steamru.org Open in urlscan Pro
185.197.162.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://steamru.org/pay/pfqp
Effective URL:
https://steamru.org/pay/pfqp
Submission: On January 27 via api (January 27th 2024, 11:27:51 pm UTC) from US — Scanned from US

Summary HTTP 118 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 21 domains to perform 118 HTTP transactions. The main IP is 185.197.162.100, located in Latvia and belongs to THREE-W-INFRA-AS, NL. The main domain is steamru.org.
TLS certificate: Issued by R3 on November 30th 2023. Valid for: 3 months.

This is the only time steamru.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	185.197.162.100 185.197.162.100	60144 (THREE-W-I...) (THREE-W-INFRA-AS)
5	2607:f8b0:400... 2607:f8b0:4004:c19::5f	15169 (GOOGLE) (GOOGLE)
17	2607:f8b0:400... 2607:f8b0:4004:c08::9a	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c17::5e	15169 (GOOGLE) (GOOGLE)
1 6	2607:f8b0:400... 2607:f8b0:4004:c09::9b	15169 (GOOGLE) (GOOGLE)
11	2607:f8b0:400... 2607:f8b0:4004:c1d::65	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4004:c1d::5e	15169 (GOOGLE) (GOOGLE)
26	2607:f8b0:400... 2607:f8b0:4004:c06::84	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1b::9b	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c1d::5f	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c0b::68	15169 (GOOGLE) (GOOGLE)
2	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
2 2	54.172.223.177 54.172.223.177	14618 (AMAZON-AES) (AMAZON-AES)
14	172.253.115.155 172.253.115.155	15169 (GOOGLE) (GOOGLE)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
2	202.233.84.1 202.233.84.1	131957 (MICROAD M...) (MICROAD MicroAd)
2 2	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
1 1	199.38.167.130 199.38.167.130	54312 (ROCKETFUEL) (ROCKETFUEL)
4	2a00:1450:401... 2a00:1450:401b:806::2003	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4004:c09::64	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:3::6	15169 (GOOGLE) (GOOGLE)
1 1	35.194.66.159 35.194.66.159	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
2 2	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
118	18

10 185.197.162.100 (Latvia) 1 redirects

ASN60144 (THREE-W-INFRA-AS, NL)
PTR: vps15026.ua-hosting.company

steamru.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c19::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2607:f8b0:4004:c08::9a (Ashburn, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c17::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c09::9b (Ashburn, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4004:c1d::65 (Washington, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4004:c1d::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2607:f8b0:4004:c06::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1b::9b (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::5f (Washington, United States)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c0b::68 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.172.223.177 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-223-177.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 202.233.84.1 (Japan)

ASN131957 (MICROAD MicroAd, Inc., JP)

aid.send.microad.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.159 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.38.167.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:401b:806::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::64 (Ashburn, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:3::6 (Colchester, United States)

ASN15169 (GOOGLE, US)

r1---sn-ab5l6nkd.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.194.66.159 (Washington, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 159.66.194.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.90.30 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	544 KB
20	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 bid.g.doubleclick.net — Cisco Umbrella Rank: 917	157 KB
17	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	138 KB
13	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143 www.google.com — Cisco Umbrella Rank: 2	71 KB
10	steamru.org 1 redirects steamru.org	28 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28 imasdk.googleapis.com — Cisco Umbrella Rank: 485	140 KB
3	2mdn.net 1 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1402 r1---sn-ab5l6nkd.c.2mdn.net — Cisco Umbrella Rank: 71264	950 B
2	mookie1.com 2 redirects odr.mookie1.com — Cisco Umbrella Rank: 1375	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1282	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 626	1 KB
2	microad.jp aid.send.microad.jp — Cisco Umbrella Rank: 11949	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 875	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	130 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	599 B
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 349	687 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 856	758 B
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 3226	1 KB
1	adkernel.com 1 redirects dsp.adkernel.com — Cisco Umbrella Rank: 5589	543 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 716	538 B
118	21

	Domain	Requested by
26	tpc.googlesyndication.com	googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com steamru.org imasdk.googleapis.com pagead2.googlesyndication.com
17	pagead2.googlesyndication.com	steamru.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
13	cm.g.doubleclick.net	steamru.org googleads.g.doubleclick.net
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
10	steamru.org	1 redirects steamru.org
7	www.gstatic.com	googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
5	fonts.googleapis.com	steamru.org googleads.g.doubleclick.net tpc.googlesyndication.com
4	csi.gstatic.com	imasdk.googleapis.com
3	imasdk.googleapis.com	googleads.g.doubleclick.net
2	odr.mookie1.com	2 redirects
2	r1---sn-ab5l6nkd.c.2mdn.net	steamru.org
2	rtb.mfadsrvr.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	aid.send.microad.jp	googleads.g.doubleclick.net
2	pm.w55c.net	2 redirects
2	www.googleadservices.com	googleads.g.doubleclick.net
2	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	www.googletagservices.com	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	px.ads.linkedin.com	1 redirects
1	um.simpli.fi	1 redirects
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	a.rfihub.com	1 redirects
1	dsp.adkernel.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
118	29

This site contains no links.

Subject Issuer	Validity	Valid
steamru.org R3	`2023-11-30` - `2024-02-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.send.microad.jp GlobalSign RSA OV SSL CA 2018	`2023-10-03` - `2024-11-03`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2024-01-16` - `2024-03-26`	2 months	crt.sh

This page contains 15 frames:

Primary Page: https://steamru.org/pay/pfqp
Frame ID: 77E8D74AA320878AFA36F1C83112D631
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&adk=1812271804&adf=3025194257&lmt=1706398066&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.6&asamct=0.6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398066939&bpp=4&bdt=305&idt=195&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1533787473719&frm=20&pv=2&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=226
Frame ID: B16D51C4AF283BA262E973BD57923DD9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&daaos=1706395060880&w=307&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=3&bdt=1165&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1346&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=113
Frame ID: 758142547B8A58686E7EEC27A0365477
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121
Frame ID: E22B3C78E805BEB6D346AE83B06BE15A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C854AE89A09DB595F6580E1F1CAF8108
Requests: 6 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 2D4F6E740754BAC7CC3C056B1E932C3F
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: 014EBB2DE3A77E5F0FD140FF2C0D4507
Requests: 1 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019
Frame ID: 881C385FA67A521459EBA99EE07DEB8E
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
Frame ID: 78E18300C6E97D4CFFE06321C50D2B66
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DFF73773E6B2026C9F4CFB852F4EE607
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: 4D7A12637A5AE0641E7A7C9C5009BC2E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9DDDC8A770928D79241A58D9DF6C7628
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: B3EA00B8BBF29587E820EBCA2ACC6CD4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6725916C0A07D9B7D767502B3498BE51
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B47D2638D54B4C587A43863DB3900BA1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Подарок невозможно отправить, так как цена в регионе получателя значительно отличается от вашей цены - steamru.org

Page URL History Show full URLs

http://steamru.org/pay/pfqp HTTP 301
https://steamru.org/pay/pfqp Page URL

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

118
Requests

89 %
HTTPS

50 %
IPv6

21
Domains

29
Subdomains

18
IPs

4
Countries

1209 kB
Transfer

3742 kB
Size

30
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://steamru.org/pay/pfqp HTTP 301
https://steamru.org/pay/pfqp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56

https://googleads.g.doubleclick.net/pagead/adview?ai=CJVnwc5G1ZdDqPK3p_tMP39CC6Afgssu3cOyjrdiYEGQQASCQu4AEYMnujovApIwQoAH6hPbNA8gBCakCZ9RZb1k1sj6oAwHIA0iqBOkBT9AjQ22p4OomhE3yNsQtUHtzTlzbVDhMrChAeJ71L9KVNizaM4ChIIYo7k2qyxf60lyQFX28_HtKuJr7-nMKdocIpyXQ3RLYLtPhiaolgtUlItKwIbvJGwohILkBuVu25-HZZmVM97yUZr_k-eKgWGasKYgoB8mgIttXpHSjZ06KDyeUSUgdk4rktXcKLNoy5AItIFoDM4JnDrluxY1Hckj2fKWrEeQ_-wJSmo3b9ug4n7zzpy5iiTiIXBnGx5vuAELYVjrTPh9-Zy7bDxe0NJcgEafxOw-_bgtMAbvt8yc25EbrRAvfOBTABJqk-p_oAogFg9qvsyKSBQQIBBgBkgUECAUYBKAGLoAHwN6xvQGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCQ3gPSCB8IgGEQARgfMgKKAjoEgECAQEi9_cE6WMi3vpXc_oMDmgkaaHR0cHM6Ly93d3cuYmVldHJvbmljcy5jb22ACgHICwGiDAgqBgoErLqxAtoMEQoLEODX2vGT4ZTSmQESAgED2BMO0BUBgBcBshccChoIABIUcHViLTIxNDc5NDg2NTczODk4NjQYAA&sigh=9N4KeYcz4b0&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_9ptUdnzRHTGHAx-rSaKmE_zEoYZi1rkj-1Ip02Phd34dNoXSW9H9fC47BCtQhLcTDXeBhzDeghgB&template_id=419&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x84f5b143e2e6fe10000000000000000%22,%222%22:%220x38ae5fd60008fb700000000000000000%22,%223%22:%220x10766b407f2113f60000000000000000%22,%224%22:%220x22601c93727df6380000000000000000%22,%225%22:%220xf1eb80e6fe54dd7a0000000000000000%22},%22debug_key%22:%229715556318574380486%22,%22debug_reporting%22:true,%22destination%22:%22https://beetronics.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22968721018%22],%2222%22:[%22true%22],%224%22:[%2201-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211546371873436020465%22}&andc=true

Request Chain 60

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zBuYnxwmCyYv1mBVeEQFOOrlHFgbpb2uuPoqB5_7aI5OMWvNI3F5VSz_xI HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zBuYnxwmCyYv1mBVeEQFOOrlHFgbpb2uuPoqB5_7aI5OMWvNI3F5VSz_xI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TnJON3VLTU8xUnRTNXU1&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zBuYnxwmCyYv1mBVeEQFOOrlHFgbpb2uuPoqB5_7aI5OMWvNI3F5VSz_xI

Request Chain 61

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAiuZ6gGuSNs-QR1p0InSPg&google_cver=1&google_push=AXcoOmSOprWsgwlYdQ--r6e6QJNsnBxu9AIMhn_rpSiTTOEt86bs6BUdXpsSQwcbLak8fLqXgN_qgUuqiH09qwEYDyRmepnRuDWixAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAiuZ6gGuSNs-QR1p0InSPg&google_push=AXcoOmSOprWsgwlYdQ--r6e6QJNsnBxu9AIMhn_rpSiTTOEt86bs6BUdXpsSQwcbLak8fLqXgN_qgUuqiH09qwEYDyRmepnRuDWixAk

Request Chain 63

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFZCkgvVDH7dL15a_GuD-lY&google_cver=1&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFZCkgvVDH7dL15a_GuD-lY&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E&google_hm=aElELTFPVUdNRE5GWTN6WmV6bnM=

Request Chain 64

https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELr_1mz-mCDSXXjf9rov3gs&google_cver=1&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3tvxf5hvpO1GrHM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTU3MDE5ODY2Mjk3MjI4ODg3MTE&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3tvxf5hvpO1GrHM

