steamru.org Open in urlscan Pro
185.197.162.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://steamru.org/
Effective URL:
https://steamru.org/
Submission: On December 19 via api (December 19th 2023, 6:40:46 pm UTC) from US — Scanned from DE

Summary HTTP 194 Redirects Behaviour Indicators

Summary

This website contacted 41 IPs in 8 countries across 33 domains to perform 194 HTTP transactions. The main IP is 185.197.162.100, located in Latvia and belongs to THREE-W-INFRA-AS -- TRANSIT --, NL. The main domain is steamru.org.
TLS certificate: Issued by R3 on November 30th 2023. Valid for: 3 months.

This is the only time steamru.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	185.197.162.100 185.197.162.100	60144 (THREE-W-I...) (THREE-W-INFRA-AS -- TRANSIT --)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
12 21	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
5 11	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 8	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1 2	52.51.211.154 52.51.211.154	16509 (AMAZON-02) (AMAZON-02)
29	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	52.28.254.225 52.28.254.225	16509 (AMAZON-02) (AMAZON-02)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	34.160.236.64 34.160.236.64	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:4dc8:bb9c:b52c:3b27	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
3	2600:9000:20a... 2600:9000:20ab:a000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	72.246.169.24 72.246.169.24	16625 (AKAMAI-AS) (AKAMAI-AS)
8	2600:1f18:1ac... 2600:1f18:1aca:4281:55e6:37cb:1c:63b	14618 (AMAZON-AES) (AMAZON-AES)
4	138.201.135.164 138.201.135.164	24940 (HETZNER-AS) (HETZNER-AS)
1 4	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1	3.9.151.155 3.9.151.155	16509 (AMAZON-02) (AMAZON-02)
1 2	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:f518:22e7:3421:18e4	16509 (AMAZON-02) (AMAZON-02)
1	3.73.141.43 3.73.141.43	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2.19.217.101 2.19.217.101	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	52.222.139.62 52.222.139.62	16509 (AMAZON-02) (AMAZON-02)
1	18.239.50.47 18.239.50.47	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	35.177.175.102 35.177.175.102	16509 (AMAZON-02) (AMAZON-02)
194	41

6 185.197.162.100 (Latvia) 1 redirects

ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL)
PTR: vps15026.ua-hosting.company

steamru.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.250.186.98 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.64.151.101 (United States) 5 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.171.85 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.211.154 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-211-154.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.254.225 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-254-225.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.236.160.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:4dc8:bb9c:b52c:3b27 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20ab:a000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.246.169.24 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-24.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4281:55e6:37cb:1c:63b (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.135.164 (St. Ingbert, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.135.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.90.238 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.9.151.155 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-151-155.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.148.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:f518:22e7:3421:18e4 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.73.141.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-141-43.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.217.101 (Prague, Czech Republic) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-217-101.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-62.ams50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.50.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-50-47.ams58.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.177.175.102 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-175-102.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	605 KB
42	doubleclick.net 13 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 98422	197 KB
29	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	2 MB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	104 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	8 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	82 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37721 hal900019.redintelligence.net — Cisco Umbrella Rank: 277154	39 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	6 KB
6	steamru.org 1 redirects steamru.org	26 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93	1 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 773 r.turn.com — Cisco Umbrella Rank: 3570	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	258 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 24395 api.webgains.io — Cisco Umbrella Rank: 59842	19 KB
3	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 47317 medialead.de — Cisco Umbrella Rank: 46843	851 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	154 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1299	495 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	2 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 61264	419 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 550	363 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 336	146 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	762 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 711	98 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 749	463 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 13930	703 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 49821	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 128498	923 B
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 638	572 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1771	297 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1226	204 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5555	551 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 49153	613 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	149 B
194	33

	Domain	Requested by
37	pagead2.googlesyndication.com	steamru.org pagead2.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
29	s0.2mdn.net	steamru.org s0.2mdn.net googleads.g.doubleclick.net
22	tpc.googlesyndication.com	steamru.org googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
21	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com steamru.org googleads.g.doubleclick.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
8	dt.adsafeprotected.com	googleads.g.doubleclick.net steamru.org
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
6	www.gstatic.com	steamru.org googleads.g.doubleclick.net
6	steamru.org	1 redirects steamru.org
4	hal900019.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900019.redintelligence.net
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900019.redintelligence.net
4	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.googletagservices.com	steamru.org googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	fonts.googleapis.com	steamru.org googleads.g.doubleclick.net hal900019.redintelligence.net
3	static.adsafeprotected.com	fw.adsafeprotected.com googleads.g.doubleclick.net
3	ad.doubleclick.net	steamru.org googleads.g.doubleclick.net
2	api.webgains.io	analytics.webgains.io
2	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	5994599.fls.doubleclick.net	1 redirects steamru.org
2	pv.medialead.de	hal900019.redintelligence.net googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	steamru.org
2	pm.w55c.net	2 redirects
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	fw.adsafeprotected.com	1 redirects steamru.org
1	adservice.google.com	5994599.fls.doubleclick.net
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	x.bidswitch.net	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	www.awin1.com	googleads.g.doubleclick.net
1	medialead.de	1 redirects
1	track.webgains.com	steamru.org
1	adv.office-partner.de	hal900019.redintelligence.net
1	tags.bluekai.com	googleads.g.doubleclick.net
1	ag.innovid.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
194	46

This site contains no links.

Subject Issuer	Validity	Valid
steamru.org R3	`2023-11-30` - `2024-02-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
*.innovid.com RapidSSL TLS RSA CA G1	`2023-03-15` - `2024-04-14`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-11` - `2024-12-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://steamru.org/
Frame ID: 832705DFA75257E31C5400FB61870BE1
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world
Frame ID: BE061040127D2B934766E6DF2F319C37
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&adk=1812271804&adf=3025194257&lmt=1703011241&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fsteamru.org%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242041&bpp=2&bdt=264&idt=228&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=410371231247&frm=20&pv=2&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245
Frame ID: 04301CF31502314568376CB74B8071C5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Frame ID: 1859E2ED364635AC19EAC89DAE4711BD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=280&adk=3809598800&adf=854766408&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x280&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1917&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=4
Frame ID: A0140A74A8F6338BA850C21104047C44
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Frame ID: 322E78E87CF435D8CF6C760662603E0C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: DF476AEC011EE8C59051E8BC0F738A0A
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: A6F4FB822CFCDEFF079A1225F4C6EB07
Requests: 1 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Frame ID: 86B0846EABAD70C7DCD7D65EB605FF53
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGK7gpYECMAE&v=APEucNXSoK8t27BayPaPhXLwN5VEuZ_744wO-vV3pHeE588DECa_rlZlHwXJIIGJv4U5xgGFJCFQLJPkmbs4zcDtC81FgQoWCycUC7boTBVvshc-9C83DJY1er8rdhzXlK8MLlJnuczAmkfEoRALsyKtcR8naxu70XI8x59KSpBmRP1fciuPNA0
Frame ID: 46807A515D2B8B2BD46A4D73EBB561C1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 95D177E98DAE2D85BFE0FB66B3C9BE05
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6CE9143FA002025AB77665E4061E3ACA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js
Frame ID: 1978A0F490EF5A43DAC3B620EC6745E2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F36440A4BF576445A161BCCA2F0F6B56
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmR064CEPvCzOgCGPTP3d4BMAE&v=APEucNXpzV5Tgu8CyNUIovhjcNWgemDj12syaWsx9VN02Jm4ngVV6zck6Bj_TZ5Tm5IddxHIVENHR_Cz2fyVDxagsl9_Bb1AP09OfDOPtTOOOXYt0_4iyD6xw109TohWElnBBZGOctM34Q-e9ipw3W1j9uap2E1xqOCf66Ml_eX4bEYvvsF2uIU
Frame ID: 3BE6363FCBD57BED6B1166BA977A06B3
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: 97AC3FEC9282AB081C46A7A53152ADFD
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9E0363830DBB2CD825133CA823DCFDF0
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C26C7A3E9B47FD8A2B3BDCB8D68C8B9F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
Frame ID: A6EBC9AD6F949BF96992BA399A82FB28
Requests: 21 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
Frame ID: 7D2BAD2F0194E6F4E8863A456DB13C2B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUQE8XnLmTSIssk9WsczF2IFG3gbvq6JN9FB_zBUoMrpIrFXRaN06oeh0_vyc6SZZa8eslG6Z0V5magtAsBQHHnhDN8yacrjfc_M7dVPGlyWExwKaN2xNNdWmnP53hz3KC2pJ1fV7noLvc2e9EvpglUkWhF-tZRJZ1RyAvcGVdyKXWnLuI
Frame ID: 048C2915F067B837A38EA71D4758EDA7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: E2DFE701112BB3102D13FDB0F32A7ABE
Requests: 21 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 72EF51AD0CB1AF8C43305AD19042D4BC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: C35F39C83DD124D2729D356B17AC9FE0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9D69392B3B709E1D7CA415D9BF634890
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 30ECBAEAE52A960BCF7B9F46E129AC25
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 69ABD84A20FD810DE75048B2AC84C85A
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11
Frame ID: 85F8E5619E6141F127040038DD56A6A5
Requests: 2 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Frame ID: FDFA4BD21FFBF6A4A23092C2A48506EF
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DA081EE84A4092D8EC3BF7A3D7D64D04
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 92409A3ADACA1BA9766A3535ECAD8C75
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7438EFA14FC547A87A93DBCF0E238EA2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

STEAM: клуб пользователей

Page URL History Show full URLs

http://steamru.org/ HTTP 301
https://steamru.org/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

194
Requests

89 %
HTTPS

40 %
IPv6

33
Domains

46
Subdomains

41
IPs

8
Countries

3702 kB
Transfer

6811 kB
Size

30
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://steamru.org/ HTTP 301
https://steamru.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1&C=1

Request Chain 44

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENquHfcJdwk0TnrIkNnjcoE&google_cver=1

Request Chain 45

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI1-8Tahrl48E5GVspcGMfM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEI1-8Tahrl48E5GVspcGMfM%26google_cver%3D1

Request Chain 46

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA2MTU1NjAwMzg1ODYxOTgx

Request Chain 51

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 73

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI03w3WznnEMzL1RuVpNgMo&google_cver=1&google_push=AXcoOmTH9RqHk5lYzAYCiYtPIs_x2xz2KCq-RoPQSdAVqcLmA3_ggy6_WD05phqhp-qS1V9Twz1ncKviHZSaT0pGd8xmQ4tm0qicH0o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgyODk5MTkxODEwNjc3NjIxMA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1

Request Chain 74

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76AodOxvQLerNyNZFUxCWPp9ndfgWvAfBRf409BFJRIgrmJDugMwwTyJsQEo HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76AodOxvQLerNyNZFUxCWPp9ndfgWvAfBRf409BFJRIgrmJDugMwwTyJsQEo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NHNtT1hmQzIxUmZGMWg1&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76AodOxvQLerNyNZFUxCWPp9ndfgWvAfBRf409BFJRIgrmJDugMwwTyJsQEo

