkXo8y_yiTLr3Q-waK37btVZd66gR3sIPAKEz982B3ARB7D6n-Yp3vkMyN34PvthZrWjDFVlyj5MgvffRSxtbQWtWZIofhkdJ_6FEdQBFKB5hFUkxfmd39Y2VwjZNRUS8yERTfmzyJET2S-VXUyOqfV5WGkhyW4Cll8XkmaIBjPH-Fto4lAMkKbz9Z5Qg8Bxo0i5z8bZq34VsIM0T_l9jXmowa-YZcqk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTSsPV05MZtHyDPaWgrAP6_e9gAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qz35xvH36c9e_CWIHadx0g7-jS7ARIPrDTqvvtVssswK1XO7NsjJecfodUfEFHJXnfzN8p3gb8tfPSVTPMIMvGV62cKn_NQtbdcXVJxWv393qhu5f6JNH--0QkyKG8OSv5QstvXkYvqR0SucvgLcCyLzztDzH-9yZ_ofTLis2Ma6H1YJ4t_ODwi_zG8RFgascQotQ8-tfauiPOwRXUV12aSKP43TPm8-famgQGxby5jZ8Inb4usy4LolnqQFFoPTutJ-6HEMIr4AGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOlj7rIWznZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2u6a6kPbyxRbBrPX1Wqf91T5rkEA%26client%3Dca-pub-3785345259461815%26adurl%3D

tls, http2

msedge.exe

4.0kB
66.5kB
36
57

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&u=%7Cx0f7wT2BflUe0kajrsMkVpkV1ibcBoJ6rDTzG4no4u4%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_ArHr9DlvVwUAZKNvHYJLpTwYKDzg_lmTEpnjUtvOGkNI9oe7awChpta37Xrs6Irk-u8gZ0poGwgQ63iAGoRHAOwEP-YW7dDh_FwmIAzzqdmP-5u0Wiy8fipfz0Yli473qfzmE8nLY8e47nekc-qMZD4P0Q-rMuEubMyhGpbsh9b88kf6CcPwM-gVenqQvVqsZh2Eq2Rtl0BMPVGMvqAsZHuw3r1zdAvV2IlUUZMBWgRZflFyJ5vPjMdbxs8kT318A66QkmtT5iNbSeP83CY7reJcuT5h33OipAuWNFs_u-GxUawmZwuIOObCiz2eBHi7LVgKh5ZLcZb6Lj9ZyDZs0j4cozq_t18p5WxJDHBetQ4k_aPz1I6-uyEHPlGmEEe5vvyPQYhxSThaDjZRnanRdvApDDvg02SPe3WE5R_C4e-VzkXo8y_yiTLr3Q-waK37btVZd66gR3sIPAKEz982B3ARB7D6n-Yp3vkMyN34PvthZrWjDFVlyj5MgvffRSxtbQWtWZIofhkdJ_6FEdQBFKB5hFUkxfmd39Y2VwjZNRUS8yERTfmzyJET2S-VXUyOqfV5WGkhyW4Cll8XkmaIBjPH-Fto4lAMkKbz9Z5Qg8Bxo0i5z8bZq34VsIM0T_l9jXmowa-YZcqk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCTSsPV05MZtHyDPaWgrAP6_e9gAHkj9KxXKeS4YiIAcCNtwEQASAAYLsGggEXY2EtcHViLTM3ODUzNDUyNTk0NjE4MTXIAQmpAnaPg4cLUbU-qAMByAMCqgTJAU_Qz35xvH36c9e_CWIHadx0g7-jS7ARIPrDTqvvtVssswK1XO7NsjJecfodUfEFHJXnfzN8p3gb8tfPSVTPMIMvGV62cKn_NQtbdcXVJxWv393qhu5f6JNH--0QkyKG8OSv5QstvXkYvqR0SucvgLcCyLzztDzH-9yZ_ofTLis2Ma6H1YJ4t_ODwi_zG8RFgascQotQ8-tfauiPOwRXUV12aSKP43TPm8-famgQGxby5jZ8Inb4usy4LolnqQFFoPTutJ-6HEMIr4AGmLvbsJytoufTAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCMIkeGAcBABMgLrCzoIAIDAgICAoChIvf3BOlj7rIWznZ6GA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2u6a6kPbyxRbBrPX1Wqf91T5rkEA%26client%3Dca-pub-3785345259461815%26adurl%3D