Request Chain 65

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESECJID09J8vlFeJCJrWTGQk8&google_cver=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb6ly1F4syZjEoyYErLIRfBgypmJw- HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESECJID09J8vlFeJCJrWTGQk8&google_cver=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb6ly1F4syZjEoyYErLIRfBgypmJw- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=matiXMWURYCjwV4YE2dzKg==&no_redirect=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb6ly1F4syZjEoyYErLIRfBgypmJw-

Request Chain 66

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIYGqP0_01d1_qPKfIXTiuU&google_cver=1&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkMX4o6goPlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkMX4o6goPlw&google_hm=NDE4MDg5NTc1MTUyODIxNDU1NQ==

Request Chain 87

https://gcdn.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/7BA80E515E93768CD764493C6008C998E5D7A279.67905B8D522C781554A55E8DF7F04FA89397111/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0E1AE5CF6C74F7FDB129C48C2F9CD10ACD439F84.38444045369E6B1D00ED1ADB08EE4AB19CF2E6DD/key/cms1/cms_redirect/yes/mh/OB/mip/2602:ffc8:2:104::11/mm/42/mn/sn-ab5l6nkd/ms/onc/mt/1706397648/mv/m/mvi/1/pl/48/file/file.mp4

Request Chain 89

https://um.simpli.fi/gp_match?google_gid=CAESEOQq6c-zij6zN-XFxUxLeLI&google_cver=1&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6rN6idt5jbnmmArm2tdEQXayOTJGbULWdRf8kxZTWgRkhOhUjQqmX0oeiWKybWi9p_PX8kxtA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=838BF3203D0A4169B3E72A9CAA9B3807&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6rN6idt5jbnmmArm2tdEQXayOTJGbULWdRf8kxZTWgRkhOhUjQqmX0oeiWKybWi9p_PX8kxtA

Request Chain 90

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESECPl8H3PIPOXzG8ad4Epg88&google_cver=1&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzFAAgGuYrblINIt6L-_c3hL5IDtU95JjCc_NU6Ckzh4tpywZwzB78mbKyJCPSKO1cDBXFbFbPrc8QJk05IQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzFAAgGuYrblINIt6L-_c3hL5IDtU95JjCc_NU6Ckzh4tpywZwzB78mbKyJCPSKO1cDBXFbFbPrc8QJk05IQ

Request Chain 91

https://ads.travelaudience.com/google_pixel?google_gid=CAESED0FWZmVQE3ubOc-fCvR7Co&google_cver=1&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_xebgHikziVI29q9ziE7-lweEtug7V1zf9cDMslilsENFzMnZucqhWChSEajObbVIO_OC5Q HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bb4JhXzsSNcUfkeBzsORLA&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_xebgHikziVI29q9ziE7-lweEtug7V1zf9cDMslilsENFzMnZucqhWChSEajObbVIO_OC5Q

Request Chain 94

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPrf4PZzKlemawXhW4BMMlw&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b9MEdPR5UOthjOkmx-CUnbjFkvoDlhrEsIgPpNODLPhoqRaA9bRJk8yO23upxGlw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b9MEdPR5UOthjOkmx-CUnbjFkvoDlhrEsIgPpNODLPhoqRaA9bRJk8yO23upxGlw&google_hm=MTA2MDMzNzM0ODEwODM3MDcwMjQ

Request Chain 95

https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEDMJYovC5OGTLyOL1X1PaWo&google_cver=1&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbeBzAXrLZosAH7FEsyYmFMhg0G_83xAe8-mgtujk0HmvuNY25QvjPH8m4zdpjzMNc-I9x5jxfp_PchA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbeBzAXrLZosAH7FEsyYmFMhg0G_83xAe8-mgtujk0HmvuNY25QvjPH8m4zdpjzMNc-I9x5jxfp_PchA&google_hm=MTA1OTUyODEwODMzODY1NDgzNjM

118 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request pfqp Show response
steamru.org/pay/
Redirect Chain

http://steamru.org/pay/pfqp
https://steamru.org/pay/pfqp

16 KB
5 KB

386ms
175ms

Document
text/html

185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

dc7325c96e16eb5b2cbb984ea03282ae0ac08cd9ba514a9861563f643e64a4ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 27 Jan 2024 23:27:46 GMT
last-modified: Sat, 27 Jan 2024 23:27:46 GMT
link: <https://steamru.org/pay/pfqp>; rel="canonical"
server: nginx
strict-transport-security: max-age=31536000;
vary: Accept-Encoding
x-ua-compatible: IE=edge

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Sat, 27 Jan 2024 23:27:46 GMT
Location: https://steamru.org/pay/pfqp
Server: nginx

GET
H2 200 style.min.css
steamru.org/themes/ 10 KB
3 KB 105ms
103ms Stylesheet
text/css 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/themes/style.min.css

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

aa6670cd216514598e9395fb4bcaeecbd3d8bdd4bb541cc63ac995cf0308585e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
content-encoding: gzip
last-modified: Thu, 19 Apr 2018 04:04:42 GMT
server: nginx
etag: W/"5ad8155a-27c2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 107ms
44ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d95ffdcf010d6749281f6cd27c3a5f9c856d4b5590cee285f4b4fdbebce22b4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 27 Jan 2024 23:27:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 21:43:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 27 Jan 2024 23:27:46 GMT

GET
H2 200 a.js Show response
steamru.org/js/ 158 B
386 B 105ms
104ms Script
application/javascript 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/js/a.js

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

9a886adbe15add3ec3eb5ed564419a60981a0a2bb266efc369417df69c1f1064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 11:37:48 GMT
server: nginx
etag: W/"5f96b50c-9e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 19627.png
steamru.org/themes/av/19/ 161 B
369 B 106ms
105ms Image
image/png 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamru.org/themes/av/19/19627.png

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

c4d7e5206dcc56e99111becf93e677886281cbac4d116aecad4adacf1a28d3c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 19 Apr 2018 04:22:18 GMT
server: nginx
etag: "5ad8197a-a1"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 161
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 11628.png
steamru.org/themes/av/11/ 168 B
376 B 106ms
105ms Image
image/png 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamru.org/themes/av/11/11628.png

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

bb4a55b2c64b26cf3c6462ab47583eb2f3d958fd3f53fc0eaa4adc19b908bdec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 19 Apr 2018 04:22:16 GMT
server: nginx
etag: "5ad81978-a8"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 168
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 16689.png
steamru.org/themes/av/16/ 159 B
367 B 104ms
104ms Image
image/png 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamru.org/themes/av/16/16689.png

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

a0eb9cd9c6fdcd21b05aa46b1d70c046caa99432dd6d66807574c1431294fe4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 19 Apr 2018 04:22:18 GMT
server: nginx
etag: "5ad8197a-9f"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 159
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1003.png
steamru.org/themes/av/1/ 170 B
378 B 105ms
105ms Image
image/png 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://steamru.org/themes/av/1/1003.png

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

2637a31a8f62a0693bf869ff58df91303107cd1b77bef46e1bd1a7bc3e923100

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 19 Apr 2018 04:22:14 GMT
server: nginx
etag: "5ad81976-aa"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 170
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 127ms
62ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: steamru.org
URL: https://steamru.org/js/a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d946ffde37c91cf0e3d554acc1ce0b39604fb40e30560ce22d8a706aaeb6dfbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51302
x-xss-protection: 0
server: cafe
etag: 1129444740930163279
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 27 Jan 2024 23:27:46 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d621f523e84eb7af66e3daba984f5ee4ab9257e301462577c3c66582c880ab0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pwk.phtml Show response
steamru.org/ 51 KB
18 KB 112ms
111ms Script
application/javascript 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/pwk.phtml

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

7f4972b6f7feb7a2dd6f98c8ea06df115dc3c07dca4efe0c0114ac85ddac47d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/pay/pfqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
last-modified: Fri, 29 Sep 2023 22:17:51 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31622400

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 97ms
32ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:17:51 GMT
x-content-type-options: nosniff
age: 43795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:17:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 128ms
63ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:05:38 GMT
x-content-type-options: nosniff
age: 44528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:05:38 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 101ms
39ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:00:30 GMT
x-content-type-options: nosniff
age: 44836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9576
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:00:30 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 130ms
73ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:15:22 GMT
x-content-type-options: nosniff
age: 43944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:15:22 GMT

POST
H2 200 pwk.phtml
steamru.org/ 43 B
163 B 106ms
105ms Ping
image/gif 185.197.162.100
THREE-W-INFRA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/pwk.phtml?action_name=Steam%20%D0%9F%D0%BE%D0%B4%D0%B0%D1%80%D0%BE%D0%BA%20%D0%BD%D0%B5%D0%B2%D0%BE%D0%B7%D0%BC%D0%BE%D0%B6%D0%BD%D0%BE%20%D0%BE%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C%2C%20%D1%82%D0%B0%D0%BA%20%D0%BA%D0%B0%D0%BA%20%D1%86%D0%B5%D0%BD%D0%B0%20%D0%B2%20%D1%80%D0%B5%D0%B3%D0%B8%D0%BE%D0%BD%D0%B5%20%D0%BF%D0%BE%D0%BB%D1%83%D1%87%D0%B0%D1%82%D0%B5%D0%BB%D1%8F%20%D0%B7%D0%BD%D0%B0%D1%87%D0%B8%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%BE%20%D0%BE%D1%82%D0%BB%D0%B8%D1%87%D0%B0%D0%B5%D1%82%D1%81%D1%8F%20%D0%BE%D1%82%20%D0%B2%D0%B0%D1%88%D0%B5%D0%B9%20%D1%86%D0%B5%D0%BD%D1%8B%20-%20steamru.org&param01=steamru.org&rec=1&r=767114&h=13&m=27&s=46&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&_id=11f74a79525472b3&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=jpnSJx&pf_net=211&pf_srv=175&pf_tfr=1&pf_dm1=138

Requested by

Host: steamru.org
URL: https://steamru.org/pwk.phtml

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://steamru.org/pay/pfqp
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

date: Sat, 27 Jan 2024 23:27:46 GMT
strict-transport-security: max-age=31536000;
server: nginx
x-robots-tag: noindex, nofollow
content-length: 43
content-type: image/gif

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 406 KB
138 KB 105ms
105ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb9df5a45c9123b1a7783ba5d72c2db91e92dafe11f40ddbf6b84062f35aa490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140842
x-xss-protection: 0
server: cafe
etag: 5212906641609008239
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 23:27:47 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B16D 203 KB
56 KB 437ms
368ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&adk=1812271804&adf=3025194257&lmt=1706398066&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.6&asamct=0.6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398066939&bpp=4&bdt=305&idt=195&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1533787473719&frm=20&pv=2&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=226

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b5a1e613e6f932713b55194ec6c4915e7dbb14414884ca0874ca360711a46d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 57172
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 23:27:47 GMT
expires: Sat, 27 Jan 2024 23:27:47 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 94ms
94ms Image
image/gif 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&cls=navigation&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 165 KB
56 KB 58ms
58ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/reactive_library_fy2021.js?bust=31080697

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5ae0684c5c8dccf006dedb7fe31ccf960353009d5dfcce47cb82666d63536ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56991
x-xss-protection: 0
server: cafe
etag: 9795481602887432911
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Jan 2024 23:27:47 GMT

GET
H2 200 ca-pub-2147948657389864 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 129ms
60ms Script
application/javascript 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2147948657389864?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d58b699459d54bb543663253e1ddae7f7241fd95d6ac1656674193e89d37902