Request Chain 76

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOo7blxSjoJvJgSE4klLKoE&google_cver=1&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSWsc6vZoKLf5mtXOGWZMb8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSWsc6vZoKLf5mtXOGWZMb8&google_hm=uFMODrCLQ5yn-Ca9j-Nkk6U

Request Chain 77

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHjjhSm6v7dQBPaZ4DHXDR4&google_cver=1&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYFulJF5UY4bsUScQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lkyCs1jRQB4qEYnoUoQTPA&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYFulJF5UY4bsUScQ

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1

Request Chain 86

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZSbTGm4zlOvg9lScRViM&google_cver=1

Request Chain 88

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

Request Chain 120

https://fw.adsafeprotected.com/rfw/st/1883736/77184607/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015453222&ias_pubId=pub-2147948657389864&ias_chanId=1&ias_placementId=20852133819&bidurl=https://steamru.org/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h60s_LPFxnQAmdOVBqmsuG&adsafe_url=https%3A%2F%2Fsteamru.org&adsafe_type=g&adsafe_url=https%3A%2F%2Fsteamru.org%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-2147948657389864%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&adsafe_type=be&adsafe_jsinfo=,id:80871d69-5dc9-951e-d002-b032d711ebcb,c:xh0gf3,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-k24cp,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:145,mot:0,app:0,maw:0,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:161,oid:1d980f12-9e9e-11ee-b444-7e79c8456a05,v:19.8.466,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1

Request Chain 125

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBVUFEv8d-0MO854FBkzd7M&google_cver=1

Request Chain 127

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

Request Chain 152

https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 158

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11

Request Chain 160

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 164

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1&google_push=AXcoOmRa9SuQkMRqlF439EFQC7cliW-tK2DDZr9cKBDerEIRlwXyJ7r1v8lRJEqA9v-7sG-gfzfzj2ezcWN_U56T9ErYSTTKqJ_P0i0Zw_D-_zySDL3qhd4I3l4tPeAWHKpM7iL-e1jK8p4kv_xKJHG0Zc9VEg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgyODk5MTkxODEwNjc3NjIxMA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1

Request Chain 167

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDhxRbMyKaVrfjmVC4tfcrU&google_cver=1&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd4ADV3EoXGrAKAZxqlXqvKENDy_wsi9ETnnwTnnFoT8kQouo7qCf4zCRzlvAXMAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd4ADV3EoXGrAKAZxqlXqvKENDy_wsi9ETnnwTnnFoT8kQouo7qCf4zCRzlvAXMAA&google_hm=eS13aDcwY3BkRTJwSFEueVhwUExMZzRHZGdxZ28zcHIzen5B

Request Chain 170

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOQIhzZr1X1bqruOAsRmj6Y&google_cver=1&google_push=AXcoOmQlKs5tSP45c5-3OIGA9jakUymUQ9WVpoE6vZ56J3K6ZYz3cTa8APg3_IVE_a0HZPIEamJd9iDCqacjv3NVTRPYqKjo_vwKjbT08U9jteYwUXCCpanW2y4nc-T6lNJAZ5H4SWQVLcXhfn_1_IWlP8AICnI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQlKs5tSP45c5-3OIGA9jakUymUQ9WVpoE6vZ56J3K6ZYz3cTa8APg3_IVE_a0HZPIEamJd9iDCqacjv3NVTRPYqKjo_vwKjbT08U9jteYwUXCCpanW2y4nc-T6lNJAZ5H4SWQVLcXhfn_1_IWlP8AICnI HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

194 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
steamru.org/
Redirect Chain

http://steamru.org/
https://steamru.org/

16 KB
5 KB

135ms
75ms

Document
text/html

185.197.162.100
THREE-W-INFRA-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

59385ae49bf5fa9dc2f4f9d8eadd4586a0b5573cde21be5e289b6a8a0ee6d400

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 19 Dec 2023 18:40:41 GMT
last-modified: Tue, 19 Dec 2023 18:40:41 GMT
server: nginx
strict-transport-security: max-age=31536000;
vary: Accept-Encoding
x-ua-compatible: IE=edge

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Tue, 19 Dec 2023 18:40:41 GMT
Location: https://steamru.org/
Server: nginx

GET
H2 200 style.min.css
steamru.org/themes/ 10 KB
3 KB 29ms
29ms Stylesheet
text/css 185.197.162.100
THREE-W-INFRA-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/themes/style.min.css

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

aa6670cd216514598e9395fb4bcaeecbd3d8bdd4bb541cc63ac995cf0308585e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:41 GMT
strict-transport-security: max-age=31536000;
content-encoding: gzip
last-modified: Thu, 19 Apr 2018 04:04:42 GMT
server: nginx
etag: W/"5ad8155a-27c2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 81ms
34ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d95ffdcf010d6749281f6cd27c3a5f9c856d4b5590cee285f4b4fdbebce22b4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 19 Dec 2023 18:40:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 19 Dec 2023 17:57:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Dec 2023 18:40:41 GMT

GET
H2 200 a.js Show response
steamru.org/js/ 158 B
386 B 30ms
29ms Script
application/javascript 185.197.162.100
THREE-W-INFRA-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/js/a.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

9a886adbe15add3ec3eb5ed564419a60981a0a2bb266efc369417df69c1f1064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:41 GMT
strict-transport-security: max-age=31536000;
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 11:37:48 GMT
server: nginx
etag: W/"5f96b50c-9e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 140ms
93ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: steamru.org
URL: https://steamru.org/js/a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b0051875d649286101f19e6ce9a14451c0c32638fc91cbe486e5db4dcbb3433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51398
x-xss-protection: 0
server: cafe
etag: 6423420415918085068
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:41 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d621f523e84eb7af66e3daba984f5ee4ab9257e301462577c3c66582c880ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pwk.phtml Show response
steamru.org/ 51 KB
18 KB 59ms
59ms Script
application/javascript 185.197.162.100
THREE-W-INFRA-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/pwk.phtml

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

7f4972b6f7feb7a2dd6f98c8ea06df115dc3c07dca4efe0c0114ac85ddac47d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:41 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
last-modified: Fri, 29 Sep 2023 22:17:51 GMT
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31622400

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 73ms
26ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 35192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 08:54:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 67ms
20ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 00:01:51 GMT
x-content-type-options: nosniff
age: 67130
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 00:01:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 90ms
46ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:02:12 GMT
x-content-type-options: nosniff
age: 38309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9576
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 08:02:12 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 84ms
42ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://steamru.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 05:12:10 GMT
x-content-type-options: nosniff
age: 48511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 05:12:10 GMT

POST
H2 200 pwk.phtml
steamru.org/ 43 B
163 B 30ms
29ms Ping
image/gif 185.197.162.100
THREE-W-INFRA-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://steamru.org/pwk.phtml?action_name=STEAM%3A%20%D0%BA%D0%BB%D1%83%D0%B1%20%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D0%B5%D0%B9&param01=steamru.org&rec=1&r=019103&h=19&m=40&s=41&url=https%3A%2F%2Fsteamru.org%2F&_id=054610f884ba66fd&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=acMlUS&pf_net=61&pf_srv=75&pf_tfr=1&pf_dm1=96

Requested by

Host: steamru.org
URL: https://steamru.org/pwk.phtml

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.197.162.100 , Latvia, ASN60144 (THREE-W-INFRA-AS -- TRANSIT --, NL),

Reverse DNS

vps15026.ua-hosting.company

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://steamru.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

date: Tue, 19 Dec 2023 18:40:41 GMT
strict-transport-security: max-age=31536000;
server: nginx
x-robots-tag: noindex, nofollow
content-length: 43
content-type: image/gif

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2147948657389864&plah=steamru.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be4d053e45e01dd979efed6ec7650927c1d64658a04123c6068175b252582744

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137959
x-xss-protection: 0
server: cafe
etag: 2617377473778482580
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:42 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame BE06 9 KB
4 KB 72ms
22ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 03:23:22 GMT
etag: 12700215250743596434
expires: Tue, 02 Jan 2024 03:23:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0430 254 KB
65 KB 487ms
486ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&adk=1812271804&adf=3025194257&lmt=1703011241&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fsteamru.org%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242041&bpp=2&bdt=264&idt=228&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=410371231247&frm=20&pv=2&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2147948657389864&plah=steamru.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1170e5ad25efe380f59e1be8fdba17edf8fd30a7ef495bfb3c258f5bce2eec29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 66010
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:42 GMT
expires: Tue, 19 Dec 2023 18:40:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&cls=navigation&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0430 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20231207&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&adk=1812271804&adf=3025194257&lmt=1703011241&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fsteamru.org%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242041&bpp=2&bdt=264&idt=228&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=410371231247&frm=20&pv=2&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41448ce4891ad73962363ab2f22c05a38d45c057a987752611ae74cbb29b49e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56012
x-xss-protection: 0
server: cafe
etag: 7719666273244323917
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:42 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1859 122 KB
47 KB 426ms
426ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1c82318a8caff5ec91652b4e667837c6568ebc4a1b942e72a13c2cf11520fad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 48219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Tue, 19 Dec 2023 18:40:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A014 718 B
383 B 315ms
315ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=280&adk=3809598800&adf=854766408&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x280&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250&nras=3&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1917&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cc2754efacf022e129de434cd25c825599899c59e1b2052144716a31024f471

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 358
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Tue, 19 Dec 2023 18:40:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 322E 33 KB
14 KB 702ms
701ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4bc3445fadd67604273cc7409380f0b1ea5e99e39702dd6dee254762c8029bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14159
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Tue, 19 Dec 2023 18:40:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame DF47 9 KB
4 KB 24ms
23ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63072
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 01:09:30 GMT
etag: 12700215250743596434
expires: Tue, 02 Jan 2024 01:09:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame A6F4 9 KB
4 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63072
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 01:09:30 GMT
etag: 12700215250743596434
expires: Tue, 02 Jan 2024 01:09:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame DF47 4 KB
767 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 19 Dec 2023 18:40:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 19 Dec 2023 17:01:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Dec 2023 18:40:42 GMT

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame 86B0 9 KB
4 KB 140ms
22ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 01:04:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 18 Mar 2024 01:04:19 GMT

GET
H2 200 d500f8b303efba9f5ab695bab8da4c89.js Show response
www.gstatic.com/mysidia/ Frame 86B0 20 KB
8 KB 163ms
46ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d500f8b303efba9f5ab695bab8da4c89.js?tag=pingback

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

658763708a45d3b028477e7bde12bf3da7292317c8f82c01131600f89052ef53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8365
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 18 Mar 2024 09:02:10 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 86B0 14 KB
1 KB 30ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 19 Dec 2023 18:40:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 19 Dec 2023 17:20:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Dec 2023 18:40:42 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 86B0 2 KB
875 B 167ms
51ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:16 GMT