HTTP Response

200
178.250.1.10:443

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEFZOTGZpLuQdi1yrVcSMAAASAAAKCkFRVUJBUUVCQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&cbvp=2

tls, http2

msedge.exe

1.8kB
885 B
10
9

HTTP Request

GET https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=mNikE5GlBKwC2ASH-lcYAgAAAOkdkHbThIhdEFZOTGZpLuQdi1yrVcSMAAASAAAKCkFRVUJBUUVCQVEmcz1tuPHEzvClDGy2t-VD&wp=ZkxOVwADOVEAAIt2AA976wm0sTcklaR244ywPw&cbvp=2

HTTP Response

200
178.250.1.6:443

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=V7cwlhCZUBz-aW6NeB_hVU1FgHFAxU6PW5G6YbansxUptlaeKacPFeuff4alWWsCxb5mOhZmUiMEKwdrVMZHXA2vLSmLgCN_spRrULvLZ2v5zBpNlYjudZIWpCFjUxqdMc9yz2thaLKklUUSJhnBUwydkwjB_j4r3tby6P4a-m_WTkAU0Be44K3hlSwEemuXTYaynjqJk2tSzikZx52-8uhmdGfrLsICXo-651KxeTGHGnYu5PnXeYA3RU8H91rmwS7O0B4I6MNFfo0syGL1YadVRKa_K3PhX5Q4ZVWQqFB7285Crxe7oQWll11HeRjJDmwYUW33nFGiHJ1su7bVrkvg2PlRcLklBql_SN0VoPVSaRfOcsRkUWWBkczItQkoCCn25W_1hkeKGX6Kz9S0zj4I8j3cFEcyx7n2RuYwnFPNVx2ScgRCU-LJLzcgC8N8rzuTWWtKMPhFTzhSEO4enz6FFXE

tls, http2

msedge.exe

2.0kB
4.8kB
12
11

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=V7cwlhCZUBz-aW6NeB_hVU1FgHFAxU6PW5G6YbansxUptlaeKacPFeuff4alWWsCxb5mOhZmUiMEKwdrVMZHXA2vLSmLgCN_spRrULvLZ2v5zBpNlYjudZIWpCFjUxqdMc9yz2thaLKklUUSJhnBUwydkwjB_j4r3tby6P4a-m_WTkAU0Be44K3hlSwEemuXTYaynjqJk2tSzikZx52-8uhmdGfrLsICXo-651KxeTGHGnYu5PnXeYA3RU8H91rmwS7O0B4I6MNFfo0syGL1YadVRKa_K3PhX5Q4ZVWQqFB7285Crxe7oQWll11HeRjJDmwYUW33nFGiHJ1su7bVrkvg2PlRcLklBql_SN0VoPVSaRfOcsRkUWWBkczItQkoCCn25W_1hkeKGX6Kz9S0zj4I8j3cFEcyx7n2RuYwnFPNVx2ScgRCU-LJLzcgC8N8rzuTWWtKMPhFTzhSEO4enz6FFXE

HTTP Response

200
178.250.1.25:443

https://csm.eu.criteo.net/all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true

tls, http2

msedge.exe

7.9kB
5.2kB
20
20

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true

HTTP Response

200

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=g4c3aHMWIuOiSq2rFXHnGL1IkgZAQAepKmL2cHCAt2ZhSmfqVV0Jd5AE-L6LVye4k_cXdIx41xrdGOSdhRr1oCXZ-SCMIZsxO0darbLWXc6E0Rpc7b8MfBfsbtre2nHyNnYQ2WyuEe3mFD4cS47N6wZT6YL0CgKb35gAcVf5XLHf-VrM0qbxZEotv2htlxkPZ2pIxm1TPGrRE7Z8yyxCQO8ZZqUVy8J0sdWiEpYfEQXPjhD0ja79rX00SoP5ileg9o4E-Q&sds=2&rev=92426&sendBeacon=true