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jyUpABALl-dPJe_S-T0qhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-jyUpABALl-dPJe_S-T0qhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjusKoxSXF4K0hxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgLsh-zlQBxIx_XjBxAnFP_0umKUD87stLJoGvL5kkgFgLiN9JvmL6BsQ7fDxY3oRPZ-WLmM56umA662UgZqsA8oE4rm46awEQ862bzmq4fjrrljPTWfcAcczz6awpQLyYdQbraiCeEjiDdQ4Qt0TPYJ0GxE7pM1hDgPhz5gzW30Bcdvscax0QC_FwfF50bS2bQMe3SS3MAAMJYao"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7581 94 KB
30 KB 416ms
415ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&daaos=1706395060880&w=307&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=3&bdt=1165&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1346&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=113

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9801e0013bd99b2ad6ab766ab32a2a4df388494cae3d615785f33b9081f626dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30702
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 23:27:48 GMT
expires: Sat, 27 Jan 2024 23:27:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E22B 154 KB
45 KB 393ms
392ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

905eca7579a383a52583291e853f6c4381c6b21d2ccfca39c7e640dc2fbf5b5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 46041
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 23:27:48 GMT
expires: Sat, 27 Jan 2024 23:27:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame C854 9 KB
4 KB 32ms
31ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 21405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 17:31:02 GMT
etag: 3890843268177463596
expires: Sat, 10 Feb 2024 17:31:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxXIcROvcf7PdFE3dL3HudqlmO0uudQiJrO4ur5F1O74k3uob1bNKV2oAz37nKu1PNIu-KBPxV8v-SgcyeqjsEvjNzVqba3S6GbqclB66S6Ze_Qieh3YPlLSICjQp2MnZZpTMXp46A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 63ms
62ms Script
application/javascript 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXIcROvcf7PdFE3dL3HudqlmO0uudQiJrO4ur5F1O74k3uob1bNKV2oAz37nKu1PNIu-KBPxV8v-SgcyeqjsEvjNzVqba3S6GbqclB66S6Ze_Qieh3YPlLSICjQp2MnZZpTMXp46A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2Mzk4MDY3LDk2MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9zdGVhbXJ1Lm9yZy9wYXkvcGZxcCIsbnVsbCxbWzgsIll0a3ZVdnIwS2hJIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzBbmq2zME3JMPFTDIqo5tO3kA2UA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

61f46e41c0e571f85cb2faba1bdf6a00930c87431b14911955b6fd39dfe789e6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8pd9hA64gieJ3e8FbTHR8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-8pd9hA64gieJ3e8FbTHR8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjusKoxSXF4KshxXDy1m2mi0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgLsh-zlQBxIx_XjBxAnFP_0umKUD87stLJoGvL5kkgFgLiN9JvmL6BsQ7fDxY3oRPZ-WLmM56umA662UgZqsA8oE4rm46awEQ862bzmq4fjrrljPTWfcAcczz6awpQLyYdQbraiCeEjiDdQ4Qt0TPYJ0GxE7pM1hDgPhz5gzW30Bcdvscax0QC3FzfFl0bS2bwIXnG5gApWNhgA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame C854 4 KB
767 B 42ms
42ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 22:32:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame C854 205 B
649 B 107ms
31ms Image
image/png 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 22:22:22 GMT
x-content-type-options: nosniff
age: 3926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 26 Jan 2025 22:22:22 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame C854 604 B
695 B 117ms
42ms Image
image/png 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 20:32:17 GMT
x-content-type-options: nosniff
age: 10531
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 26 Jan 2025 20:32:17 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame C854 16 KB
7 KB 118ms
44ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 16:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24253
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6870
x-xss-protection: 0
server: cafe
etag: 16407976921096022632
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 16:43:35 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame C854 22 KB
10 KB 107ms
33ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20505
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9462
x-xss-protection: 0
server: cafe
etag: 4236850132385514013
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:03 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2D4F 14 KB
1 KB 40ms
40ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 21:39:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 2D4F 2 KB
902 B 82ms
69ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 22:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2697
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 22:42:51 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 2D4F 23 KB
9 KB 76ms
64ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 2D4F 3 KB
1 KB 81ms
70ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20936
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:38:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 2D4F 20 KB
8 KB 48ms
37ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2D4F 205 KB
65 KB 112ms
41ms Script
text/javascript 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H2 200 5ff8bb2821e31fbf08fa14f5007a6efe.js Show response
www.gstatic.com/mysidia/ Frame 2D4F 37 KB
15 KB 43ms
32ms Script
text/javascript 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5ff8bb2821e31fbf08fa14f5007a6efe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 10:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15476
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 10:19:49 GMT

GET
H3 200 AGSKWxULcjkfSgNMNfW1-053vZ6pEnJOfxhUOKD2Wcr841aE4JRK6SIcR5-gvfX8CuPfMtZ-fq5NPXqwnvSlkHdHXEoKWMy288COXSRdHrjQytjp5p6rFWczajbue3zWX9OKakUse8RQYQ== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 57ms
56ms Script
application/javascript 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxULcjkfSgNMNfW1-053vZ6pEnJOfxhUOKD2Wcr841aE4JRK6SIcR5-gvfX8CuPfMtZ-fq5NPXqwnvSlkHdHXEoKWMy288COXSRdHrjQytjp5p6rFWczajbue3zWX9OKakUse8RQYQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2Mzk4MDY4LDU4MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cHM6Ly9zdGVhbXJ1Lm9yZy9wYXkvcGZxcCIsbnVsbCxbWzgsIll0a3ZVdnIwS2hJIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42bdc8be707a3160e4ca817e0349d283d03dfefa2c14ce4f87dbb92b0e2d207c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-mFsT_xYlb4gb7Y5bwlsINw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-mFsT_xYlb4gb7Y5bwlsINw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4KEhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smga8vmSSAWAuI30m-YvoGxDt8PFjehE9n5YuYznq6YDrrZSBmqwDygTiubjprARDzrZvOarh-OuuWM9NZ9wBxzPPprClAvJh1ButqIJ4SOIN1DhC3RM9gnQbETukzWEOA-HPmDNbfQFx2-xxrHRALcXN8WXRtLZtAw8p-PQBVslvo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 014E 50 KB
19 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:15:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 112348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jan 2025 16:15:20 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 7581 23 KB
9 KB 38ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&daaos=1706395060880&w=307&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=3&bdt=1165&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1346&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=113

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7581 8 KB
750 B 43ms
42ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 22:24:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/ Frame 7581 15 KB
3 KB 111ms
32ms Stylesheet
text/css 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:40:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42458
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Thu, 18 Jan 2024 02:36:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:40:10 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/ Frame 7581 378 KB
132 KB 111ms
33ms Script
text/javascript 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

325f25191af82345cc615c820126c663f55ee865ccb8c6f033e11ee57085617a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 08:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54832
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134582
x-xss-protection: 0
last-modified: Thu, 18 Jan 2024 02:36:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 08:13:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 7581 20 KB
8 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H2 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame 881C 9 KB
4 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 11:06:37 GMT

GET
H2 200 5154246e00432523dc2699fccaa9746f.js Show response
www.gstatic.com/mysidia/ Frame 881C 42 KB
16 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5154246e00432523dc2699fccaa9746f.js?tag=html5_display_upload/html5_exit_api

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c2ec9602be045040cd3507d282ad447a6d4fa12cc53d596017334bbbf146340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 07:01:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16643
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 07:01:22 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 881C 2 KB
856 B 38ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 22:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2697
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 22:42:51 GMT

GET
H2 200 a9236e80b53d06124e135fbb61f51146.js Show response
www.gstatic.com/mysidia/ Frame 881C 23 KB
10 KB 58ms
55ms Script
text/javascript 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a9236e80b53d06124e135fbb61f51146.js?tag=exit_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8fcf6605dc44f9b2b7cd65ce594db86a9f7a06f3efc07a984148c8ce388ca30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 09:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49115
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9797
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 09:49:13 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 881C 23 KB
9 KB 39ms
37ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 881C 3 KB
1 KB 38ms
36ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20936
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:38:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 881C 20 KB
8 KB 33ms
31ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Feb 2024 17:46:04 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 881C 0
0 117ms
50ms Image
text/html 2607:f8b0:4004:c0b::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTN2kPNtd_JY6viyGs94-PCukSjgjFsGgwaqkTEzndSEIRRM2Ee2hg4dIxe9QslQ3uacxfwZBVFrq1cMPHwfKvTIikNUw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c0b::68 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 881C 205 KB
65 KB 49ms
48ms Script
text/javascript 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H2 200 5ff8bb2821e31fbf08fa14f5007a6efe.js Show response
www.gstatic.com/mysidia/ Frame 881C 37 KB
15 KB 43ms
42ms Script
text/javascript 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5ff8bb2821e31fbf08fa14f5007a6efe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 10:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15476
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 26 Apr 2024 10:19:49 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 91 KB
20 KB 44ms
44ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/5154246e00432523dc2699fccaa9746f.js?tag=html5_display_upload/html5_exit_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f9d5ec3ccdec1101e064ede60374e10adbfca8935fe3643a79d5b10c93125e1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 23:27:48 GMT
expires: Sun, 26 Jan 2025 23:27:48 GMT
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DFF7 1 KB
643 B 35ms
33ms Document
text/html 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 26166
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 16:11:42 GMT
etag: 48472445140208031
expires: Sun, 28 Jan 2024 16:11:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 881C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19bcf810ca76bba00d33fbd0961ccc7ab4284d277fb4b8102a98196937eaaa74

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 881C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CJVnwc5G1ZdDqPK3p_tMP39CC6Afgssu3cOyjrdiYEGQQASCQu4AEYMnujovApIwQoAH6hPbNA8gBCakCZ9RZb1k1sj6oAwHIA0iqBOkBT9AjQ22p4OomhE3yNsQtUHtzTlzbVDhMrChAeJ7...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x84f5b143e2e6fe10000000000000000%22,%222%22:%220x38ae5fd60008fb700000000000000000%22,%223%22:%220x10766b4...

0
0

268ms
48ms

Fetch
text/css

172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x84f5b143e2e6fe10000000000000000%22,%222%22:%220x38ae5fd60008fb700000000000000000%22,%223%22:%220x10766b407f2113f60000000000000000%22,%224%22:%220x22601c93727df6380000000000000000%22,%225%22:%220xf1eb80e6fe54dd7a0000000000000000%22},%22debug_key%22:%229715556318574380486%22,%22debug_reporting%22:true,%22destination%22:%22https://beetronics.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22968721018%22],%2222%22:[%22true%22],%224%22:[%2201-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211546371873436020465%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x84f5b143e2e6fe10000000000000000","2":"0x38ae5fd60008fb700000000000000000","3":"0x10766b407f2113f60000000000000000","4":"0x22601c93727df6380000000000000000","5":"0xf1eb80e6fe54dd7a0000000000000000"},"debug_key":"9715556318574380486","debug_reporting":true,"destination":"https://beetronics.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["968721018"],"22":["true"],"4":["01-27"],"6":["true"]},"priority":"500","source_event_id":"11546371873436020465"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 27 Jan 2024 23:27:48 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x84f5b143e2e6fe10000000000000000","2":"0x38ae5fd60008fb700000000000000000","3":"0x10766b407f2113f60000000000000000","4":"0x22601c93727df6380000000000000000","5":"0xf1eb80e6fe54dd7a0000000000000000"},"debug_key":"9715556318574380486","debug_reporting":true,"destination":"https://beetronics.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["968721018"],"22":["true"],"4":["01-27"],"6":["true"]},"priority":"500","source_event_id":"11546371873436020465"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 78E1 3 KB
663 B 43ms
43ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:regular|Raleway:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0faf57f67b15b6fe8e306b6cba1dcbeb408c3b45174dea2b03e9196ef56763f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 23:22:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 27 Jan 2024 23:27:48 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 78E1 16 KB
6 KB 35ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:41:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 28 Jan 2024 17:41:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 78E1 34 KB
13 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:28:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21545
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 28 Jan 2024 17:28:43 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TnJON3VLTU8xUnRTNXU1&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zB...