GET
H2 200 92da1c8e4790a69c4d76e84ba2e3001c.js Show response
www.gstatic.com/mysidia/ Frame 86B0 6 KB
2 KB 153ms
37ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/92da1c8e4790a69c4d76e84ba2e3001c.js?tag=analytics_pingback_2019

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2259
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 20:31:18 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 86B0 23 KB
9 KB 159ms
44ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 86B0 3 KB
1 KB 166ms
50ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:15:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 86B0 20 KB
9 KB 137ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17488
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:15 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86B0 203 KB
65 KB 145ms
29ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 86B0 37 KB
15 KB 139ms
24ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103440
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 13:56:43 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame DF47 16 KB
7 KB 139ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 03:25:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 03:25:40 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DF47 205 B
295 B 159ms
47ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:54:46 GMT
x-content-type-options: nosniff
age: 35157
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 18 Dec 2024 08:54:46 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DF47 604 B
919 B 148ms
36ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 02:54:34 GMT
x-content-type-options: nosniff
age: 56769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 18 Dec 2024 02:54:34 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame DF47 22 KB
9 KB 139ms
27ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 02:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 02:25:36 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4680 624 B
246 B 60ms
59ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGK7gpYECMAE&v=APEucNXSoK8t27BayPaPhXLwN5VEuZ_744wO-vV3pHeE588DECa_rlZlHwXJIIGJv4U5xgGFJCFQLJPkmbs4zcDtC81FgQoWCycUC7boTBVvshc-9C83DJY1er8rdhzXlK8MLlJnuczAmkfEoRALsyKtcR8naxu70XI8x59KSpBmRP1fciuPNA0

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Tue, 19 Dec 2023 18:40:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 95D1 89 KB
31 KB 126ms
125ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 95D1 3 KB
1 KB 151ms
52ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:15:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 95D1 20 KB
8 KB 138ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17488
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:15 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 95D1 203 KB
64 KB 161ms
63ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95D1 42 B
63 B 50ms
50ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-As0dGXybnYzGfCz2du--jZLwhc1TySGR4nFxEegt4IlJnVot8g2eT4oGbb-BsaGLCsyh-qYNSz-pA9Yh49PFeMAVcya_Qvu3BuiNlJcvtq9WguLkM

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4680
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1&C=1

43 B
772 B

61ms
61ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGK7gpYECMAE&v=APEucNXSoK8t27BayPaPhXLwN5VEuZ_744wO-vV3pHeE588DECa_rlZlHwXJIIGJv4U5xgGFJCFQLJPkmbs4zcDtC81FgQoWCycUC7boTBVvshc-9C83DJY1er8rdhzXlK8MLlJnuczAmkfEoRALsyKtcR8naxu70XI8x59KSpBmRP1fciuPNA0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BN6HE71UVeT5mLZW%2Fmgrw97tvWqS1ynp3Um%2Fo7v8cQ2ypQKwoCwea%2BmYUelj9JOBVnYtX4bRHsLxAixMFuDpJWDwK8ETVe0RFjmQnb1X9rlRNJ01W7DVPyo683%2BJ2RqIUvyht0TCOO4fqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c68e5e2b453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otmZVLGrZFqFHHxB8RpXochfm0VJ3IjSWzZk0FcrDUU5Z66kqSUTM4usguo%2Bvyv6sExfgBWkeLdHdpQ1hImGEM2J5rY8iksql5AxyMAKRPBtUDntiij%2B7DlV6%2F2s5srw3xvQU3M9bfLl8g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEGKMcAonXv9qUTLUNjfCBuo&google_cver=1&C=1
cache-control: no-cache
cf-ray: 8381c68ded19453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4680
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENquHfcJdwk0TnrIkNnjcoE&google_cver=1

43 B
735 B

70ms
69ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENquHfcJdwk0TnrIkNnjcoE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGK7gpYECMAE&v=APEucNXSoK8t27BayPaPhXLwN5VEuZ_744wO-vV3pHeE588DECa_rlZlHwXJIIGJv4U5xgGFJCFQLJPkmbs4zcDtC81FgQoWCycUC7boTBVvshc-9C83DJY1er8rdhzXlK8MLlJnuczAmkfEoRALsyKtcR8naxu70XI8x59KSpBmRP1fciuPNA0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sQwQU9GFb6yQ0kXCe%2FO36K4sxIBSi2NcMCuNq1KOpuDbV6iokpmdKP3%2F8iidtbIxPQoF%2BCVxtoyUhB3XZafVLWTnH4OixNitxEglBZG%2F4HgJtWphwWhib%2FWDHjWPFJgDjhISsbGEoJi8FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c68ebef7453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENquHfcJdwk0TnrIkNnjcoE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 4680
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI1-8Tahrl48E5GVspcGMfM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEI1-8Tahrl48E5GVspcGMfM%26google_cver%3D1

43 B
893 B

67ms
66ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEI1-8Tahrl48E5GVspcGMfM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGK7gpYECMAE&v=APEucNXSoK8t27BayPaPhXLwN5VEuZ_744wO-vV3pHeE588DECa_rlZlHwXJIIGJv4U5xgGFJCFQLJPkmbs4zcDtC81FgQoWCycUC7boTBVvshc-9C83DJY1er8rdhzXlK8MLlJnuczAmkfEoRALsyKtcR8naxu70XI8x59KSpBmRP1fciuPNA0

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: c8c287ed-9f08-4ad1-95ab-bb787b4e6c44
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: 586bc799-13f5-447a-b6ef-9eaa2d0d9441
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEI1-8Tahrl48E5GVspcGMfM%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4680
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA2MTU1NjAwMzg1ODYxOTgx