HTTP Response

200
178.250.1.15:443

https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3.png&v=3&w=400&rid=4&s=Cx9p1eNAdO8Iqtq5iVmAIF20

tls, http2

msedge.exe

6.4kB
210.6kB
97
161

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_1.jpg&v=3&w=400&rid=4&s=kDzdngVf6xNz1-dX5vnJm_Ki&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_25208.jpg&v=3&w=400&rid=4&s=uYd6xKPhQv2ivwrtJBWpnUQ5&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_70821.jpg&v=3&w=400&rid=4&s=JYxXbF5j0A-A_YVv41092SNj&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=11894&q=80&r=2&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2F11894%2Fjet2holidays_156.jpg&v=3&w=400&rid=4&s=wIzSzuR3CPaxLfqYf54AXinh&b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/img/img?h=400&m=0&partner=11894&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fimages%2Fstarrating%2Fstars_3.png&v=3&w=400&rid=4&s=Cx9p1eNAdO8Iqtq5iVmAIF20

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

8.8.8.8:53

members.poemhunter.com

dns

msedge.exe

68 B
84 B
1
1

DNS Request

members.poemhunter.com

DNS Response

95.168.183.149
8.8.8.8:53

www.googletagservices.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

www.googletagservices.com

DNS Response

142.250.179.226
8.8.8.8:53

www.poemhunter.com

dns

msedge.exe

64 B
163 B
1
1

DNS Request

www.poemhunter.com

DNS Response

195.181.165.181

195.181.165.140
8.8.8.8:53

b.scorecardresearch.com

dns

msedge.exe

69 B
133 B
1
1

DNS Request

b.scorecardresearch.com

DNS Response

18.239.208.4

18.239.208.18

18.239.208.108

18.239.208.99
8.8.8.8:53

mc.yandex.ru

dns

msedge.exe

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

93.158.134.119

77.88.21.119

87.250.250.119

87.250.251.119
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

62.242.123.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

62.242.123.52.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

149.183.168.95.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

149.183.168.95.in-addr.arpa
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

sb.scorecardresearch.com

dns

msedge.exe

70 B
134 B
1
1

DNS Request

sb.scorecardresearch.com

DNS Response

18.239.208.108

18.239.208.18

18.239.208.99

18.239.208.4
8.8.8.8:53

securepubads.g.doubleclick.net

dns

msedge.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

mc.yandex.com

dns

msedge.exe

59 B
149 B
1
1

DNS Request

mc.yandex.com

DNS Response

87.250.251.119

87.250.250.119

77.88.21.119

93.158.134.119
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.187.226
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

181.165.181.195.in-addr.arpa

dns

74 B
122 B
1
1

DNS Request

181.165.181.195.in-addr.arpa
8.8.8.8:53

4.208.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

4.208.239.18.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

119.134.158.93.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

119.134.158.93.in-addr.arpa
8.8.8.8:53

108.208.239.18.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

108.208.239.18.in-addr.arpa
8.8.8.8:53

34.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.200.250.142.in-addr.arpa
8.8.8.8:53

104.201.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

104.201.58.216.in-addr.arpa
8.8.8.8:53

194.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

194.187.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

tpc.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
172.217.16.225:443

tpc.googlesyndication.com

https

msedge.exe

4.2kB
12.7kB
14
15
8.8.8.8:53

ads.eu.criteo.com

dns

msedge.exe

63 B
110 B
1
1

DNS Request

ads.eu.criteo.com

DNS Response

178.250.1.17
8.8.8.8:53

rtb.fr3.eu.criteo.com

dns

msedge.exe

67 B
114 B
1
1

DNS Request

rtb.fr3.eu.criteo.com

DNS Response

178.250.7.12
8.8.8.8:53

226.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.187.250.142.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