170 B
188 B

47ms
47ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TnJON3VLTU8xUnRTNXU1&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zBuYnxwmCyYv1mBVeEQFOOrlHFgbpb2uuPoqB5_7aI5OMWvNI3F5VSz_xI

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 27 Jan 2024 23:27:48 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-801-g0076fb7#rel-ec2-master i-096f902830c062f3f@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TnJON3VLTU8xUnRTNXU1&google_gid=CAESEOGyu_5zYGRcj6Ngq55F8-k&google_cver=1&google_push=AXcoOmTU53i87eS4Jr5DrkRnI1agtqR_p2AOn22etxUu3zBuYnxwmCyYv1mBVeEQFOOrlHFgbpb2uuPoqB5_7aI5OMWvNI3F5VSz_xI
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAiuZ6gGuSNs-QR1p0InSPg&google_push=AXcoOmSOprWsgwlYdQ--r6e6QJNsnBxu9AIMhn_rpSiTTOEt86bs6BUdXp...

170 B
232 B

52ms
47ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAiuZ6gGuSNs-QR1p0InSPg&google_push=AXcoOmSOprWsgwlYdQ--r6e6QJNsnBxu9AIMhn_rpSiTTOEt86bs6BUdXpsSQwcbLak8fLqXgN_qgUuqiH09qwEYDyRmepnRuDWixAk

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-yyz4561-YYZ
pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1706398069.602932,VS0,VE22
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAiuZ6gGuSNs-QR1p0InSPg&google_push=AXcoOmSOprWsgwlYdQ--r6e6QJNsnBxu9AIMhn_rpSiTTOEt86bs6BUdXpsSQwcbLak8fLqXgN_qgUuqiH09qwEYDyRmepnRuDWixAk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
200 asr
aid.send.microad.jp/g/ Frame DFF7 43 B
641 B 624ms
224ms Image
image/gif 202.233.84.1
MICROAD MicroAd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aid.send.microad.jp/g/asr?google_gid=CAESEGi57fidgW6k85Gl2vZ-D54&google_cver=1&google_push=AXcoOmRQW15D3TCgbvGDHaWoNw20Lg4BVJCAkYDfElU54iCAH3GQOa82K9oAZNMK7F75zEYvF6z_MVmSmT6248zU9ow6Y69B7MjiOw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

202.233.84.1 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),

Reverse DNS

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 27 Jan 2024 23:27:49 GMT
Strict-Transport-Security: max-age=3600
Server: Apache
P3P: policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Connection: close
Access-Control-Allow-Headers: origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFZCkgvVDH7dL15a_GuD-lY&google_cver=1&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeci...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFZCkgvVDH7dL15a_GuD-lY&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeci...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E&google_hm=aElELTFPVUdNRE5GW...

170 B
188 B

43ms
43ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E&google_hm=aElELTFPVUdNRE5GWTN6WmV6bnM=

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 27 Jan 2024 23:27:48 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmThjvsKl9WzsLqugfV5AbPzLgq3sKSfs3sHJ0l6QHYajSJh8SHKUuvk4vTpgY7Ap6GmF9mj51hUqMeciCwAh9-YgWxBjssLg4E&google_hm=aElELTFPVUdNRE5GWTN6WmV6bnM=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 239
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELr_1mz-mCDSXXjf9rov3gs&google_cver=1&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3t...
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTU3MDE5ODY2Mjk3MjI4ODg3MTE&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3tvx...

170 B
232 B

52ms
48ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTU3MDE5ODY2Mjk3MjI4ODg3MTE&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3tvxf5hvpO1GrHM

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTU3MDE5ODY2Mjk3MjI4ODg3MTE&google_push=AXcoOmQWd3oAtmH4BFORNYSjkToTEhYXAbGQlFrwioKrOcV7j7r2mHH_uIDEky7zegkByc4jPdIj6jytvpBi2ulS3tvxf5hvpO1GrHM
Date: Sat, 27 Jan 2024 23:27:48 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESECJID09J8vlFeJCJrWTGQk8&google_cver=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb...
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESECJID09J8vlFeJCJrWTGQk8&google_cver=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbL...
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=matiXMWURYCjwV4YE2dzKg==&no_redirect=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g...

170 B
188 B

43ms
43ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=matiXMWURYCjwV4YE2dzKg==&no_redirect=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb6ly1F4syZjEoyYErLIRfBgypmJw-

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=matiXMWURYCjwV4YE2dzKg==&no_redirect=1&google_push=AXcoOmTIDcau24Qc29YMSnSmZUr07I0UqO7qQcac1G60Rnuw1uxQ2g59bR45fIgJIWSMbLgiiKCb6ly1F4syZjEoyYErLIRfBgypmJw-
date: Sat, 27 Jan 2024 23:27:48 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFF7
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIYGqP0_01d1_qPKfIXTiuU&google_cver=1&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkM...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkMX4o6goPlw&google_hm=NDE4MDg...

170 B
329 B

46ms
43ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkMX4o6goPlw&google_hm=NDE4MDg5NTc1MTUyODIxNDU1NQ==

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQAnQtmWuyYt-tlgnbkOM26w9eEzGR7GXs6raa73QhJqJr6m3ic64JFWZublKo6jN-uzlshrPXsR_uLtPL5knk3WkMX4o6goPlw&google_hm=NDE4MDg5NTc1MTUyODIxNDU1NQ==
Date: Sat, 27 Jan 2024 23:27:48 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame DFF7 0
139 B 106ms
39ms Image
text/html 172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K-uq5iuqfYtBe4dY7pWFCpUfUPWEJyNlT6t7DG0b_YjzSUlLX6ka_SJiD0RF421cyuhzDKjsA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 121ms
48ms Preflight
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 27 Jan 2024 23:27:48 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 4D7A 50 KB
19 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2743821908&adf=3288448195&pi=t.aa~a.2768384372~rp.4&daaos=1706395060880&w=960&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=960x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=1&bdt=1164&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1616&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=121