170 B
243 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA2MTU1NjAwMzg1ODYxOTgx

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: 97ae5d4b-a650-4735-b305-634d7a5cdb08
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA2MTU1NjAwMzg1ODYxOTgx
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95D1 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6482091276596&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95D1 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6482091276596&version=m202309260101&ct=76&x=1&cor=8967707601658678000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 95D1 109 KB
42 KB 73ms
71ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwTkTN5s5UicO2_mzkgbeO8ahMcZsg-WuRyIhe_qlh4Ax410zD5q8UQbJGZQEMybpYzVjDH03Bl3Ud3dkredkyzen0-OpHOklNxAg9xYlmCtlCmt5pErhs4boWB4lGFNLYcaKenhLexVLg6drOT1LHm90GeRybt-JTuEtefW6P2htdTSU&dbm_d=AKAmf-BMOGufqWgJQzozB8ySHlb-I5II5QpkK1mIAEyZdloTknhT1kGhEcK5zDCZrDoc6M1KKszQ5fCzVNT1QNPeScD9_rEx1B-hsRZWWiNhNtWZX9wJ2TbWfaqXL_v-mKZ2Qj_fXcm9bpb1Hkg9vMEfGJQaw3yj0MfLSe3CIn_ybpqLt-FFJQ_sLcR5SccTxExwdIwo8mM9TPGLnX5PHw7JUx1f48wEpjVz5i7Weq1Zl1T6ONkbR_V0JjTFVJRssKYNoP6x1GZ0UMKKuqBravG2Gu9tyS-0skzYBscEV9Z5gxCgq8rpu7ndhagih4JclhpM_9yETJ4mI7IfxPQtjkIevAnFKr0Fbp_pY79eG3p6zLBcqXJWQtElsssomsjn1LnTnDhdIN-Fac1Wj5GWQqyfrXQkjxiQZMijLWYSeQvGzAJ7OifEFp9pqV-sDacAtFkV-TAsZPCM5ftMHXoEOo8H2d6wc1hZnLgpU9waHHr9rKkvvIolf9jJV3y7bEZ_vmYeRZMpTsSZ93AM5tLnpu1uM4f1eAd4avPWyO3goLZATPN71EHo3-DMElTMcEThVlsL8plUY4qKkk4oEQQNZWxyZuufy5tRdihLxWsvuJEbEeb2dAAjnUYGUOsW2dsImerXVyuHgrzwAJDWkMeUpfjrUopAww2O1SKIHWrCHV_wPAQJBaqVnEDjZWv-YUrLUpQkAA4VwS6QruFCNeZGPQZuyuTw_cRq6svX4hdbsdsbTXZTRlZt-hQkxsuUui1HRYScsuDc77T6-9Rf6nFnoUX4i6o8FAJCK4rS_eVWyoMQsFpZN2hrOwoxENF6FDKcUNGz52eHlYPT4CT-szDUhGD5Ei3kj-e1yOQt5luBa-UIQWZxvAYqBrLr1wcWB1gCqDYbNfQZH6crwEuE0N8As2UsVM7VhQgL7I4-0l-3dAYgVhufy_KjfMe34jmSbVBAM4dXexvpG9znjUqsxLLnKidEvzPBh_hnFcbtU6Y_f4gsZzfYXtYMVSX2UKezSxlxZQQJcvCCWXqkatZ1ccoEUlLk2y29KwLZPN_nwqP-3nP1h8HXGkGaxU_9J90tjclhnB16u7c96dtyd32RRCs0LTzdP4xlPwVUARoTAg91eLa4iqaiJkWMCbDFXwcF6I0Hqdp-qUYPzQLF0basW4xGLeoZq9giUMZuyLJTa_j0Zy4fx1PzRX6jrm5HUu3Ito3rpJRrjVoNLljjW6U_9peBcO7KvvCPwdEon4hVXtXHesIEwk1CjUzI3J2VsSVmsT5heoNIvWbDj4XYuFnOfprQqQI66lGnsRXylmjPWZeC3eExl0ALrPmTU8VLSF2r82kYfHBbnCM1ohY2gTCU4Ix_2TNev3OAORrRrsmfdjd2kUininywDZDQ3gYZHV6Za_i_yPJrwic08uHTSZSC7Tf6LTVrj0Ix_4MG6b1t5dDSOwTQffib5ioByYJlvZD3TL-bou07Z63yjBJvGduZXgeO17E95YLWeGbj5LVbu-JbsD2g12pwPdJyZjx7ZxuHsTJhOxbZhWQ7aU1-m-Uxob9YRRzyYhQR_lYYtjfSglG1M8ZJJb5w0vSfW4BDQzpd8ktyO34abKQLFPOhTbHH7w-B0KhHQcGD6d3WFgzwVnfeVGQb6vsAkWI67DEIkoZkiDvbSvjHsD9qCiR_w9bmiLP6vhxS28c7Zf-u106Jv9eQmtmWjrUijdjmCzG3fZQkADGi9OpRSmff_jjdtaG-H7ZwWv3VgV7ai8G8LVgunOmwvuMhvdo4ubZDuLSw7MGw-u_b3q6u8E6BFnvCeUMTLWG_wB5Ui9fVqro6d7Qk4yv4mlSFCHuITMo_wREn3f1NSsqOzrjANSZUVx6M-mHWfVOIHix8MrhUZpWy2LWSQL5Dw-mi2XYyrD8BCMQKAaHie8CDQ4jUcuMr70RKclHjsh3c01xAa3a05HBjRo5QJfoyr4raCzcdb498G6Ktw4iENbzCEOYOArEbLSksmnxcDwrohYwFf7cKoS_wnQRoh5jYSYaIdJW_L97C7vDriQjlmX68OlCg3iMsc3zsA-u-ceDir3Te4zGPv33a22zO0KWYLZ9HbGh4MsPDl6Vds8M71a0q95IiXHnT39uxHJFGfw4INF2ZoNKzhhizuUx9AyKByhy9Ra3eltEdLYJ-BY2ob1dQcDrFMca99E355TecIqKMoch7y6b4Zs7iEZY7PKqbCMDxlZv8N4jRblno8tbrnSng7oUMAGoZELVbVNDHUaBoIjCILYZtPVKRu6hn-eeXl3YKcFmv6bw-SyhCEvLPEA_xs7fNKHVMorqhhHA7HlIMplMQXLp6EzqQf4yX9bfj6laTZLrwHFfDnUVM_RtBNHGyw3jefl0TGcym2ZoEFWA9CvI3xwoKFoWMX-zapxrqDegG2FZ4uRQU9_Pg0VSEd2TSww7lsyDo_jRl_a1roAy7niEJa2OUmW28Eu6iJW5FCaqIrI3Kkb5nt1vmDHdQeRaqPIml4NPf1f9RDjRdzGwC215C_KQuJdvVUOXW_LUfP9z6-GHtdK-z1MletuBpFpYOUemoHVA0rIvT--MsqB98k3Uc79oRbh4j2AYOQmqk8VESJew65vVbIN-fe3EZsak8IrvDQ0XioVcm091QUkZVJKmq92D9ApEOLxtSitaUjCEP_E2AFFzYYW4K6hJXDuUIa0o0lM0h0_DNTCuqjq7boJwUr6mFCuySrO9eemHrgxyg9zKlk50JSRlrq0uKHa-cxGpGQzar7U2MSz5uxLQBsB9Oabi5ov_SYEWhtdP1DnDC5YTF0mFr0fEgdgxQ8jtJUjP4OYfPT0_lrnIH2aq8NM8my1oqCJr8udXEkXqRbzsKFN_hac7hfQKIG2l382ZjZw2D6lMJxMoGn3hK90Y12OYCg0uyb_PxMn672GtZymqZVkeGsNtqxicrtIn8MqRCHD63HcIbIUWqEQm9TwRHJqyp5QGpnwPnBwVZGzIr9bK1rvrGlKGb9QOulVDK1pdjjHRAQaQ9aOJD-d972V05kL5cfjvHRKZgWHLteSZfLTqsath7sZh6sJLquCKZ7_cp05Wh35NaB044m1Pugi0u9NeWk4RTN9skT7kidiX-UwQywPNQa__7AoQJKDNoQZvLwXeR7X_Qtee8mleejXDPCktxGh-PbzvbZHdAN3mhdcXdMyW1I2_kKAnKfo2y3Pwv2vEfJ3iYrvFHGdmf5tn5evmz-oH5vhKN4dJkWscCFeEW_Gcfv8nmP5QPkVRI_ombeLRcyeXFfj3vAOo3TThLGztGFwQYeE3wKetlbuObXfp1dmS949mjQfxeAfl7Zfnjupy9Zbjs4oWHZwFVJKNxaMhkra4p2GzonOSPxt5Rtqimo88UZVCxWhOuWtQc6QMXoq2vNKoIwwYorR0ViProl0dIKmxLNJvxM_wBgH-OzBjne2Omr2FztfVJCCHu-sZVzWIjbW_2TAcBO_bPFGr2Y81-4rEzA5SgNQvFxxtnbsBz0pnNsusVUj5TybqjvyuzDAPHYJT4hR7VrIrEqG12wrvsJ74uZfdLDplKEhNNkkItV8JZSLMFzSkYq0q6OOJmjezsGmO2kqks4PkDYZBiaHXoV14FGFcg6NxUwlozsUNadK6JSLE4NIFT-Nu6eAbsx1q99OXVzW6aNIOGNsXp7l5Av_-594if6Y4zRnM4ifb872TszTtU_e-MaQF_sl-PnrTCnAGpA3qAdB4XpoDXwfxQb5XJ7Hut_fzL8N1uJIwpcbs9a24yjqEnGONJoZRn996NTfSC_gbe1T56pZ9qoiKhJJucMVnT11S3-uDC_TFNafbx9ZLLZYI8_tCA4NK07e3GilGwbTXJfOq5qEQN2qE4fz6rwSNM2_ACpPvjeKakz-AoBjeZd3RwSv57aCH3GPRD4ojTLnpY-U83jIBpMB_DTa0qNryZXc4lINFUJRp0nmOFkTnntKXxOk7_wBdE_zdhKNtFbrIRUOKp9OCWRJHlO1DcrcmNNcEuCt1DEVorAqeZaGAeNYmxAZjZ7sZuwFp6l_KvmYT8Klk3ZDyn9I4mKXJXlyrbXwSiPrDExhFXv90Y7wpsbuFUThN2U5TgkN8GpTnziIJQeylx4P13TszM0hMfTEH-OwCBfkAuJ67RHMjkoMZ1KvXxqraZnohlwfqXFyjHhTWDsC1XeKp1lU0qqkVU7Rtb_GWkXqggEGIKpNPofkXXgDY&cid=CAQSTwAvHhf__tI_X6zV3t7KH2IiD_lRZRxLC-ANtNV3ga5BC7JBic7nHzv5PmV0v4Mzx8KgJvkDE_0zIxpcq_LvSqei4eR1CAnBs8urE-wvA08YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fsteamru.org%2F&ds=l&xdt=1&iif=1&cor=8967707601658678000&adk=521587873&idt=131&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