225.16.217.172.in-addr.arpa
8.8.8.8:53

129.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

129.61.62.23.in-addr.arpa
8.8.8.8:53

17.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

17.1.250.178.in-addr.arpa
8.8.8.8:53

static.criteo.net

dns

msedge.exe

63 B
113 B
1
1

DNS Request

static.criteo.net

DNS Response

178.250.1.3
8.8.8.8:53

cat.nl3.eu.criteo.com

dns

msedge.exe

67 B
114 B
1
1

DNS Request

cat.nl3.eu.criteo.com

DNS Response

178.250.1.6
8.8.8.8:53

cdnjs.cloudflare.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

imageproxy.eu.criteo.net

dns

msedge.exe

70 B
124 B
1
1

DNS Request

imageproxy.eu.criteo.net

DNS Response

178.250.1.15
8.8.8.8:53

csm.eu.criteo.net

dns

msedge.exe

63 B
110 B
1
1

DNS Request

csm.eu.criteo.net

DNS Response

178.250.1.25
8.8.8.8:53

12.7.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

12.7.250.178.in-addr.arpa
8.8.8.8:53

3.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

3.1.250.178.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

6.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

6.1.250.178.in-addr.arpa
8.8.8.8:53

15.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

15.1.250.178.in-addr.arpa
8.8.8.8:53

25.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

25.1.250.178.in-addr.arpa
224.0.0.251:5353

msedge.exe

390 B
6
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

86.23.85.13.in-addr.arpa

DNS Request

86.23.85.13.in-addr.arpa
172.217.16.225:443

tpc.googlesyndication.com

https

msedge.exe

5.0kB
58.2kB
29
48
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

148 B
226 B
2
2

DNS Request

202.187.250.142.in-addr.arpa

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

146 B
342 B
2
2

DNS Request

195.212.58.216.in-addr.arpa

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

144 B
338 B
2
2

DNS Request

99.201.58.216.in-addr.arpa

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53
8.8.8.8:53

www.poemhunter.com

dns

msedge.exe

128 B
326 B
2
2

DNS Request

www.poemhunter.com

DNS Request

www.poemhunter.com

DNS Response

195.181.165.140

195.181.165.181

DNS Response

195.181.165.181

195.181.165.140
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

rtb.nl3.eu.criteo.com

dns

msedge.exe

67 B
114 B
1
1

DNS Request

rtb.nl3.eu.criteo.com

DNS Response

178.250.1.10
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

19.229.111.52.in-addr.arpa

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

10.1.250.178.in-addr.arpa

dns

142 B
250 B
2
2

DNS Request

10.1.250.178.in-addr.arpa

DNS Request

10.1.250.178.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

55.36.223.20.in-addr.arpa

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
79KB

MD5
6766ccd03f709b46e04e275c09ceec35

SHA1
5902cde78649b7c4f202fce88dd25b0c74a28aad

SHA256
92e816437880ad287f2424579a048ac4ba985f533a70c16b5cf8cf2f483ab238

SHA512
49a87f5f246934187e9768102020f656512a32a51b1af7e2275f5a941d4ea2685f1f0cd6d84d447d1d7911b1669e10f3b8879890be2238f561c9776ae47fa9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
55KB

MD5
6cd02bec45e3ce2adbeaff686c56c915

SHA1
04d8bcee0cd067256b85d6f2b1a6db3c52b599de

SHA256
8b0613db96dc90b83b694414f5e9a53c407e7a5b4c6f05d3c2c3e1d3c68f1933

SHA512
2a0314979ba9135b6c3634ac0e40503fdabe36e806504b87f28cd890f110a0a298a1a2e4d5dba4d4fe2300ec88aa41a60171db69b276f5bdba2ca77f875df02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
49KB

MD5
b27973c330569be9da57610f0c368cbd

SHA1
833f0ce090a9ba7047c06c18e6204dda1323ff7d

SHA256
ec403cd2c71cc3c9df0df4e9b492a65ad77982b020f544a9cf75dd8f110b66d1

SHA512
edbb5b7aa38009fbb71f6563ed215a3fd7b8bd3c20308b87b6231b3de7419eedf31166a02a1bb42d4cc65408a373aa845755e792d43af058e9694e2f98b32d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
16KB

MD5
549d9ad1988f3111375f64c74069ee6c

SHA1
e01f0fcf1a9d67b3d9ad6ba4b59b7b4d1f64fb77

SHA256
ff432fcf8093bd9ec4a32c277dcb8720c32b6df543f33867c47532729fccc8d1

SHA512
0d402a44537daa373bb5c55bcc57df85ea375be9df7234a40364900207bf8cf72ddf9f8c1b6fd302bd0d09db7db86316caafe736c8d55e25c80c27637e8d103c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
49b8bd91b04839f9a1c220477b620894

SHA1
2b0a9fd53e67312dd31b3d31fe10a6147304fa06

SHA256
b54be954bf7d35ed908bc94a65365bddb73e88789623443ce875e624a35bf114

SHA512
be4d9d75a3bf7b0430d5e33c10276931fac2a4c8332ac37ceaab615c7760726d74fefcabff4b697e83f0e31ba6c5515e7321cd2454a37430430b7be50e6c43de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
57KB