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:15:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 112348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jan 2025 16:15:20 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 7581 0
234 B 453ms
135ms Ping
image/gif 2a00:1450:401b:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lrwpcoei&c=216199408983&slotId=108099704491.5&qqid=CMWQwJXc_oMDFXqO7gEdQUgCsA&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:401b:806::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7581 9 KB
10 KB 33ms
31ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:00:20 GMT
x-content-type-options: nosniff
age: 44848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9644
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:00:20 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7581 15 KB
15 KB 42ms
41ms Font
font/woff2 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:17:51 GMT
x-content-type-options: nosniff
age: 43797
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:17:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7581 0
20 B 94ms
94ms Image
image/gif 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CS6Xxc5G1ZYWLPPqcur8PwZCJgAvMtJ-ec43Bnrq_EcD_t-PwPxABIJC7gARgye6Oi8CkjBCgAf7utrkCyAEFqAMByAObBKoE_wFP0DsdmCtdHT1oD7tmTq_zeTZ6qII_ruTbZfZr5kNX39_JFowP0xIVMu19lRGK4vsFwjm9BQ0BCKUdHdjVnB6NYO4Ua5HznsaHvnZXNGmiF0I2pm9yVtSHLtsBZg9woKCParZBfkTHdy2-yIVTJdQzmilZb_AxPGJj2EvcH2lWHh28Cu4AQYDOF24lwZYjZ4CicG8SwQF8pEDui7PXwEAMOVXZfQ44NILHtKdLfzTyIEhffrGzg47-dYacSGA9DKqh-fPEoNVD89Nfa0Uz3ZCURUH1mX3j_fE8wjrUuEkW9G5l9qa_SuwmkBEVtMsL8ptior_bJTxBANZ-Xq_8qNrABMm7_q6vBOAEA4gFptzR20uQBgGgBk6AB-qQycYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYl_q9ldz-gwOACgGYCwHICwGADAGiDAgqBgoErLqxAqoNAlVTsBOigbkW2BMNiBQD2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1706398068629&ai=CS6Xxc5G1ZYWLPPqcur8PwZCJgAvMtJ-ec43Bnrq_EcD_t-PwPxABIJC7gARgye6Oi8CkjBCgAf7utrkCyAEFqAMByAObBKoE_wFP0DsdmCtdHT1oD7tmTq_zeTZ6qII_ruTbZfZr5kNX39_JFowP0xIVMu19lRGK4vsFwjm9BQ0BCKUdHdjVnB6NYO4Ua5HznsaHvnZXNGmiF0I2pm9yVtSHLtsBZg9woKCParZBfkTHdy2-yIVTJdQzmilZb_AxPGJj2EvcH2lWHh28Cu4AQYDOF24lwZYjZ4CicG8SwQF8pEDui7PXwEAMOVXZfQ44NILHtKdLfzTyIEhffrGzg47-dYacSGA9DKqh-fPEoNVD89Nfa0Uz3ZCURUH1mX3j_fE8wjrUuEkW9G5l9qa_SuwmkBEVtMsL8ptior_bJTxBANZ-Xq_8qNrABMm7_q6vBOAEA4gFptzR20uQBgGgBk6AB-qQycYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYl_q9ldz-gwOACgGYCwHICwGADAGiDAgqBgoErLqxAqoNAlVTsBOigbkW2BMNiBQD2BQB0BUB-BYBgBcB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 7581 0
54 B 436ms
137ms Ping
image/gif 2a00:1450:401b:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lrwpcoeu&c=216199408983&slotId=108099704491.5&qqid=CMWQwJXc_oMDFXqO7gEdQUgCsA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.kb&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:401b:806::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 7581 32 KB
18 KB 70ms
62ms XHR
text/xml 172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AjhYI3XSUNpO0dGVYNctQzaPuxc29nCPnjIRLUCvq2cnmK4l83I65s2CGiQr2QkarbzvDBxoNz9LhJh7JYGmLKZXlQWw&cry=1&dbm_d=AKAmf-Bsbi3I00KkTwRQCZwPyQaHtet3dkjabntDfJWVeJgX7sZY0-BoYPGZD7-YFcHUVfLjHoesPhECwHUO2cDyML1XIGcS4bP1U3UrA83bT3w8uAGpwk0e9V_m5oDTFb3ygEW_luc8-sOU3hdhO65lI_BRkMpqM8v-W1hGDVVGpYsI4ay4zJKBTX3sVAMKcJoDpfnhj21Gdtt1tYp-Tv3iEcUER2kq7Wb4rvLeWscfgox2p1qW9KU_JPu4Ka4QxZaQdpD2P2RePn13XLPhsG_baEG9N7dhSML59aEk7g09sU41vPRFjqvBHiHXTf1FMb4KbW-p9ZgPWrfUKlxknE2wbr-RNxul_viX0vtGdpq-rNnIyCapFnb76abBsiRKynECYm2L-rCi3PkkJZBDni1Q_y8IzoVeCvDCNgzwUf93EcrZCBInY5eIlMrwEwu4-Iw7R4NYxHl5dUiBgVAyiaEa9jA_32j87M97p99-KAg3Y17IrcUqFHS0M6K3GSgmPnmHRSqzAXfaYpxC6knE-fmZTP79HyVruiTLsKu0DojNXSNDYX7Nx-d6oZQI7QVu-Xeh9FCsamgN0eDu5st0lcS3R6kNUVsapdmTj9YdzRDfY2-HGGFOSRrMYr2GjX1BBJUia3aQQAFR6mzVCfo2ubZOGbN7Fh0r1ho3Y0sEXu25HHVkkBDC56nfSjTPldfHJhVmPJDCsAk18LbDeso-yBrr4oV6Oj9Ofr0_kpwCxjRXdOIQ-2Bn0nXvfPLkY2uQNN7NP6AXbNvixtpCttL7nHi3EPeLpWnaXxsTwO8HIcMhrTaA28df38DKET-k5BgdIK_uR3lW934wfnEOZCKXAEzZUBo6guKAClmrW91pTfRc9zPC_lKiwGYMqdSdAwfP5BxkjFErPr5TZfWnsmZrO-EpjQcXyte3enOg1YDLUtTshLOX5IT93TrQ_srGk8ffhyXiPyMkxy_hV9Mw6CIss2aL-KPQ2WZKyWE2ADZ8p8J8IVq6wiq1-NpC_190tJcELV_YxpmkhBYQ_kztvDRzetOIZIglNSgk3sh4JgCMO-kZlHBe_CpV7LO4jPiUUQ763gY_u7RQgI-lkYP8FmFq86xXD0RZPNESZoJoyxKxVqGEyszjjl_zDRTRHg9F074hQXQEBJmAa31vvhK1wbLmkTHtnTUdw89GK7Q2SCPbGHc5iCXUX4S23EjTfnicXXO2UDjoMXXwEFw4zOPhtVk_0lP0ur9m1aqtk9ZzM4BdYBvrO2vH4Mq5cAKLEXnc1ADETcUXhpmwIJMTeab7V0BE3iQeYpFzxLSUbrUs8RG5d29-t4sxHIyc2WphMAYd1eYD7_y-7jpTQBNavHsjBmfBR3x0Qs0ndbY2Do2E-h6RCl8aHuRBq84lsR7aAQN0v21TPoFHkVJXdbnSXJPrSMJ1kozR-IqGgxBVwJGgdrWHeDIJMUILCA_c_jezsa8buYSIwPAYGK25VSHjKUJFZtgbrxFv2VsmTEkvpazO69t_DSpKEgsUu2KqBCV44twmAfbliSqwyVezAAT2QuL1g-AOkWcOo-tIBORQRmIvsTE4FJqZwxZvcG8osI5oPkWX7dmLquHfkoQ4KQplBewhvoqCqE5ASC3bqYCkmJv00TOHjXaVOikMjYBhRtdVrawkSpnDkN-8smOJiweT_fFjGPF3woxZtbO60quSLQvju8f8f-XUXNavV6Liv0bGb7DorYb61fIWLFDr4SjpUm5wFFD8KfSy_iJPeS3PVPEgUrbV9FJ6BtifR6xOB6xJXepH2Hswps0AfNkMw_birpS3LQFS2oi3BxkqSvFtZJgSzV3mlRbQMPg913RMkwe_plvIHcLSVP6z3Lbvpkq3J9Bd1tXOJ11AelHAX08THzrakkfrygjAqN4V8UJg5ZqK9yMA_a0N6TQnnJPCyb5KJV-LjmkMwWs6UXmv3bYa1_b7sOLkba0ecVl_NnaWv9r0-MKXSBSMOAWtB1aeXItU1iEcMGiVKHCjKh9Nj3bq9ymXJ0FrTmD_oPlznpzyxVC6NTz3eeesNkJ7ZxX_9_3Xnb6QGrE6aL6XvjINPT7dzDQFPZ4CuHez45GyKKgZuaf3nh338BOVfhjzZMwCM6Lzs46_JapAUfO9chohdtbfqgBSMbQXGBBv1mIPN-CbxpMj8RS7vyfWm6dJQ88EXZcC3g5OIFPFnKoOyuVppf0J0Avx3cs3XRM5IwZU7av_ZlqsHRxcnH0pl4VTTeqpLuv1FmA2zj64P6YVwur7nJUJgbtjh17RwPeVUBN9kuHNYY3QZ2ejynbYa_2HEd0AECABuhe-xlrwVrHXTTflAkkkar8DnNnmvWFTRXZn_F9VQJZtXqtOCq5Mk1kthHX205ZBrTZFRpfAb8v62UomfFxpo_3Ck1BVKjsCQZgMQKU4GzlNlLAZTHHaRFOu9UIgOPT4CPMUq-tvrr99hDg8qwgc4EkmHC_lzeGT9aooCIwIy7rBruRlgWxERLAqkzOwV1M8eCqe9bo5GQ2LSxq2NaRWhC-ZAG39whpVZ5nu5uF0x_V9-NhGckZAwJ9kQN3pykoByaCkiGw38vwQ01o8EUuCmv4LNdjIg4aA3ckB3F__xVzbV0z8PKBcSGNa2uZBRN1R9ejEUVlTiqkXNndBnGPinxlXg07nFHA1gnrPKmfQXT6oVu16NrjresEyE-KiNIlS7EE65ac1SiQiz9CHbjglunSX-4StbDSXItnQJa1VEcaUhxpOZd-mN3MgCdvn00DsLc4PDip3Hr9pikD6g6CkSfNboeYW6sBjBrdemonHe29gIylTx3G78gJAlbzt-zefwBA4WXgehwRHaTo_4q_NdfBgQURb7VwXPkUerb5vfbdz3aTWP2PaVd6294HSNAmM6gpLy94XYupi1Mx7-JyuyrZiD-uRrg3BUrTG0j81rpF1mLn7_sITYeDXk5jUfV8H93CNwj3QUmtGZuPDZfwbWo9cQ6dRp49Cj-wDxLzT67oXwJ7hQT6Mu9STBwAgvdNF_R65otbptavi1kMVi-b55HhekCFwkhBG70PmW4gpWKn8k3er5FAJfsOZeEWdXWM2kOzkq4P2xZ9sJBKNWS4aHuKEAgQezbOJD2_bWHUlMACniXdxT0jozq2pUcDDW62NRGER9iZYDf27QxT009cvKxWkstTOU7ukhFNJGelETCqAGcULUZmFuF9oDuGE3zN08itcNIK1dPRcjHFJc6OAxglHD3EMrjktS7g_MA3eHxkOoMMEcBGOQIE04n5hR4h0UhmWGWCrRZLF0xdOlOhAPKx9bqmoNbIZtXUcbpmzn_zLCIdlaij99TePt0P-EbIeSLteDCMsLABGXis1LNN2DHsfYXTQgwR9ZuPjk_X1beGhHyik7plPdC8geoXhwJozCgMF3Pmu2NnGfb0Id_RyHLKAmTHspJoYhNc5mAaEEPGxrHvvatPnm0yYeMzHPDgKAoMQMMUSSmPlG5rRVklm0UYYxZIvo1iSbqpznBdezSu_G3Am8Fws6hEWsO696wzy-IRJqiBPLkgZGozbzTqocw00EZPR9ncleLFS4UgM62RUvqkyj_GWlSFjQQl1fhEdIQgI0s2Zd770iW1K69SdEUp5uE7ELXjCrm3n9WmHgaFLHylM8_ucPfvcq5D-dHp3ZGDUrTU2_59mvSPCDniHHw&cid=CAQSOwAvHhf_a97g_1k2GK4yqLoQnzKpVjqv8YxaHnrV72CZ7KFnpfTlYkQG5ILxH4toRZBqxSNcNbRrtKc-GAE&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

1823628260d774c4140e1292b3f76a4cf7e8c0f2de7813a5edf004f10143089d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18069
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9DDD 1 KB
643 B 38ms
37ms Document
text/html 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 26166
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 16:11:42 GMT
etag: 48472445140208031
expires: Sun, 28 Jan 2024 16:11:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 78E1 50 KB
19 KB 37ms
36ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:15:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 112348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Jan 2025 16:15:20 GMT

GET
H3 200 cta.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 3 KB
1 KB 44ms
42ms Image
image/svg+xml 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/cta.svg

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ceb22a291b1ac8ce47c5deb028398258b0538176297909ee1b8f52b9837648be

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1149
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
H3 200 LOGO.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 3 KB
2 KB 44ms
43ms Image
image/svg+xml 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/LOGO.svg

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c171aab532418b986c7922d736f71bbaa247e7971a0a104ef4c2f75cc028d3af

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1515
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
H3 200 t3.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 2 KB
1004 B 43ms
41ms Image
image/svg+xml 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/t3.svg

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71a82ae697abb06005b913a8c5f2310cbf6fd4623a5a517ebdf51ea8b7aa1787

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 974
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
H3 200 t2.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 9 KB
2 KB 62ms
61ms Image
image/svg+xml 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/t2.svg

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad2c7743dd9bc36fddc94629ae056c0266b18936b7618fd2b6d0e7aafbebb9f7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2494
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
H3 200 t1.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 5 KB
2 KB 44ms
43ms Image
image/svg+xml 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/t1.svg

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61057e8b815d1dfe96ee0e8d59798fd5c20edc0019b4c0e9572aacd7c6152df2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1843
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
H3 200 pic.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/ Frame 78E1 22 KB
22 KB 46ms
45ms Image
image/png 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/pic.png

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd9539a378e34ee797617f52224a2a09c944f88194021df588504325b5eb7d96

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11635057347877043805/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22243
x-xss-protection: 0
last-modified: Mon, 10 Oct 2022 07:18:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Jan 2025 23:27:48 GMT

GET
DATA 200
OK truncated
/ Frame 7581 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f7117552215c414051f7988c192d015a2b856416c3cdec862b4970c6e38a02f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ Frame 7581 0
54 B 347ms
137ms Ping
image/gif 2a00:1450:401b:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lrwpcofd&c=216199408983&slotId=108099704491.5&qqid=CMWQwJXc_oMDFXqO7gEdQUgCsA&fb=outstream-lima&vast_v=2.0&vmfc=14&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:401b:806::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 7581 41 KB
15 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 22:42:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 22:42:47 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 7581
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

104ms
26ms

Fetch
video/mp4

2607:f8b0:4006:3::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0E1AE5CF6C74F7FDB129C48C2F9CD10ACD439F84.38444045369E6B1D00ED1ADB08EE4AB19CF2E6DD/key/cms1/cms_redirect/yes/mh/OB/mip/2602:ffc8:2:104::11/mm/42/mn/sn-ab5l6nkd/ms/onc/mt/1706397648/mv/m/mvi/1/pl/48/file/file.mp4

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

HTTP/1.1

Server

2607:f8b0:4006:3::6 Colchester, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 27 Jan 2024 23:27:49 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4111823
Last-Modified: Fri, 06 Jan 2023 15:59:05 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sat, 27 Jan 2024 23:27:49 GMT

Redirect headers

date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 648
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0E1AE5CF6C74F7FDB129C48C2F9CD10ACD439F84.38444045369E6B1D00ED1ADB08EE4AB19CF2E6DD/key/cms1/cms_redirect/yes/mh/OB/mip/2602:ffc8:2:104::11/mm/42/mn/sn-ab5l6nkd/ms/onc/mt/1706397648/mv/m/mvi/1/pl/48/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 7581 453 B
594 B 40ms
39ms Image
image/png 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-2147948657389864

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
expires: Sun, 28 Jan 2024 00:17:48 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DDD
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEOQq6c-zij6zN-XFxUxLeLI&google_cver=1&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6rN6idt5jbnmmArm2...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=838BF3203D0A4169B3E72A9CAA9B3807&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6r...