31739169a388c5d4ccfbd1c40795e28ab33be327834119aa6df3ea17d0e65726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42526
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6CE9 143 B
166 B 20ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 665
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6CE9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
32ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Tue, 19 Dec 2023 18:40:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 1978 51 KB
19 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1151ef049d22f85e76d0cd7c6e431c60811fcb5935937e899d98af508328baab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 12:51:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 107377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19864
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 12:51:06 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1883736/77184607/ Frame 95D1 46 KB
12 KB 160ms
48ms Script
application/javascript 52.51.211.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1883736/77184607/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015453222&ias_pubId=pub-2147948657389864&ias_chanId=1&ias_placementId=20852133819&bidurl=https://steamru.org/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h60s_LPFxnQAmdOVBqmsuG
Requested by: Host: steamru.org
URL: https://steamru.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.211.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-211-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c16d54750f85b108bf37c9b64ccd50572a56d7f4ffe9a99726310bf35a01b8fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 95D1 111 KB
39 KB 132ms
55ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78845
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Dec 2023 20:46:38 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 95D1 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwTkTN5s5UicO2_mzkgbeO8ahMcZsg-WuRyIhe_qlh4Ax410zD5q8UQbJGZQEMybpYzVjDH03Bl3Ud3dkredkyzen0-OpHOklNxAg9xYlmCtlCmt5pErhs4boWB4lGFNLYcaKenhLexVLg6drOT1LHm90GeRybt-JTuEtefW6P2htdTSU&dbm_d=AKAmf-BMOGufqWgJQzozB8ySHlb-I5II5QpkK1mIAEyZdloTknhT1kGhEcK5zDCZrDoc6M1KKszQ5fCzVNT1QNPeScD9_rEx1B-hsRZWWiNhNtWZX9wJ2TbWfaqXL_v-mKZ2Qj_fXcm9bpb1Hkg9vMEfGJQaw3yj0MfLSe3CIn_ybpqLt-FFJQ_sLcR5SccTxExwdIwo8mM9TPGLnX5PHw7JUx1f48wEpjVz5i7Weq1Zl1T6ONkbR_V0JjTFVJRssKYNoP6x1GZ0UMKKuqBravG2Gu9tyS-0skzYBscEV9Z5gxCgq8rpu7ndhagih4JclhpM_9yETJ4mI7IfxPQtjkIevAnFKr0Fbp_pY79eG3p6zLBcqXJWQtElsssomsjn1LnTnDhdIN-Fac1Wj5GWQqyfrXQkjxiQZMijLWYSeQvGzAJ7OifEFp9pqV-sDacAtFkV-TAsZPCM5ftMHXoEOo8H2d6wc1hZnLgpU9waHHr9rKkvvIolf9jJV3y7bEZ_vmYeRZMpTsSZ93AM5tLnpu1uM4f1eAd4avPWyO3goLZATPN71EHo3-DMElTMcEThVlsL8plUY4qKkk4oEQQNZWxyZuufy5tRdihLxWsvuJEbEeb2dAAjnUYGUOsW2dsImerXVyuHgrzwAJDWkMeUpfjrUopAww2O1SKIHWrCHV_wPAQJBaqVnEDjZWv-YUrLUpQkAA4VwS6QruFCNeZGPQZuyuTw_cRq6svX4hdbsdsbTXZTRlZt-hQkxsuUui1HRYScsuDc77T6-9Rf6nFnoUX4i6o8FAJCK4rS_eVWyoMQsFpZN2hrOwoxENF6FDKcUNGz52eHlYPT4CT-szDUhGD5Ei3kj-e1yOQt5luBa-UIQWZxvAYqBrLr1wcWB1gCqDYbNfQZH6crwEuE0N8As2UsVM7VhQgL7I4-0l-3dAYgVhufy_KjfMe34jmSbVBAM4dXexvpG9znjUqsxLLnKidEvzPBh_hnFcbtU6Y_f4gsZzfYXtYMVSX2UKezSxlxZQQJcvCCWXqkatZ1ccoEUlLk2y29KwLZPN_nwqP-3nP1h8HXGkGaxU_9J90tjclhnB16u7c96dtyd32RRCs0LTzdP4xlPwVUARoTAg91eLa4iqaiJkWMCbDFXwcF6I0Hqdp-qUYPzQLF0basW4xGLeoZq9giUMZuyLJTa_j0Zy4fx1PzRX6jrm5HUu3Ito3rpJRrjVoNLljjW6U_9peBcO7KvvCPwdEon4hVXtXHesIEwk1CjUzI3J2VsSVmsT5heoNIvWbDj4XYuFnOfprQqQI66lGnsRXylmjPWZeC3eExl0ALrPmTU8VLSF2r82kYfHBbnCM1ohY2gTCU4Ix_2TNev3OAORrRrsmfdjd2kUininywDZDQ3gYZHV6Za_i_yPJrwic08uHTSZSC7Tf6LTVrj0Ix_4MG6b1t5dDSOwTQffib5ioByYJlvZD3TL-bou07Z63yjBJvGduZXgeO17E95YLWeGbj5LVbu-JbsD2g12pwPdJyZjx7ZxuHsTJhOxbZhWQ7aU1-m-Uxob9YRRzyYhQR_lYYtjfSglG1M8ZJJb5w0vSfW4BDQzpd8ktyO34abKQLFPOhTbHH7w-B0KhHQcGD6d3WFgzwVnfeVGQb6vsAkWI67DEIkoZkiDvbSvjHsD9qCiR_w9bmiLP6vhxS28c7Zf-u106Jv9eQmtmWjrUijdjmCzG3fZQkADGi9OpRSmff_jjdtaG-H7ZwWv3VgV7ai8G8LVgunOmwvuMhvdo4ubZDuLSw7MGw-u_b3q6u8E6BFnvCeUMTLWG_wB5Ui9fVqro6d7Qk4yv4mlSFCHuITMo_wREn3f1NSsqOzrjANSZUVx6M-mHWfVOIHix8MrhUZpWy2LWSQL5Dw-mi2XYyrD8BCMQKAaHie8CDQ4jUcuMr70RKclHjsh3c01xAa3a05HBjRo5QJfoyr4raCzcdb498G6Ktw4iENbzCEOYOArEbLSksmnxcDwrohYwFf7cKoS_wnQRoh5jYSYaIdJW_L97C7vDriQjlmX68OlCg3iMsc3zsA-u-ceDir3Te4zGPv33a22zO0KWYLZ9HbGh4MsPDl6Vds8M71a0q95IiXHnT39uxHJFGfw4INF2ZoNKzhhizuUx9AyKByhy9Ra3eltEdLYJ-BY2ob1dQcDrFMca99E355TecIqKMoch7y6b4Zs7iEZY7PKqbCMDxlZv8N4jRblno8tbrnSng7oUMAGoZELVbVNDHUaBoIjCILYZtPVKRu6hn-eeXl3YKcFmv6bw-SyhCEvLPEA_xs7fNKHVMorqhhHA7HlIMplMQXLp6EzqQf4yX9bfj6laTZLrwHFfDnUVM_RtBNHGyw3jefl0TGcym2ZoEFWA9CvI3xwoKFoWMX-zapxrqDegG2FZ4uRQU9_Pg0VSEd2TSww7lsyDo_jRl_a1roAy7niEJa2OUmW28Eu6iJW5FCaqIrI3Kkb5nt1vmDHdQeRaqPIml4NPf1f9RDjRdzGwC215C_KQuJdvVUOXW_LUfP9z6-GHtdK-z1MletuBpFpYOUemoHVA0rIvT--MsqB98k3Uc79oRbh4j2AYOQmqk8VESJew65vVbIN-fe3EZsak8IrvDQ0XioVcm091QUkZVJKmq92D9ApEOLxtSitaUjCEP_E2AFFzYYW4K6hJXDuUIa0o0lM0h0_DNTCuqjq7boJwUr6mFCuySrO9eemHrgxyg9zKlk50JSRlrq0uKHa-cxGpGQzar7U2MSz5uxLQBsB9Oabi5ov_SYEWhtdP1DnDC5YTF0mFr0fEgdgxQ8jtJUjP4OYfPT0_lrnIH2aq8NM8my1oqCJr8udXEkXqRbzsKFN_hac7hfQKIG2l382ZjZw2D6lMJxMoGn3hK90Y12OYCg0uyb_PxMn672GtZymqZVkeGsNtqxicrtIn8MqRCHD63HcIbIUWqEQm9TwRHJqyp5QGpnwPnBwVZGzIr9bK1rvrGlKGb9QOulVDK1pdjjHRAQaQ9aOJD-d972V05kL5cfjvHRKZgWHLteSZfLTqsath7sZh6sJLquCKZ7_cp05Wh35NaB044m1Pugi0u9NeWk4RTN9skT7kidiX-UwQywPNQa__7AoQJKDNoQZvLwXeR7X_Qtee8mleejXDPCktxGh-PbzvbZHdAN3mhdcXdMyW1I2_kKAnKfo2y3Pwv2vEfJ3iYrvFHGdmf5tn5evmz-oH5vhKN4dJkWscCFeEW_Gcfv8nmP5QPkVRI_ombeLRcyeXFfj3vAOo3TThLGztGFwQYeE3wKetlbuObXfp1dmS949mjQfxeAfl7Zfnjupy9Zbjs4oWHZwFVJKNxaMhkra4p2GzonOSPxt5Rtqimo88UZVCxWhOuWtQc6QMXoq2vNKoIwwYorR0ViProl0dIKmxLNJvxM_wBgH-OzBjne2Omr2FztfVJCCHu-sZVzWIjbW_2TAcBO_bPFGr2Y81-4rEzA5SgNQvFxxtnbsBz0pnNsusVUj5TybqjvyuzDAPHYJT4hR7VrIrEqG12wrvsJ74uZfdLDplKEhNNkkItV8JZSLMFzSkYq0q6OOJmjezsGmO2kqks4PkDYZBiaHXoV14FGFcg6NxUwlozsUNadK6JSLE4NIFT-Nu6eAbsx1q99OXVzW6aNIOGNsXp7l5Av_-594if6Y4zRnM4ifb872TszTtU_e-MaQF_sl-PnrTCnAGpA3qAdB4XpoDXwfxQb5XJ7Hut_fzL8N1uJIwpcbs9a24yjqEnGONJoZRn996NTfSC_gbe1T56pZ9qoiKhJJucMVnT11S3-uDC_TFNafbx9ZLLZYI8_tCA4NK07e3GilGwbTXJfOq5qEQN2qE4fz6rwSNM2_ACpPvjeKakz-AoBjeZd3RwSv57aCH3GPRD4ojTLnpY-U83jIBpMB_DTa0qNryZXc4lINFUJRp0nmOFkTnntKXxOk7_wBdE_zdhKNtFbrIRUOKp9OCWRJHlO1DcrcmNNcEuCt1DEVorAqeZaGAeNYmxAZjZ7sZuwFp6l_KvmYT8Klk3ZDyn9I4mKXJXlyrbXwSiPrDExhFXv90Y7wpsbuFUThN2U5TgkN8GpTnziIJQeylx4P13TszM0hMfTEH-OwCBfkAuJ67RHMjkoMZ1KvXxqraZnohlwfqXFyjHhTWDsC1XeKp1lU0qqkVU7Rtb_GWkXqggEGIKpNPofkXXgDY&cid=CAQSTwAvHhf__tI_X6zV3t7KH2IiD_lRZRxLC-ANtNV3ga5BC7JBic7nHzv5PmV0v4Mzx8KgJvkDE_0zIxpcq_LvSqei4eR1CAnBs8urE-wvA08YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fsteamru.org%2F&ds=l&xdt=1&iif=1&cor=8967707601658678000&adk=521587873&idt=131&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 01:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 01:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 95D1 31 KB
12 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 20:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79096
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11872
x-xss-protection: 0
server: cafe
etag: 16225921609732785849
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 Jan 2024 20:42:27 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 95D1 41 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 13:49:16 GMT

GET
DATA 200
OK truncated
/ Frame 95D1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a10af1bd891b0ab4eaa5848148ab99a21df817f41a084354b3d35cd3a1bcd4f6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86B0 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1ldGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoNECshAAAAAAAAFEAwBAoNEAMhAAAAAABAZkAwBAoNEA0hAAAAAAAAAAAwBAoJEB4qAzB4MDAECgkQGSoDMHgwMAQKDRArIQAAAAAAABhAMAQKDRAQIQAAAAAAAAAAMAQKDRARIQAAAADgQ_VAMAQKDRASIQAAAAAAACBAMAQKDRATIQAAAAAAAAhAMAQKDRAXIQAAAGdmdmpAMAQKDRAUIQAAAABwvfVAMAQKDRAVIQAAAAAAACZAMAQKDRAWIQAAAAAAABBAMAQKDRAYIQAAAAAA0GxAMAQKDRAyIQAAAAAAAAAAMAQKDRAzIQAAAAAAAAAAMAQKDRA0IQAAAAAAAAAAMAQKDRA1IQAAAAAAAAAAMAQKDRA2IQAAAAAAAAAAMAQKDRA3IQAAAAAAAAAAMAQKDRA4IQAAAAAAAAAAMAQKDRA5IQAAAAAAAAAAMAQKDRA6IQAAAAA0M9M_MAQKDRA7IQAAAAA0M9M_MAQKDRA8IQAAAAA0M9M_MAQKDRA9IQAAAAA0M9M_MAQKDRA-IQAAAAA0M9M_MAQKDRA_IQAAAAA0M9M_MAQKDRBAIQAAAAA0M9M_MAQSGkNNSGdscUdUbklNREZUbmRPd0lkcklvSzZRIhp0ZXh0L3ZhbmlsbGFfdGV4dF9jbG9zZV92MigD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/d500f8b303efba9f5ab695bab8da4c89.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F364 38 KB
13 KB 23ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 15604
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 14:20:39 GMT
expires: Wed, 18 Dec 2024 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3BE6 624 B
242 B 62ms
62ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COmR064CEPvCzOgCGPTP3d4BMAE&v=APEucNXpzV5Tgu8CyNUIovhjcNWgemDj12syaWsx9VN02Jm4ngVV6zck6Bj_TZ5Tm5IddxHIVENHR_Cz2fyVDxagsl9_Bb1AP09OfDOPtTOOOXYt0_4iyD6xw109TohWElnBBZGOctM34Q-e9ipw3W1j9uap2E1xqOCf66Ml_eX4bEYvvsF2uIU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 97AC 172 KB
61 KB 26ms
20ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67899
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Dec 2023 23:49:04 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 97AC 7 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 08:59:51 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 97AC 23 KB
9 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 00:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64631
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 00:43:32 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 97AC 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 13:49:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 97AC 3 KB
1 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:15:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9E03 1 KB
643 B 20ms
20ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Tue, 19 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 97AC 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17488
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 97AC 0
0 31ms
29ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR-xjHH4GXAJT7wIGlMWDryY1Pk4iZGVuLGSJubud3dnF2E-4HiAs03jtwgc9qmpd-SxJLloEE-QK6Y6qT4-gxIxlREhQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 97AC 203 KB
64 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 97AC 42 B
63 B 51ms
50ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DKuH8s3twElHgRKo3DhVfTmw3mFTC-7L5kedey6f6wCs5ar7ONLme8krn131jIRHOGz4Si_ypaUH1gSpqoGEF4Jhq10SvYlFIdFFwa-hLq7cyzsGE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame F364 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 11:16:32 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 9E03
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEI03w3WznnEMzL1RuVpNgMo&google_cver=1&google_push=AXcoOmTH9RqHk5lYzAYCiYtPIs_x2xz2KCq-RoPQSdAVqcLmA3_ggy6_WD05phqhp-qS1V9Twz1ncKviHZSaT0pGd8xmQ4tm0qicH0o
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgyODk5MTkxODEwNjc3NjIxMA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1