MD5
0df7815e089ee836eee827c69c45ffb0

SHA1
e1f89c63ff9e6975550cc5c565fc677216ebf3d5

SHA256
f1ced5b4d4b24ef1efc7efa0298a6c7de2f4e54702a1b94c83b0c4021759bdd9

SHA512
9b8b563bd80eb465a8b6069f0abaf50232754d5e24fcbfda35f1ca1a3b1c99d23bb55d81a02b4f054f1d0463cba21705e743188c38f526a33be897d9cb334468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
bb65b10292eaa42b8a31256630d4e218

SHA1
5e6e7d64e0dec18871a9dd9a28cb558c08caed4b

SHA256
a171e74a6389fd4930f9fffc641e7c2fc5b1649657c9c7025a13bb736edff2f7

SHA512
53bd45044866a09837625f439c5c31d0ed32ecc0cb18275c4e4c797d4c33c772619ef45eca559ca44d22b22fe2cc9741615312d9d458c2ce0f509e413946b695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
6ea8fd7f44e4ddfdfab92a9b87a571ec

SHA1
fec8245091c70084293c47fed579ccc2b14e8479

SHA256
b313987a2ecfb69c6e9fb727770625af92fd2d20d9fa57902729f505ae7dc8eb

SHA512
cc5ed2a03f02bee996063ee6c0508542215c813cc5dcc7f017d3cc4d5b37e200fe4a240096a3382fe46252db005f337379ccfe549f77c012bd1cc5d71b537554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
1294832f98c9abfe9cd339d24c91e891

SHA1
b999e2f5bac25df56bbfa02dd4a3eac8886d4810

SHA256
91b0152e8d2cf430930fb259b4e95255a79742c068fb97c1d88f10c61228bf66

SHA512
23e4d113df6f79bfe5bfe9f547c5128fb96df42fd9c9dfbd89fa46819fa23567496e75168fedfab00fdc21273793006d695631969e9fdaab262050c33d8aa52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
fa3fdfbff69d377ad6c6e51d53c0251d

SHA1
eb2109ee1c7b7b22f2cc3529eac695a7bbb6e75b

SHA256
c07394a1675adadc9397756eb63642d6a97a71dde61e2f90b87f0b9ac407d5b6

SHA512
68c75a0c920a122659693f11b66bbc85856acb1d9cf71b10b1a75bef6afb996cb2bd53130f1bc8d90520535fc6bfbac9396679ed4abaabb56d13ae7f7964303a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e3f4e805e07e5641d2d5d2e57f443844

SHA1
210f1fe17c5888897d97f5950635ceb1f80570d1

SHA256
6e836da78b6df1f026313eeea6c7cc9842e81365cb11dd775b4600c1f98276be

SHA512
ae041308b249925cbeffe080f6772b7334e2a526719e3705e7ff1edd217b5db8af442ffe8f4d7b6f6789a50b824d65d7ac94182ef88548869b0b673ea01f89b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
154ff4f0faacfa9d77788895cb2b1d66

SHA1
c926eb20fc2b4ccfa7df27c57e54d8609e4e7b9e

SHA256
8f6b3a521313abc70154d47cda75d1163e398430d54956cd62b74a75b0e5fced

SHA512
ca8bea66bbbc7ef63e30254ac9cfa1b39d98835a29c42cef66fa52b1fbb6c2bbfb6decd2310af69cde03cb4e25cd2f14e1c5d3220f9fa8a4e3344f4c21e128b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7b0db3d5aaecec5466e0749b1fab0d35

SHA1
f3863c1486374ca94ad26959a43a22ad6e6f75cd

SHA256
c8accc2280a9acb3060febb5655b90a2e2bfc9b0cb290a1403655c7977ae55df

SHA512
d8450e38ce65826843ffc2e711dd623045ce4f1fa57e8144af5798ce5c0fe8f6fa0021215478895c72a7b61d0a134548f4c3c9ad226f53e3ceb65ea9cbc2316f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aeaa91196651fa1fd6a9f70b1f796c89