170 B
188 B

47ms
47ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=838BF3203D0A4169B3E72A9CAA9B3807&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6rN6idt5jbnmmArm2tdEQXayOTJGbULWdRf8kxZTWgRkhOhUjQqmX0oeiWKybWi9p_PX8kxtA

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 27 Jan 2024 23:27:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=838BF3203D0A4169B3E72A9CAA9B3807&google_push=AXcoOmS63Twp33PCdsTKAr9EBvmen5myA--uV_ke0FpGUqs3D3xPGw3lxTTSAWqCSNNa9dTAxgO2Ji3bcREcp6rN6idt5jbnmmArm2tdEQXayOTJGbULWdRf8kxZTWgRkhOhUjQqmX0oeiWKybWi9p_PX8kxtA
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 26 Jan 2024 23:27:48 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DDD
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESECPl8H3PIPOXzG8ad4Epg88&google_cver=1&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzF...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzFAAgGuYrblINIt6L-_c3hL5IDtU95JjCc_NU6Ckzh4tpywZwzB78mb...

170 B
188 B

48ms
48ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzFAAgGuYrblINIt6L-_c3hL5IDtU95JjCc_NU6Ckzh4tpywZwzB78mbKyJCPSKO1cDBXFbFbPrc8QJk05IQ

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 27 Jan 2024 23:27:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 2939A90933AE4AA4A2973B53640215DD Ref B: EWR311000103029 Ref C: 2024-01-27T23:27:48Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS21Xh1NZ8uJPnJaWU__k169RwxHBuVkyPP9hk1bBeivlLlviOKW7Wyyho4kyXQBT1_CSAzFAAgGuYrblINIt6L-_c3hL5IDtU95JjCc_NU6Ckzh4tpywZwzB78mbKyJCPSKO1cDBXFbFbPrc8QJk05IQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYP9cK/aQysdCLWLmW11w==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DDD
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESED0FWZmVQE3ubOc-fCvR7Co&google_cver=1&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bb4JhXzsSNcUfkeBzsORLA&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_xebgHikziVI29q9...

170 B
188 B

43ms
43ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bb4JhXzsSNcUfkeBzsORLA&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_xebgHikziVI29q9ziE7-lweEtug7V1zf9cDMslilsENFzMnZucqhWChSEajObbVIO_OC5Q

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 27 Jan 2024 23:27:49 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bb4JhXzsSNcUfkeBzsORLA&google_push=AXcoOmQztfcy_L1Gka9hXX7f9r-hkzKSKXgmivm_zGt1eOnGvrVYvv8Vh3Ca7BKQ4MMyfkBMQMa8K6Xjf8AFCk1_xebgHikziVI29q9ziE7-lweEtug7V1zf9cDMslilsENFzMnZucqhWChSEajObbVIO_OC5Q
x-host: tde-deliveryengine-production-84477bf6c-7gczn
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
200 asr
aid.send.microad.jp/g/ Frame 9DDD 43 B
641 B 567ms
187ms Image
image/gif 202.233.84.1
MICROAD MicroAd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aid.send.microad.jp/g/asr?google_gid=CAESECYQOkLjOl1LAWnzua0DihY&google_cver=1&google_push=AXcoOmR7OtzMEJ771gvFgd5VV34BAE9EXSUyUa7fms7BmribflyZd6mKxd78gdsfIe6pcO-pVRWXBJLxf39MhazYnsbC4dl3Vum3wuMquwcJyAr18JtlifCwl59m7cVFblcm2b9D0AKGv0AEKKACDvJBX5SY

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

202.233.84.1 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),

Reverse DNS

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sat, 27 Jan 2024 23:27:49 GMT
Strict-Transport-Security: max-age=3600
Server: Apache
P3P: policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Connection: close
Access-Control-Allow-Headers: origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length: 43

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 9DDD 43 B
363 B 168ms
29ms Image
image/gif 74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQBGV5zpMH4t1uzbu2Ojt2dI3DczeUZAq8-cKLCKaM_d7MblSBv0aLRBudQ_ZAYjU6AtHDILsJuinV-slC67snG90PxVBYfPZM_kHTZxWl1q1hWhdaDcKZX_JQcszzpDA-JS5w-3QPFFcyuX_1oprgX&google_gid=CAESELfm8v6jECmIIMbH5bced8Y&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 366085
expires: Sat, 27 Jan 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DDD
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPrf4PZzKlemawXhW4BMMlw&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b9MEdPR5UOthjOkmx-CUnbjFkvoDlhrEsIg...

170 B
188 B

50ms
50ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b9MEdPR5UOthjOkmx-CUnbjFkvoDlhrEsIgPpNODLPhoqRaA9bRJk8yO23upxGlw&google_hm=MTA2MDMzNzM0ODEwODM3MDcwMjQ

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AXcoOmSSdASubI_oZ2ngZov0y5WIHJYbnXW-lL1Vjp3O6Pgqs7sJzTLTDublTUWe7zBS2UbGJkDcnRfd6BZ50E7kNs1Dp4b9MEdPR5UOthjOkmx-CUnbjFkvoDlhrEsIgPpNODLPhoqRaA9bRJk8yO23upxGlw&google_hm=MTA2MDMzNzM0ODEwODM3MDcwMjQ
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DDD
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEDMJYovC5OGTLyOL1X1PaWo&google_cver=1&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbe...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbeBzAXrLZosAH7FEsyYmFMhg0G_83xAe8-mgtujk0HmvuN...

170 B
188 B

45ms
44ms

Image
image/png

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbeBzAXrLZosAH7FEsyYmFMhg0G_83xAe8-mgtujk0HmvuNY25QvjPH8m4zdpjzMNc-I9x5jxfp_PchA&google_hm=MTA1OTUyODEwODMzODY1NDgzNjM

Requested by

Host: steamru.org
URL: https://steamru.org/pay/pfqp

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:48 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AXcoOmQ4IFFnc6u1LglFbRwTyukfNy6wRBzWse-CkWBWL6CDTKJNO6wA5LKPVD8nu-PHVK1yKdpLnUbbeBzAXrLZosAH7FEsyYmFMhg0G_83xAe8-mgtujk0HmvuNY25QvjPH8m4zdpjzMNc-I9x5jxfp_PchA&google_hm=MTA1OTUyODEwODMzODY1NDgzNjM
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9DDD 0
12 B 44ms
44ms Image
text/html 172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IdqQW5iSBMMUX3Ygb75JevpKJN_oag0abKaFaWVMqi4wpLgON4x3R_IMQh4Zs3_lds2Cog

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 _.asp Show response
fundingchoicesmessages.google.com/f/AGSKWxVtvMwPlTII8jfldnPejpl3-Jl4f4Ga_va72f32xdxNv1HVFIQoqEN9TqDuvgv02iIkm8lRgdZuJ-M4PrnasXb3rhAmW9bUgZ7a16Ndt5WXI3yBXt24SaHWCpRt58-pssJKdqoquAGoeBjkqxMlEQ0PTA-j6... 54 B
110 B 48ms
48ms Script
application/javascript 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVtvMwPlTII8jfldnPejpl3-Jl4f4Ga_va72f32xdxNv1HVFIQoqEN9TqDuvgv02iIkm8lRgdZuJ-M4PrnasXb3rhAmW9bUgZ7a16Ndt5WXI3yBXt24SaHWCpRt58-pssJKdqoquAGoeBjkqxMlEQ0PTA-j6dCxlwuWARDquNjIwIM0Wqtlgpeio-KY/_.asp?coad/widget/ads.-rollout-ad--ad-new_-720x90-

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.YtkvUvr0KhI.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxPEIo90jKXuFkWlMpFtfc2vWS8gA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31210beb87f1b77e9ef23707c769dcc96ee44a3b5e8d0a2d7ec9e23c30dbf236

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-sBgXzB2WRJKzEEs0T3oTFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-sBgXzB2WRJKzEEs0T3oTFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4KAhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smga8vmSSAWAuI30m-YvoGxDt8PFjehE9n5YuYznq6YDrrZSBmqwDygTiubjprARDzrZvOarh-OuuWM9NZ9wBxzPPprClAvJh1ButqIJ4SOIN1DhC3RM9gnQbETukzWEOA-HPmDNbfQFx2-xxrHRAL8XB8WXRtLZvAjJlLJjIDAKw3XGQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 65 KB
24 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5b523fbbd545c0bd8a1d22b64bb9971416b715149757afddb2946d4724ada82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:19:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24666
x-xss-protection: 0
server: cafe
etag: 11924467180626392408
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 28 Jan 2024 00:19:12 GMT

POST
H3 204 AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 132ms
68ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2rR2xFCfGFXTsQjOZby9Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-2rR2xFCfGFXTsQjOZby9Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIiH48uia2vZBFb8uLaNGQDt6yET"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://steamru.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame B3EA 23 KB
8 KB 32ms
32ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 194191
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Jan 2024 17:31:17 GMT
expires: Fri, 24 Jan 2025 17:31:17 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 51ms
51ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hMFTNz7m_EhFDY5qbdBI9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-hMFTNz7m_EhFDY5qbdBI9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw1pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIiH48uia2vZBFb8nnaaGQDtryDs"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://steamru.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 49ms
47ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8jaFwEvS5hgy9ysAjEytzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8jaFwEvS5hgy9ysAjEytzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw05BiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIiH48uia2vZBD60XrjADADu4SEA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://steamru.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 49ms
47ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WhQGQg2txTc6T1J_cgnazA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-WhQGQg2txTc6T1J_cgnazA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0ZBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIiH48uia2vZBC7suXWRGQDuoSEg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://steamru.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWFQGTivj7UU3J2-iBNCsLJ5fFdOIiLfJRPEl4MEIvVoetIPo1wIunBnDY86obN-jCCwnaxQB0rWd7gBfO5Gj2DdMmRCJmHudC4hRsZWGLUoOleNDLFv74MX3VxrteK9pkTYEVbAQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 59ms
57ms Script
application/javascript 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWFQGTivj7UU3J2-iBNCsLJ5fFdOIiLfJRPEl4MEIvVoetIPo1wIunBnDY86obN-jCCwnaxQB0rWd7gBfO5Gj2DdMmRCJmHudC4hRsZWGLUoOleNDLFv74MX3VxrteK9pkTYEVbAQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2Mzk4MDY4LDk0NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9zdGVhbXJ1Lm9yZy9wYXkvcGZxcCIsbnVsbCxbWzgsIll0a3ZVdnIwS2hJIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6ba916ef9ef3f7b8f93b80489785494dd4f6b56d62dadaebdf59d537b9971f5a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7nl1fr9x1MbCGt6jiVBkRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-7nl1fr9x1MbCGt6jiVBkRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXFEKQhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smga8vmSSAWAuI30m-YvoGxDt8PFjehE9n5YuYznq6YDrrZSBmqwDygTiubjprARDzrZvOarh-OuuWM9NZ9wBxzPPprClAvJh1ButqIJ4SOIN1DhC3RM9gnQbETukzWEOA-HPmDNbfQFx2-xxrHRAL8XB8WXRtLZvAiQOTrzEDAL0mXQE"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7581 0
0 52ms
52ms Fetch
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXTUnc5G1ZYWLPPqcur8PwZCJgAvMtJ-ec43Bnrq_EcD_t-PwPxABIJC7gARgye6Oi8CkjBCgAf7utrkCyAEFqAMBqgT8AU_QOx2YK10dPWgPu2ZOr_N5Nnqogj-u5Ntl9mvmQ1ff38kWjA_TEhUy7X2VEYri-wXCOb0FDQEIpR0d2NWcHo1g7hRrkfOexoe-dlc0aaIXQjamb3JW1Icu2wFmD3CgoI9qtkF-RMd3Lb7IhVMl1DOaKVlv8DE8YmPYS9wfaVYeHbwK7gBBgM4XbiXBliNngKJwbxLBAXykQO6Ls9fAQAw5Vdl9Djg0gse0p0t_NPIgSF9-sbODjv51hpxIODyWXzJrtVYnP47PHJIawfbGJ1FnugHfhD_O1zZGM_2guMsYKJwgEZBk9O4GzA4DLNjft3onYA4Z83mmNdR2G8AEybv-rq8E4AQDiAWm3NHbS5IFBggDEAEYAZIFBggbEAEYAZIFCwgiEAEYAUjrkbEBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAfqkMnGAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcKEKuRBxiFy_7dAdIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYl_q9ldz-gwOACgHICwGiDAgqBgoErLqxAtoMEAoKEPDxpbabm4qIJxICAQOwE6KBuRbIE7zSsOAD2BMNiBQD2BQB0BUBgBcBshccChoIABIUcHViLTIxNDc5NDg2NTczODk4NjQYAA&sigh=WCurVcTyhkE&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_a97g_1k2GK4yqLoQnzKpVjqv8YxaHnrV72CZ7KFnpfTlYkQG5ILxH4toRZBqxSNcNbRrtKc-GAE&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&daaos=1706395060880&w=307&fwrn=4&fwrnh=100&lmt=1706398066&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2Fpay%2Fpfqp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706398067799&bpp=3&bdt=1165&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1533787473719&frm=20&pv=1&ga_vid=2146278900.1706398067&ga_sid=1706398067&ga_hid=91509705&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1346&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080533%2C31080591%2C31080620%2C44795921%2C95322748%2C31080697%2C95322329%2C95320868%2C95320891%2C95321253%2C95321626%2C95322166%2C95323006&oid=2&pvsid=3502753944750626&tmod=606119933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=113
Attribution-Reporting-Eligible: event-source
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 27 Jan 2024 23:27:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame B3EA 39 KB
15 KB 34ms
33ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 09:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Jan 2025 09:27:05 GMT