43 B
398 B

80ms
80ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E03
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELCS3JrGxSB0RospG1o2emo&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NHNtT1hmQzIxUmZGMWg1&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76Ao...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NHNtT1hmQzIxUmZGMWg1&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76AodOxvQLerNyNZFUxCWPp9ndfgWvAfBRf409BFJRIgrmJDugMwwTyJsQEo

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 19 Dec 2023 18:40:42 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=NHNtT1hmQzIxUmZGMWg1&google_gid=CAESELCS3JrGxSB0RospG1o2emo&google_cver=1&google_push=AXcoOmQHFMO19zFqFJNsE1fKR1lQeY2473VQcGOxs-F76AodOxvQLerNyNZFUxCWPp9ndfgWvAfBRf409BFJRIgrmJDugMwwTyJsQEo
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9E03 70 B
149 B 148ms
49ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEHSkKX1sySdrXN_c_vmBiQA&google_cver=1&google_push=AXcoOmQc43BLYYPtPG3XtRA5tDH3iDpDRbvAUfpAlJvAOJOcKV9uil8r11HTl-67vdIlNc8IU3-v7cNkvLUMHlwn8Pj1C_V84Cf5U5Y
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E03
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOo7blxSjoJvJgSE4klLKoE&google_cver=1&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSW...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSWsc6vZoKLf5mtXOGWZMb8&google_hm=uFMODrCLQ5yn-Ca9j...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSWsc6vZoKLf5mtXOGWZMb8&google_hm=uFMODrCLQ5yn-Ca9j-Nkk6U

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmSY2gsluWNtxKJjyJxhDWGk5SwgHYOzYpefKQ3ir62xz7oafRC19PiOFJ-ZVZC2DzcDzJxoM5g5eSWsc6vZoKLf5mtXOGWZMb8&google_hm=uFMODrCLQ5yn-Ca9j-Nkk6U
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E03
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHjjhSm6v7dQBPaZ4DHXDR4&google_cver=1&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYF...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lkyCs1jRQB4qEYnoUoQTPA&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYFulJF5UY4bsUScQ

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lkyCs1jRQB4qEYnoUoQTPA&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYFulJF5UY4bsUScQ

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 19 Dec 2023 18:40:43 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lkyCs1jRQB4qEYnoUoQTPA&google_push=AXcoOmQym7vugCNAsCb8VxahZUm12_vOW39Wd8ktStqimwschhQNRKs3R99sUXlsYVHRtID_8LcYhlZsaoJeQoYFulJF5UY4bsUScQ
x-host: tde-deliveryengine-production-784bc7b8df-t7242
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 9E03 42 B
204 B 92ms
32ms Image
image/gif 34.160.236.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPaELn6gpc_G8DMu0qngIjA&google_push=AXcoOmSyVhZk7zimYL_mK_vjmf0S1uZcWtFolTBPTc_xxyyybGTTPn3Nc_eR0vdsa9l1rlNjsNnJZ8QPJtT2UXNdugc6Qe_Am7YWtDk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.236.160.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
via: 1.1 google
last-modified: Thu, 19 Oct 2023 06:07:48 GMT
server: nginx
etag: "6530c7b4-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 trk
ag.innovid.com/ Frame 9E03 43 B
297 B 243ms
37ms Image
image/gif 2a05:d01c:1d8:8102:4dc8:bb9c:b52c:3b27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEH97tHkVxC1QpKSjxMt-ZZA&google_cver=1&google_push=AXcoOmSnxP1bfj4BAwhgJxyh6Yv5CbhBGBWRsOPS7zOD0UVd1y67gs8YQnZRkViezNnnAows6uNn67WSY_WjJvlyMSfnDIy4RvPH_kI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=250&adk=2021727514&adf=2833230818&pi=t.aa~a.649322570~rp.4&w=307&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=307x250&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=-M&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=973&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:4dc8:bb9c:b52c:3b27 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cache-control: no-cache
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9E03 0
12 B 28ms
28ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JniRK9B98UWpjc8TGU5UlkA7zUjBG4ePXCVA0GbfQh-1fP-bfks43evxpD0Kaf5d0k70F3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 97AC 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af0ba8db1d78be9a5ad19943e9bb23445c3d31568b61369c6235a8bf8bdfed07

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C26C 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 15604
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 14:20:39 GMT
expires: Wed, 18 Dec 2024 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 13 KB
3 KB 71ms
30ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae3a0957fc5669d282e41e4d6107d528898f07b480ec550cb34ba6797a384b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3256
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
expires: Wed, 18 Dec 2024 18:40:43 GMT
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 97AC 0
0 117ms
63ms Fetch
image/gif 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssOoOyTa-1wTYCX7h4VBEiRJYuIhWPmTe5NeO35bQudOe6dl_cXbh11tSin3BXFOqyf1RGsZlUGXJoPEoXsPXy5hVfKLUhvok8sXEwWYjEv4xd2fQJTuFQk-rQrJkr1YPYt_-WCe0Pjk1QElGPSv7WwPwEJ3b66mbeVO1zj6WJJiNg_ZZXDduTCPlGnJet_O7RMhTKemuEJjnAZySKsYXkejKaChaekeOXONxTv-pwQBTOX_eDppOnh6sMAvTnW6lc7rdH0XlGV-50GpltCSEo-CcZ4EAIcgAxx_4eESJDIZWU6P48XaNeBFGQ2ok81bwcbUs1uLZD44WNBnQwtTvRZdeNzUxoL3YsDvLX1qVnVAdHBrNE_EeeCKMVDDKLNaSqk6CLoogFbQ-rhc5DWYDw1khEZBJ7HDSc1_AU_Yl1lhF0NismXd4416iBeTX134EfDGgSMH4vBHVZSPovLjWyKQVpFaeItRxgJXYOqw0zpdzEp87wANBFWsG0LH8HLE83qCH07_2x0vpbKbe-FadXDz0BKOnnlYb6yTODSNqpFpW846ytoJ_d1GVkTD9l16xXgmvrGhpFWhvT3JTp72HSpAjzVyRp15nUI8EcwCYyHD1iD20ciC7nnZ5_F1d1H05yNwqF6i6_cQ3hKVqeo07FQzZqtVyoYENPZKWUbL_H2jR3P_RM9ugtrtz59Vljef7RpR6cimMurr-PWmkjk6MulC5aO7t9ZVWXINZ6V-l0STYfdwKjJLfBmu0N47oOvv2vxKbztPKR-kJBEaKqBFR_Mhwpew7cEW1_qvR8QNU3NuxTFt5l9t1Q6ojNLUL_vSypuPtGgjDbaB8eUXln9CLl2HUQ4oM2rd9AHy4GUJ-uH4MwOKhhVTM4YWVpx-8IDT0dQNCIvc1snAAO-wvNFG7M9W5kj2vNY-h1nIcmAvsJo8geohZVNLeB2Jr0VRYJjn0a5wKemGfSEVu-2NHRHoslGOXv03jak6Ru0Q0i72KVaNvqZZtyu-00nplHOiaBLhJgaK7RYrAyLIBwn6LqTnQPh2OuloHVrzvTqnVTb96-ESk9EWEutc99bz-N5FqCyjCTL4WNE0PuavGqjHC-Y2ByddVpTrvxoAEUoDQd0KjJSnIstdfbwbwAqTvIrstsfsdmJrflsxah_xZ3exPSsy4v4PTwjUsDKkntSAAv2bC1kmYqOj0st34TtiebMWnpIlLOHGCm0B7_NWPRw4-hNgCJD7BrJ_hwJfLXYaEP6a8qRcVOxlxSgE4hvqFAEAzJaslVzclqR76I0Tm2KUi_PdJbthG29qtqo2O2t_4zcaaduqAagDjwFZi_wb-O0UgMGHx5M-Rod8kg0sP6J3r2ZCy7Egohr_db7Oliu6AZ2zVuhyfHlvl9a-jnaliAh4OWChCifH_itLbil6XJ_wxn-Gnigw4D1OB9x1Hr859mDP1m5XXcXNw&sai=AMfl-YQeWvKebrG_4eUzG2bcuH2lyHWHZXrp_fbAyefAdLem_XlqxJzTIV0iWrmd7YbHG7lmp6TnzwKq2JZL9i-w-vhasTJ_uOfON3D-cLanW1H4PSzyr5KLiVNPYY40-rh1O9XZ__zy0eUQbmw7Ji6gnqn44fMV1Fr5cPLS9nKCfRkwMi1Jx5QuZajrotcSxcDvUDirUtc_hHc0wKBBgChXvWc9FUrlZsHNm754tx6Tghealwpz2snPF0DFbAvwgp8mK9HUvIstK_DrLxKPo6NLRKYWMZWLlRcbt6jNbc2fMiCi0bZVCu0aIwKnNgJ9OXTZHwLw4xYqYJuKZ1FwRc9DKuCMrT0EWjQ7EThq6xBP8cmkZ1bp6p1L9oVZgYwjpa9fQDCLTvBQYQNyTwkVAVZK42wDUq1GK0_tAncYWld7kPB05CVgRngUCn8&sig=Cg0ArKJSzGXrvJgSWOcGEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9jYW52YS5jb20saHR0cHM6Ly9hZC1saWIuaW8&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=119&cbvp=1&cstd=83&cisv=r20231207.10133&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3BE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1

43 B
734 B

61ms
60ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmR064CEPvCzOgCGPTP3d4BMAE&v=APEucNXpzV5Tgu8CyNUIovhjcNWgemDj12syaWsx9VN02Jm4ngVV6zck6Bj_TZ5Tm5IddxHIVENHR_Cz2fyVDxagsl9_Bb1AP09OfDOPtTOOOXYt0_4iyD6xw109TohWElnBBZGOctM34Q-e9ipw3W1j9uap2E1xqOCf66Ml_eX4bEYvvsF2uIU
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pPPRbnU4nMgB1VvaClICSu2bB3lTX17ZO3GiGuqZNaPTxOhkL7FbqBi9%2BdeWcoUPQZWmLhphmxCSDebZzRk63hpeZHzKGy%2B70JRZN6Id0WtkK3gMD%2F5X052sXruwN7qESeiA7DH%2BRhGd1g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c68fb91c453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3BE6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1

43 B
733 B

69ms
69ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmR064CEPvCzOgCGPTP3d4BMAE&v=APEucNXpzV5Tgu8CyNUIovhjcNWgemDj12syaWsx9VN02Jm4ngVV6zck6Bj_TZ5Tm5IddxHIVENHR_Cz2fyVDxagsl9_Bb1AP09OfDOPtTOOOXYt0_4iyD6xw109TohWElnBBZGOctM34Q-e9ipw3W1j9uap2E1xqOCf66Ml_eX4bEYvvsF2uIU
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaFhchB%2B%2BQXsfvvoa76ciw3asKxBC3pbc3AoIZi39jwkt2V63QJa6cKP0tUYXWaKnEPIi3xSCsvw9bHVGNKIPQrSizf0hwTMaLCekXo%2F%2FYM9B%2F04VJFg1n3vEf6kEi41SAGrbPJ7FPWImA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c6901a0e453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL7vhdlydJ4zzucRqzxl5qk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 3BE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZSbTGm4zlOvg9lScRViM&google_cver=1