SHA1
ab1ee5b6f3570b55b87c9fef3a6f46354569192a

SHA256
36b9ee3f77dc38bb4e20ca36468cfd491cf092fe116ba836f87e9961e01f1bed

SHA512
cef9291870490a2925aa7f1bd3a8b0ac60258223edeea8a11091e7e982a51b94e2f6c42718586b13cd57f4eecb0c8abe8acda61253a6b1de8fcb172882399128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4a39d719e02f3993c07a2b93c414ccc

SHA1
6f753857ba7bc45981538a25c068e7335a96f202

SHA256
709450a2672ea3b2692a055e3b7f923077d1fd2d1cde41e653af86cfb695d487

SHA512
d9d5d9ec1d11dd1dcfeb7c7aad5dab79401cadb8e6667e4f44e2b04093664f8ecc8175e596082eb65c9d6e96710b3fad017963fbf97ff5687a8dd8042c166e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
107ff638bda380c0c1b20e4d97cf4d85

SHA1
ed269eb7335503654d898258db68e3fcf465988a

SHA256
72d1631f4a80d83249b21d9e8ac5e99ae2d7acee399091a4603d1ea2ab92c26c

SHA512
916f9a9445dc009b42044438013d12aae832454c9c80da6c16bca0b2c773bdcfa0718cc9c467692ead48b1a4ce5100e27b6469fcafbba622ad2b49eaa609a715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
026899fa9b3d27d3f7b1c63f4b9ab179

SHA1
d922482a1982e6666149ea9063486495bf41b383

SHA256
6df071b6bb8ad78c9dcc9d733a64d726063b8bb549ee0394dd88c224f3a72f62

SHA512
47f0b6dd75f20c292d24e70ea796865c2ee6afc9e3961b7e6e60ad0163d87e44f8fa15998d35e0dab42b09edc91ef0f1508a84d6f243f566207b131e847e19bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c9238f336022b80e8744f05ca4154a34

SHA1
5cdb11513c5b6dad4b45b9839a6dd2aa34172d99

SHA256
a38cfe0846928ec793e784b91c02423ee09a0e4419e80124bd335d4f83e83bdf

SHA512
dcb66c94bcab09cc5b100903828305958045ff490e492236110380f64885d325e3f8cdd9ff5151243683b45030309e8778a972abc01f9be2fee0acf02d46840d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
765081a597fc51c93e2cb3c82ea95a1a

SHA1
e7bf2b72747e4be071a67b07e124cb0b7db250c6

SHA256
fc6030b28fcabbca584f3338531a5165f63ee31cbdfed15db8a6c663045d27bd

SHA512
93e3483befd50bf8d8a81835f1272cebe9e6f8dd6085eea80270a12eaed41a65c3be765f4ec4a3e3d2a48da305ce17da7ba82f45a9943f0fe141e87589fc61ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
896b22e417255c7bff00b5c88fd8a2db

SHA1
9b6ad8b9bde8eecbad5144caff8ddbbf2494d39d

SHA256
6e882a9809bea51fa85dbcb366ae9688cdfdd135625c3199e2dbd9f569f35219

SHA512
2def3561221516c5a17099737f1dbf38aea6896481257e0999777a3c8450e70eb557d3d226b4830ea059fea68ed2eabefcfdb8706a39f247b58e06d7e90f4b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9f5.TMP

Filesize
1KB

MD5
16ae153c4a99f34a9f5d017958ba99df

SHA1
54b6e6d23589679b84ec6c25316e86994d2f4e66

SHA256
c7923d86fc37383ec23ccc291f4b5c9945f8752f5167f4eb44d134b9dde7e6ad

SHA512
961d55c10e1ae432bd59d3aa9191bb7718316ad8d849770fddcb0ec16f677a643e2e6a4542efecce26bf23f57b223f7fe97b6cac9ff7bfc5023b5507d7befdbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78bbe97397a7dd6b01f7f49cf6b200bb

SHA1
89bf92c54753e6f0873669ff70ecab83e6e58575

SHA256
685da267604d396046fde7aa345ef39a7770bb7863110d80ee2ce07fcc5ee0b6

SHA512
d6128ca46e241b160a15495264f1e6bf3b612cab42229c9a33c4af6764760181a151f4c3e471466e780437bdc8239c90d1e957c92441aed501ab858c66d875f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request