POST
H3 204 AGSKWxUk831oBprk-N3q-Nmdx4r2jPFlhk9k6OBPufhBeGlyHlpUGz0HCPq3_DkzGtIXuh1wbTmJ9AoXlbTU0nANAPOVeBGZShm7m5oQThtSO2quEBdoA23rFAvGaAEYdLmb-_X_hW4O2g== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 52ms
52ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUk831oBprk-N3q-Nmdx4r2jPFlhk9k6OBPufhBeGlyHlpUGz0HCPq3_DkzGtIXuh1wbTmJ9AoXlbTU0nANAPOVeBGZShm7m5oQThtSO2quEBdoA23rFAvGaAEYdLmb-_X_hW4O2g==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sSdXC7XoksJBMZVFNgUhfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-sSdXC7XoksJBMZVFNgUhfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw1pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIib4-uia2vZBHbcuykEAM7fIG4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://steamru.org
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 104ms
104ms XHR
text/html 2607:f8b0:4004:c1d::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVG1Lyuvuhm7zEUgoVTVPaW-0ReVnFQV21YFId9PocVKmtLCmxIcVLR1KIRMyHlBxocO0FNbS2wpOrTPJ3JhoneZ54yKvDv5aF2VtE4ZI1bQt8VR3HZt2iIhhjJ5fuh7HNbMuWKw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-H6jO6ZQdQ4fN3B9-gaLmqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 27 Jan 2024 23:27:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-H6jO6ZQdQ4fN3B9-gaLmqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0JBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQListvnWOuAWIib4-uia2vZBD6s_qILAMwoIJ4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://steamru.org
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 163ms
99ms XHR
application/json 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240122&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b00e8dba5fb8c6bdb88075a0ef6ae26d968e8da28e11edd59f252678afd0387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12270
x-xss-protection: 0

GET
H3 206 file.mp4
r1---sn-ab5l6nkd.c.2mdn.net/videoplayback/id/60d2e1ddf48f3717/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3817468802/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 7581 421 KB
0 100ms
26ms Media
video/mp4 2607:f8b0:4006:3::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:3::6 Colchester, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range: bytes=0-

Response headers

expires: Sat, 27 Jan 2024 23:27:49 GMT
date: Sat, 27 Jan 2024 23:27:49 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-4111822/4111823
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4111823
last-modified: Fri, 06 Jan 2023 15:59:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3EA 0
20 B 123ms
123ms Image
image/gif 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bg21SdJG1ZdqcKv6coPMPxoyYuAQAAAAAOAHgBAI&bg=!CwilCEfNAAa8BdJLnAU7ADQBe5WfOIuqZ44FqFSHNEF-5wQt4yykQMjxqyUnY0o57uDruGN1BVJONmrwkr2MAQi4NvguAgAAAFVSAAAAA2gBB5kC27v6eDP_hp4S-hKJHaw2R6Cg9-VELQc6NO5vovQPLiXYnoLSa4Y-yUM3EJSoIzpxjVaHURTA5J3v7YoEPFBYFMxZnp22npS3DMzHFtusI2iAYsdM4X1lG2XMhr753nQjDkQB0AV7JL4k4KgGRU2FdWZrV6WnBpjVGxv1nZAlBCZVzRe3oOeQG3Wu_Ytqrg_wEbIn6HBZkeZXb5YlrhaVOqPieB55UPWJn-ZsxXN1_KLXsIaTwSOFqNe5P35VSuFxna-osYZgBy-yLgPIdA_KVKkp8nriM5rjV95UekHS5AUarXItlZi80hu47VPWWnE2i4Tn_J4ZkYJFkE352qtjN6YH8pSjXQMXJt6AOqm0j-dZsyQ70K2EIIoCPurG3o9-RnqTdfvDe2-kVxBtQZGeU40pPCBWiXc1SwKQnZbOxsYwg7BHWDnue2CAqSV1O7Y68r_3PwtULxoN3u-wnYwJKCejoGDAqmHbgWDMBn7MoaBIuhHRxo4lUXwbE6sbFFHFzHqrS_gHNMxDrGRFX23Nj10G1mghr14FQDEiaZVheqRNSsn1nj6iOsjjFDInGrFODRbqctkl6WRCkTFGpqd9DHy3zROU53TKb5j-fQEGc5lu10_j8jV38iNtZBfdooiZ_6mXTwau-pdEZCZPyhfmASB1PJF08738kQzubGKyJ34i044JocCTMelz3EH0C1h_uv46Stz7mokpa_SJL7xu4XdkRyyGtL-eH4TPmrI5Nw6RlO8kU58WPp93K6stVSwpK6OQWlSgtg8W8QumdT2lwy3-KlsWj1xJlojJkK1bq3eVUX9xvdrEs1SddbdxaTXuMSEo2UVfALGxqmGO5DDFiVVcq5cdGVyX-pRax_Ph_e6GJVCWsc7qWgL3RO5Codf8426KMkunMCGGnu0YI9w0SO7fhrhxiGUtkw1DI758hAuYBdTHzdaTv8wB_asRlGNtPTFCUExdghkbWuZd

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
33ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js?bust=31080697

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 23:27:49 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6725 13 KB
5 KB 32ms
32ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 42115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 11:45:54 GMT
expires: Sun, 26 Jan 2025 11:45:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B47D 829 B
1 KB 104ms
104ms Document
text/html 2607:f8b0:4004:c0b::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::68 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