43 B
841 B

33ms
33ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZSbTGm4zlOvg9lScRViM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COmR064CEPvCzOgCGPTP3d4BMAE&v=APEucNXpzV5Tgu8CyNUIovhjcNWgemDj12syaWsx9VN02Jm4ngVV6zck6Bj_TZ5Tm5IddxHIVENHR_Cz2fyVDxagsl9_Bb1AP09OfDOPtTOOOXYt0_4iyD6xw109TohWElnBBZGOctM34Q-e9ipw3W1j9uap2E1xqOCf66Ml_eX4bEYvvsF2uIU

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: e053a6fe-ecfc-4964-9d50-91f8f3f73474
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZSbTGm4zlOvg9lScRViM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3BE6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: 8270530e-2483-4a69-b11b-13b07332597d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 main.19.8.466.js Show response
static.adsafeprotected.com/ Frame 95D1 213 KB
67 KB 90ms
29ms Script
application/javascript 2600:9000:20ab:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.466.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1883736/77184607/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015453222&ias_pubId=pub-2147948657389864&ias_chanId=1&ias_placementId=20852133819&bidurl=https://steamru.org/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h60s_LPFxnQAmdOVBqmsuG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8acc1f1025dcaf26f8f860f726b3a05a701b77eb685301d4f25bc8339bbf891f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:53:12 GMT
x-amz-version-id: xzgJjX2ySahBlQ72zDUgnxljnut_sNmJ
content-encoding: gzip
via: 1.1 e1ffe469ec59bbd0f64b14eb9c83d0d4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 510451
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 13 Dec 2023 19:37:51 GMT
server: AmazonS3
etag: W/"eac384b0904b6f5677cb58a4d4e104c8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: nWZS6RCEQFTAUHnlYuP33FKLddnv8QZRwTj8kQmGOoWK2V0KnvgWWQ==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 98 KB
22 KB 28ms
21ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3af60e02cb6bc35aa2819df692eba285304603fb49d8c7bc3e683e4c0f2887be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 122389
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22145
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 08:40:54 GMT
expires: Tue, 17 Dec 2024 08:40:54 GMT
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 95D1 0
0 119ms
64ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS1Ceb3vOj1u1-1h6hf6ZyQcPdi6c50_Wlrb0z9ES-btyW4-CEDdkimISCsUPW_RR8faOSryAealriLjUbJBV7RL7vvCOdqwoYU0mdK8w1bVJ2dXZVhWmLmvt0G5ryGsjbUl4FYYhUNhgaGoB-uP_iU62ACvegWdczHxmVDDKHiQM5Mk3kMRM8BIdmwzuu_Br68ZcFG3KdsSCenVs54X80Ej2KDdbmo78BHTUuN0sLUfuM--ydCreMLSX3mZ3gFjLcR6BTOhT0NghATCOXmqnhDpK2pk_BIS8vY6S3p25zoCWIs5mzy5d1sskfWlil6Pg6__fk3_2MhULLOKvE5Yxee1nO2qY230656MeFCmxXeh29UK5cevo735iLxxaT4ZHUgXvGBv6u4OOrfikkSnSizoE3Zgv2Z9RVmlXbenzRxlXN7og9FG-df55epeJu5xXZrJ1v70YcGLuvrpSzJM6IfXOoTvsJYSuAe9CsZbmMAqo0u64lunfwWfPLX03BdPPEtCE40itSntFFlGCmxteWdgIuEiddSwrThSr8mTnZer9_wpfkA28TupA8b1TZlY6G7QzNlzic7-TbDBwTSZTGnNQ4ksK98R2FzpvTD47xqrl3Z6_JRHkRKJZX33-z_0f_R1_m_DDkVCQvDf2AjwY_mDTeG45Dc4VY3_PsGEgavWcmJqTQA2KEhLSjNsJQtKnOXZySk8gXGhKVSUdhMbRf0AsUg_-yM3Y9zyrCIgqaCYKOKSfOvlrPs9ExiIN8xk5dOn6thk81BN76i2q6qce1nh2pO9ape31nEK1vOj3APVkuzZZM5xrmUQWwiRlDia886W2LNv38jHEKzvx7Q60Z-pTPPkxoDtsxxkV082PL_J32A62MK50caBVYPxu9vr5RjCPdS-HsVIAtl5b4nDedJs30xZOIrD-ZCtON5yrdRkPtIOkOAzcCOeHWZpNpqJHnsu-hZ1LHKyURh45MVS1y5l6JaywbGZXoGwdmwOUgIk2td90Sj3BFlwgoYkIwO0daAGWCEMFxCXINlKwiPAxtQ5RTvk9348DNgZwPFutlP5qnUQ_ShbB9Hcm1nttQ5aYNqOSgRXS93NBAtaHcAzsm6CgRQRl1_evbepmPv4m1j5GcsDSdkDZecOmhlMGTGHGOqrPXiCrhK-oVQZU819_fyyX1Uc0heVCxQSnrfe_yd63zQbjTZDqNQAyjcl60ztHeIS9_lAZgnIIkrpdNBCFU9jfH3dGky4CQe9-cpqODLSPPo3BjyL9ZiEALB3vv9jvnbYg1VaYvCjn9APrN2wdcagifJryTXXqqZcJ4LRvTfwdeGtked8WP_3jXYcVs3RKA9Fc8MElZgGmRa5zrjQTMLXE4ieQYiYoMzixSyLfKY0QsYhTK84hoB0teEUteVM2SioAC45QX2HU&sai=AMfl-YSJtbFEYPVnsYNSnvdBDitxjyZF3_MekQcSZh5C4voCGP8ocgfcM8ozYGa3CRr66LqT4bP-H-h_G1zA8d8EyVXvBhA8BR8R95saGLKAiU7lbxHKiVzWFJ31CcTZQcQax-RwiFZrok1D2vt2mpJFzdvfGnLBiamOv0EgLmk2Zj2C61-AtEon0_hkbJCgVCzk46wkkPzr4J1QswnfI0ISPXFtJHAYHELAx2mhGSP70rK2WngOdAy9o4TOe15Zyb6wBUWUsULW2lEbpfRe44wwIX-7sqz52S5KTKhCgcffFDCXQDMfugxFzeftaDOnPTz6bpg&sig=Cg0ArKJSzM8rHfRb9rYrEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=221&cbvp=1&cstd=219&cisv=r20231207.45727&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 93656
tags.bluekai.com/site/ Frame 95D1 62 B
572 B 242ms
167ms Image
image/gif 72.246.169.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/93656?limit=0&phint=event%3Dimp&phint=aid%3D6531095&phint=cid%3D31069348&phint=crid%3D206657203&phint=pid%3D383690050
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.169.24 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Tue, 19 Dec 2023 18:40:43 GMT
content-length: 62
bk-server: b514
content-type: image/gif

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame C26C 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 11:16:32 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F364 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bt5ldq-OBZePSCe6t9u8P0MqlsAMAAAAAOAHgBAI&bg=!ODulO3TNAAY3kmNgF5I7ADQBe5WfOPhrw8NOJLSwW6Dakrmrculz8MUajiMA6SLKjHH0hAo2DxCTf1L-btFDzZksoHYpAgAAAGVSAAAAAmgBB5kDRy4A4y5Ql0auNlrj22QEYzWSPsb2-Jz4Gjv6F6Qqa-lPlmzEz2jY6gntWdQm1AizLCDhsFNn7N75liOAvOFRymuuYRFCTc157Q-UgJVXY-PUxVPwZfOQToMGR4kAIW8Z151IrEcATD2DKVy0V4SkxMSSWNbaudkFwghPcIcktwYKhvOYH8kHw9DkL074grR83FmVXnhfXdZ0Trxh4nHydNUlgVRLslMdzbNWrq1JjzTqQ-ocW30_rnerxyAmOUPyyhHMq3YeOOUGMhOZSV3W3ZhF_yJm2Q0KuwThc0WLJgycMeXOdZKUwQa5GKnz9iAQJ5fJTW0Vko2eL3WUaOiIeP4sn3vG4wVdOW8kijW-E2zfTZUXl1ztdfimOGlA4dZpde99uHtDc4VktzQjuZpwQGBURw6icdM3wxiyp2jHZfSa3HEIqUqW_q_Q39_y7thEL4IljRSUmqb5yytfDTR2PW68r8uPZNb4ZcUSgfodkwgKu3VDnOGikONqjYaa19q-t13ERi916HdsESruDDG9AIXIDhGZT2cIncy1b8d4cgVK5ir84MLRqiDfK9Qi0I6lMYBAxjAbqhtqfsnI4Y_nWW3hRuSAUS2SjnEAY5bx2hjDtaYOrgcyrJ_cB4xZ9wNMw15NBDGUzJ20XATROQykXQFqKuDa9SBX0CI4-niKqUHnf-U9ThvzV5kibfMPNRcIO3v6B37QxuPZ2eXHJw5YJfkcqmuQs2g82k-wyt3jbAT4Fzluv6GL_xIxiOxqTfdkc5huh_4IW_6rdbuM5A8GhcjXzg1F7TI2S3Y9Ih7VbjEPuUCa9qMsuZwuS9NSp5Kd2RQGZBMM_jRiquJLRF7WSiu40TYMnBxN2IOYhbXOOYgC5Cl83ez4UcozJoaJ4iaZjZcyztrRANaCTmazTWF2o7hMK76m1LR6K-kHpzBjTjpJZs3eBXalI5VsGBk4p-j2BCSIUNlCX05U3pvD0hE2fsdrjDo2LkCTtrseNvGlttm3bxLU5Z47Hw744anvV9L7CQzlVbGM5ah07qXm9w-4YWZ-txQvBFlTG4fC1qfm0c11WAxHRjKlQt2sL4yq9OYGTBa97w4vbWmS4CfmUBHvcbpFSy4f2qA6

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 7D2B 32 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67894
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Dec 2023 23:49:09 GMT