649daaa9eb301a26117c6f6ae4283440fc79a390c63d2a56fd9d8cceb452e5a6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-of5_A-_fsjCEUeOUjah-4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-of5_A-_fsjCEUeOUjah-4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 27 Jan 2024 23:27:49 GMT
expires: Sat, 27 Jan 2024 23:27:49 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6725 39 KB
15 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 09:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Jan 2025 09:27:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B47D 0
0 93ms
93ms Image
text/html 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240122&jk=3502753944750626&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6725 0
10 B 31ms
30ms Image
text/plain 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?wr2QWg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 23:27:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 48ms
48ms Image
text/html 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240122&jk=3502753944750626&bg=!pKelp-jNAAa8BdJLnAU7ADQBe5WfODVCmeW0jBGNFgNq7AIRxnZVggpG21W0IQ0WWFI3rzaG3JCYV6JwYR8le1HTqXisAgAAAFpSAAAAA2gBBwoAo3XQ4Dikev6onlb2Sk2hzGmZdVxIaRrEfRcZH0B0vK6e90pQFdlvaJL7CDCLy2bJXDCtdeQgzrXFq4cyBdf9I2WWfqxLOKEtizL08V7kPv1bdUrOvSsXzbmg8DsOWWoLAYGvKZi_ksaovf2qSACpa-C1KZWOAJoG7TA96xuMEJxfPAeaRvQ7zXqQMhh1UUUKql-aip6vV3jI5aZ0QrJ2CtdVqoSZAqymL6Zn4SU6sX_SHHLQ2OmjfRD4bey77guzXq1vkAmZY2VQDJiM8E19YERkvBWhFZi2BtiDH4xXGlfcyJDMwWg14Z08xJsQVgIZv01BDAvxRJbytxSmRFaRLSGDXHWIim6lNBPb6VvjQstR5e1Nm98ptRDrYBMEIBM-Vw_FnY1g_pSh6t2sHVpgN5d_kbwWPnWO_3-A_uAwxlsi_akt-vnuCMEXvEqx7pFV9Qik3mIEZIhsTD3GSXLhYg7F4c40zPqxee0o-29H2rjHDYBIvS68aEmOWsDBei9_ClmRmlBhJiNx_2cgUCougchYfGmY-QR8ZEY949LNohTza4eNA8Dw0Wzz3ts5H5brKnmCPq4Gw__-twYfeDM1Ygirvdh6TiWIiEDqObTaT-Yp8T22_x1aJYCNDBlZXZaoIOeyBsyUEB3wXpDF9HJ3roTu5t3XecpHgBVrXbnRfASUnaiykqiZMh4y37aLXvJAH74pm_bD_t3M1yBo21kaR_VPAkG4iBfRcUt-vO--o4Xlfo0K8pgH1WPYOEKMpg4pZ8Ey0evj15JVEdM8XE4r_nEZW1WJgBSlDZaTxzUMa3CAk2S2-SZkYzhiwNYWxuFSvdJuaz02FeY_UzyXvt2Iq_rL5SmIPRpMGqABksEWWgQgp6my5GZInGXYYeMTdKiypvExHBALhprlYqED2l4_C70pekUc3BMFiVVgyXYheZkNELipRQgDDQ26uuik6BfRTJGHgI_UGaAO8gu77-mDaJ34Hm6CWa4e6PWl1gXwI_yKjt7AqL9R9Q9QVXpL_isvl64vPVPtePBJXSoi7dn6f7h8PwA_HQHVK9MYDEAqY8Kk0AK2sO00xQvuIp_Vv9dVoN3fdy_hbFe42y5llzHFBLP2PGNp7pK2Z6vCSvSEBiGAPr4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 7581 0
54 B 136ms
135ms Ping
image/gif 2a00:1450:401b:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lrwpcohv&c=216199408983&slotId=108099704491.5&qqid=CMWQwJXc_oMDFXqO7gEdQUgCsA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1989&mt=video%2Fmp4&vs=1280x720&msm=1&aits=15%2C0%2C18%2C22%2C37%2C692%2C59%2C309%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.n0~atrd.n5~vil.13s&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:401b:806::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 27 Jan 2024 23:27:50 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
steamru.org/	1970-01-21 03:25:53	Name: _pk_id.steamru.org.f8d7 Value: 11f74a79525472b3.1706398067.
steamru.org/	1970-01-20 17:59:59	Name: _pk_ses.steamru.org.f8d7 Value: 1
.steamru.org/	1970-01-21 03:21:34	Name: __gads Value: ID=f5296273b3153cd5:T=1706398067:RT=1706398067:S=ALNI_MZgEym56QXfQuHgB2TfyYEv1bUj-g
.steamru.org/	1970-01-21 03:21:34	Name: __gpi Value: UID=00000dba8189bd79:T=1706398067:RT=1706398067:S=ALNI_Mbh6U44mTsWDoQ5-63bxkNWSXYQjA
.doubleclick.net/	1970-01-21 03:35:58	Name: IDE Value: AHWqTUkeAIy4YKH0HcU2Z_EkQKneL-sqGct04HU8pKLIEKFfdzu-iYx4C9rWFDMTFVQ
.everesttech.net/	1970-01-21 02:45:34	Name: everest_g_v2 Value: g_surferid~ZbWRdAAAktMbNgA9
.adkernel.com/	1970-01-20 18:20:07	Name: ADK_EX_11 Value: 1
.adkernel.com/	1970-01-20 18:43:10	Name: ADKUID Value: A5701986629722888711
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA129Yx0LwwwiDcwTDGMLwzwTvOMCMksDQUAZPBuZx4AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjG0MLCwNDU3NTQ1sjAyNDE1NRXiM9T1LTAPLDHO8SvI8MgDADWtNwUlAAAA
.rfihub.com/	1970-01-21 03:21:34	Name: rud Value: H4sIAAAAAAAA_-MSNjG0MLCwNDU3NTQ1sjAyNDE1NRXiM9T1LTAPLDHO8SvI8MgDADWtNwUlAAAA
.rfihub.com/	1970-01-21 03:21:34	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA129Yx0LwwwiDcwTDGMLwzwTvOMCMksDQ3iNTQ3MDO2tDAwswBSrxiR-SYGAFOnURw9AAAA
.zemanta.com/	1970-01-21 02:45:34	Name: zuid Value: hID-1OUGMDNFY3zZezns
.mfadsrvr.com/	1970-01-21 03:35:58	Name: tuuid Value: 99ab625c-c594-4580-a3c1-5e181367732a
.mfadsrvr.com/	1970-01-21 03:35:58	Name: c Value: 1706398068
.mfadsrvr.com/	1970-01-21 03:35:58	Name: tuuid_lu Value: 1706398068
.w55c.net/	1970-01-21 03:31:38	Name: wfivefivec Value: NrN7uKMO1RtS5u5
.doubleclick.net/	1970-01-20 22:19:10	Name: APC Value: AfxxVi5GDMy5p7B72Hf3BeBjwCs1uQojQ9KFmMFiRrwnfQ9-BHcnNA
.w55c.net/	1970-01-20 18:43:10	Name: matchgoogle Value: 5
.mfadsrvr.com/	1970-01-21 03:35:58	Name: ssh Value: !google,1706398068
.googleadservices.com/	1970-01-20 20:09:34	Name: ar_debug Value: 1
.simpli.fi/	1970-01-21 02:47:00	Name: suid Value: 838BF3203D0A4169B3E72A9CAA9B3807
.mookie1.com/	1970-01-21 03:28:46	Name: id Value: 10603373481083707024
.mookie1.com/	1970-01-21 03:28:46	Name: mdata Value: 1\|10603373481083707024\|1706398068976
.mookie1.com/	1970-01-21 03:28:46	Name: ov Value: 9cf3a527fa227b1bb06dc9f383b7042f
.steamru.org/	1970-01-21 02:45:34	Name: FCNEC Value: %5B%5B%22AKsRol_nxSXWfALqYHqzYHV40m8jmtNfAyi6odyzAmOhErQ_APAWBuN7Dp3LLm69wRjer-RhmI6MujjZC-6skEKN90dlWseGHRrhAqfbm65AnfqdtkI6mm9IZT5nG0AQE_InnZTUQK48td9z8EWOloTkxxWWmKD_gg%3D%3D%22%5D%5D
.linkedin.com/	1970-01-21 02:45:34	Name: bcookie Value: "v=2&f5828952-31e5-4db9-8204-b8340547ce07"
.linkedin.com/	1970-01-20 18:01:24	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3181:u=1:x=1:i=1706398069:t=1706484469:v=2:sig=AQFSB-_-Ws3rWJBAYWoFQJR0-X4y1Wss"
.travelaudience.com/	1970-01-21 03:31:38	Name: _tracker Value: %7B%22UUID%22%3A%226DBE0985-7CEC-48D7-147E-4781CEC3912C%22%7D
.send.microad.jp/	1970-01-20 20:09:34	Name: TR Value: b9c7a858d75fdb7eeef7913de34647dc6ec809637be584c6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.rfihub.com
ads.travelaudience.com
aid.send.microad.jp
b1sync.zemanta.com
bid.g.doubleclick.net
cm.g.doubleclick.net
csi.gstatic.com
dis.criteo.com
dsp.adkernel.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
imasdk.googleapis.com
odr.mookie1.com
pagead2.googlesyndication.com
pm.w55c.net
px.ads.linkedin.com
r1---sn-ab5l6nkd.c.2mdn.net
rtb.mfadsrvr.com
steamru.org
sync-tm.everesttech.net
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
151.101.130.49
172.253.115.155
172.253.62.157
174.137.133.49
185.197.162.100
199.38.167.130
202.233.84.1
2607:f8b0:4004:c06::84
2607:f8b0:4004:c08::9a
2607:f8b0:4004:c09::64
2607:f8b0:4004:c09::9b
2607:f8b0:4004:c0b::68
2607:f8b0:4004:c17::5e
2607:f8b0:4004:c19::5f
2607:f8b0:4004:c1b::9b
2607:f8b0:4004:c1d::5e
2607:f8b0:4004:c1d::5f
2607:f8b0:4004:c1d::65
2607:f8b0:4006:3::6
2620:1ec:21::14
2a00:1450:401b:806::2003
35.190.0.66
35.190.90.30
35.194.66.159
35.207.24.140
54.172.223.177
64.202.112.159
74.119.119.150
010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f7117552215c414051f7988c192d015a2b856416c3cdec862b4970c6e38a02f
1823628260d774c4140e1292b3f76a4cf7e8c0f2de7813a5edf004f10143089d
19bcf810ca76bba00d33fbd0961ccc7ab4284d277fb4b8102a98196937eaaa74
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
2637a31a8f62a0693bf869ff58df91303107cd1b77bef46e1bd1a7bc3e923100
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d58b699459d54bb543663253e1ddae7f7241fd95d6ac1656674193e89d37902
31210beb87f1b77e9ef23707c769dcc96ee44a3b5e8d0a2d7ec9e23c30dbf236
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
325f25191af82345cc615c820126c663f55ee865ccb8c6f033e11ee57085617a
3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8
42bdc8be707a3160e4ca817e0349d283d03dfefa2c14ce4f87dbb92b0e2d207c
47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d621f523e84eb7af66e3daba984f5ee4ab9257e301462577c3c66582c880ab0
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
61057e8b815d1dfe96ee0e8d59798fd5c20edc0019b4c0e9572aacd7c6152df2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f46e41c0e571f85cb2faba1bdf6a00930c87431b14911955b6fd39dfe789e6
649daaa9eb301a26117c6f6ae4283440fc79a390c63d2a56fd9d8cceb452e5a6
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6b00e8dba5fb8c6bdb88075a0ef6ae26d968e8da28e11edd59f252678afd0387
6ba916ef9ef3f7b8f93b80489785494dd4f6b56d62dadaebdf59d537b9971f5a
71a82ae697abb06005b913a8c5f2310cbf6fd4623a5a517ebdf51ea8b7aa1787
7b5a1e613e6f932713b55194ec6c4915e7dbb14414884ca0874ca360711a46d7
7c2ec9602be045040cd3507d282ad447a6d4fa12cc53d596017334bbbf146340
7f4972b6f7feb7a2dd6f98c8ea06df115dc3c07dca4efe0c0114ac85ddac47d4
905eca7579a383a52583291e853f6c4381c6b21d2ccfca39c7e640dc2fbf5b5e
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
9801e0013bd99b2ad6ab766ab32a2a4df388494cae3d615785f33b9081f626dd
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9a886adbe15add3ec3eb5ed564419a60981a0a2bb266efc369417df69c1f1064
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9f9d5ec3ccdec1101e064ede60374e10adbfca8935fe3643a79d5b10c93125e1
a0eb9cd9c6fdcd21b05aa46b1d70c046caa99432dd6d66807574c1431294fe4c
a0faf57f67b15b6fe8e306b6cba1dcbeb408c3b45174dea2b03e9196ef56763f
a5ae0684c5c8dccf006dedb7fe31ccf960353009d5dfcce47cb82666d63536ae
a8fcf6605dc44f9b2b7cd65ce594db86a9f7a06f3efc07a984148c8ce388ca30
aa6670cd216514598e9395fb4bcaeecbd3d8bdd4bb541cc63ac995cf0308585e
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad2c7743dd9bc36fddc94629ae056c0266b18936b7618fd2b6d0e7aafbebb9f7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb4a55b2c64b26cf3c6462ab47583eb2f3d958fd3f53fc0eaa4adc19b908bdec
c171aab532418b986c7922d736f71bbaa247e7971a0a104ef4c2f75cc028d3af
c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303
c4d7e5206dcc56e99111becf93e677886281cbac4d116aecad4adacf1a28d3c7
cb9df5a45c9123b1a7783ba5d72c2db91e92dafe11f40ddbf6b84062f35aa490
cd9539a378e34ee797617f52224a2a09c944f88194021df588504325b5eb7d96
ceb22a291b1ac8ce47c5deb028398258b0538176297909ee1b8f52b9837648be
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d5b523fbbd545c0bd8a1d22b64bb9971416b715149757afddb2946d4724ada82
d946ffde37c91cf0e3d554acc1ce0b39604fb40e30560ce22d8a706aaeb6dfbb
d95ffdcf010d6749281f6cd27c3a5f9c856d4b5590cee285f4b4fdbebce22b4c
dc7325c96e16eb5b2cbb984ea03282ae0ac08cd9ba514a9861563f643e64a4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

steamru.org Open in urlscan Pro 185.197.162.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

118 Requests

89 %HTTPS

50 %IPv6

21 Domains

29 Subdomains

18 IPs

4 Countries

1209 kBTransfer

3742 kBSize

30 Cookies

0 Outgoing links

Page URL History

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

steamru.org Open in urlscan Pro
185.197.162.100 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

89 %
HTTPS

50 %
IPv6

21
Domains

29
Subdomains

18
IPs

4
Countries

1209 kB
Transfer

3742 kB
Size

30
Cookies

118 HTTP transactions
3 data transactions