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 6 KB
2 KB 24ms
24ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c821ac5b54d6356aa81644902d5fad10603c9a415679c081d7760dde7f7bdbd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 09:02:15 GMT
date: Tue, 19 Dec 2023 09:02:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34708
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1924
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 3 KB
768 B 25ms
25ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be5de26b4c662c492dc47273afe90d3c778ec25998dd2a3a6f7f291c26ca5803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 09:01:41 GMT
date: Tue, 19 Dec 2023 09:01:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34742
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 CanvaSansDisplayBold.woff
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 37 KB
37 KB 26ms
25ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/CanvaSansDisplayBold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79630aa66a2fd742af143103e8114c9ea35d4308fd3523bd101a89d8b908923a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 08:40:40 GMT
date: Tue, 19 Dec 2023 08:40:40 GMT
x-content-type-options: nosniff
age: 36003
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37712
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame A6EB 118 KB
40 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52090
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Dec 2023 04:12:33 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A6EB 57 KB
23 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 textFit.js Show response
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 8 KB
3 KB 46ms
46ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/textFit.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8e48ea465007a8f3473fecfbcfe2e31e0d807e98f8ab65f8b0e655779ae2b72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 09:03:09 GMT
date: Tue, 19 Dec 2023 09:03:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34654
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2875
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 25 KB
11 KB 34ms
34ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aefdb07258782fc3aa84dc518ab2052e5b1dad3405867fb1f9d65f816b03c12a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 03:51:29 GMT
date: Tue, 19 Dec 2023 03:51:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10802
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/ Frame A6EB 3 KB
1 KB 33ms
33ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d473d1cb26421c33200e6a1e036a17e738f4ca3dce4f404b708e9f8ab4f75c82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 18 Dec 2024 02:26:37 GMT
date: Tue, 19 Dec 2023 02:26:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1014
x-xss-protection: 0
last-modified: Fri, 23 Dec 2022 09:31:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 95D1 0
0 55ms
54ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS1Ceb3vOj1u1-1h6hf6ZyQcPdi6c50_Wlrb0z9ES-btyW4-CEDdkimISCsUPW_RR8faOSryAealriLjUbJBV7RL7vvCOdqwoYU0mdK8w1bVJ2dXZVhWmLmvt0G5ryGsjbUl4FYYhUNhgaGoB-uP_iU62ACvegWdczHxmVDDKHiQM5Mk3kMRM8BIdmwzuu_Br68ZcFG3KdsSCenVs54X80Ej2KDdbmo78BHTUuN0sLUfuM--ydCreMLSX3mZ3gFjLcR6BTOhT0NghATCOXmqnhDpK2pk_BIS8vY6S3p25zoCWIs5mzy5d1sskfWlil6Pg6__fk3_2MhULLOKvE5Yxee1nO2qY230656MeFCmxXeh29UK5cevo735iLxxaT4ZHUgXvGBv6u4OOrfikkSnSizoE3Zgv2Z9RVmlXbenzRxlXN7og9FG-df55epeJu5xXZrJ1v70YcGLuvrpSzJM6IfXOoTvsJYSuAe9CsZbmMAqo0u64lunfwWfPLX03BdPPEtCE40itSntFFlGCmxteWdgIuEiddSwrThSr8mTnZer9_wpfkA28TupA8b1TZlY6G7QzNlzic7-TbDBwTSZTGnNQ4ksK98R2FzpvTD47xqrl3Z6_JRHkRKJZX33-z_0f_R1_m_DDkVCQvDf2AjwY_mDTeG45Dc4VY3_PsGEgavWcmJqTQA2KEhLSjNsJQtKnOXZySk8gXGhKVSUdhMbRf0AsUg_-yM3Y9zyrCIgqaCYKOKSfOvlrPs9ExiIN8xk5dOn6thk81BN76i2q6qce1nh2pO9ape31nEK1vOj3APVkuzZZM5xrmUQWwiRlDia886W2LNv38jHEKzvx7Q60Z-pTPPkxoDtsxxkV082PL_J32A62MK50caBVYPxu9vr5RjCPdS-HsVIAtl5b4nDedJs30xZOIrD-ZCtON5yrdRkPtIOkOAzcCOeHWZpNpqJHnsu-hZ1LHKyURh45MVS1y5l6JaywbGZXoGwdmwOUgIk2td90Sj3BFlwgoYkIwO0daAGWCEMFxCXINlKwiPAxtQ5RTvk9348DNgZwPFutlP5qnUQ_ShbB9Hcm1nttQ5aYNqOSgRXS93NBAtaHcAzsm6CgRQRl1_evbepmPv4m1j5GcsDSdkDZecOmhlMGTGHGOqrPXiCrhK-oVQZU819_fyyX1Uc0heVCxQSnrfe_yd63zQbjTZDqNQAyjcl60ztHeIS9_lAZgnIIkrpdNBCFU9jfH3dGky4CQe9-cpqODLSPPo3BjyL9ZiEALB3vv9jvnbYg1VaYvCjn9APrN2wdcagifJryTXXqqZcJ4LRvTfwdeGtked8WP_3jXYcVs3RKA9Fc8MElZgGmRa5zrjQTMLXE4ieQYiYoMzixSyLfKY0QsYhTK84hoB0teEUteVM2SioAC45QX2HU&sai=AMfl-YSJtbFEYPVnsYNSnvdBDitxjyZF3_MekQcSZh5C4voCGP8ocgfcM8ozYGa3CRr66LqT4bP-H-h_G1zA8d8EyVXvBhA8BR8R95saGLKAiU7lbxHKiVzWFJ31CcTZQcQax-RwiFZrok1D2vt2mpJFzdvfGnLBiamOv0EgLmk2Zj2C61-AtEon0_hkbJCgVCzk46wkkPzr4J1QswnfI0ISPXFtJHAYHELAx2mhGSP70rK2WngOdAy9o4TOe15Zyb6wBUWUsULW2lEbpfRe44wwIX-7sqz52S5KTKhCgcffFDCXQDMfugxFzeftaDOnPTz6bpg&sig=Cg0ArKJSzM8rHfRb9rYrEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=300&vt=11&dtpt=79&dett=3&cstd=219&cisv=r20231207.45727&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Logo.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 5 KB
5 KB 23ms
23ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/Logo.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5264
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 KV.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 5 KB
5 KB 25ms
25ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/KV.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f028466362f275b6e8fb4becd087987ee2927f8cea331f460b989b3ad1066563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4961
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Blackpatch.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 3 KB
3 KB 24ms
23ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/Blackpatch.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32db0f4150f47fb422e10e2e67fc0d546864ec13d6c85c937ed36487ae0e3714

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2666
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Prod.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 6 KB
6 KB 27ms
27ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/Prod.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

346a1a70d74349065e3f362c0ec44f02f1b2d9aa10d10d3e175e094f08755423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5814
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Prise.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 3 KB
3 KB 26ms
25ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/Prise.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7982f4bc1307135b4a87aaa36ba836190a4151b63edd2b0f37dd5d0fd186af84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2960
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 CTA.png
s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/ Frame 7D2B 2 KB
2 KB 26ms
26ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/CTA.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3de6dfcaee1602f519b15567d870fe6fcbe7851dc56d032f1fb9edd5ad6ffdf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9123309622628568309/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 17 Dec 2024 08:40:55 GMT
date: Mon, 18 Dec 2023 08:40:55 GMT
x-content-type-options: nosniff
age: 122388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1662
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 12:12:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 048C 624 B
242 B 58ms
57ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUQE8XnLmTSIssk9WsczF2IFG3gbvq6JN9FB_zBUoMrpIrFXRaN06oeh0_vyc6SZZa8eslG6Z0V5magtAsBQHHnhDN8yacrjfc_M7dVPGlyWExwKaN2xNNdWmnP53hz3KC2pJ1fV7noLvc2e9EvpglUkWhF-tZRJZ1RyAvcGVdyKXWnLuI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E2DF 89 KB
31 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E2DF 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:15:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E2DF 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17488
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 Jan 2024 13:49:15 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E2DF 0
0 28ms
28ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQvC1gn7-ffe8-kJ6QuPuqyS-kGVtkp8NubXaTEtfYuJYt0iTSGgSnZuxHr8RhgCLGo_kY8juZZs7AHiAscKojCjjfuYg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E2DF 203 KB
64 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DF 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Anhlf_4l1crqbCSG-xF7bq1u4vBzc6NkdEFKox-d-XcfkM6JvdQoswD0VtObsXGsWAvXC9v0JSDQIsKdNyYPmzTrizQ0eTko7K5iqkE_TO_9_1SkU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C26C 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Be0L_quOBZfzXNeiR78EPpsSF0AMAAAAAOAHgBAI&bg=!aGulayTNAAY3kmNgF5I7ADQBe5WfOO_xZPKwySQ6N4hTfg8KO697VLyhPz-0KKtVua2AqgRnnxciLNEWLrKI3XtQFIorAgAAAEdSAAAAAWgBB5kDP3MwT1M7Cxl4ii7OKT-8aHnbnkHLkWWMLUwWBPe_nE1y0s_XqKppOVfZDp-yvniMNgLp8QsOX4kiYmlir3_tGXFRV0zd27JkE7kUQkq4LjabeV8LJohVC8468QrpOh9bWZi2bcQCTmbGohgChE2AGMI93PkI9uayCRnGgrol3CiLal8m_Th2rC8ijELGFsy63qTqE1hZSVw7TrZzDAI1gugb7sv-osiJLOpZ9ZYZpmOugipOVQDjU8Elpibm7AMezAHOAP9daSV5oGgo4u4Gaj8mTElJowJxKDH-GcRvgrTwWTB0IvywDe2VOCC3pevSk0SkL1HC6JEIOXY2ITgYqZ9G7r_ZxaVySukAX-QcYX9ubgqkbLGTj_SrKJem9ciV3H_hUfyYdLRIqg9hKaALFBVr4NyGnvJZbSH23L6GzbGPhOU5g3V5CZv74k4bTwhGAmHuyv205LOUh7pz7Y_8VeIn7bB27yB1rCuQD55DRIvOKwXpF9Xn9TyOrNDk3ak_K1AgC8JBQ7sfTzFlNaU08vRt1Aud07Of2VVd1Um402jR2n5wAgp8-UTzhK2oEgNIo3XKye8z0pfV3Y8JeRNfjvuQloa34ESlPWs-kXgtaT_s9ZpW5ZS55yBj7QbwCQAAhTDlB0w6HEW6DBwHjc7BMg1t63m9mPQRRAO96qcuUVLom3kHp8Wi7QHlDA8j07S91VRBbiTkUHHT-ihg8HKIuItSWbDLkbnIeHekL5K3RxoUyzKeQUb5lpfdrfn608udGKv4x98mOKoqB9SvUB7sLJ9Crz0c5e3Xz7a62JXrtc3v9Jo0XPWMJPyqr6HPpquF7ou1KieIuSIVPWzN2_NkvRJ3Q87_ZWCj1qZwuFOt5_acS-5I1fcaFdWaEPZvEorzc-PD0i4yssi6Bptlo1WLZCEjQgEsmCZFbHyllLvT8jCQhAa4R9w05tmnjkWmAXVvniYbnTA5c8aFONamarIizx6JoRRn_CQb0dfaO0vD_a31B_XMlfFlL-Ckmy__pz6tA7aeTnDFaPnHkkOVcYbglXffdF1yC_DpsuXTVF70B058OJ0vLFrTAGrlBQaIPBxaC15vxxiHXabH15NbQoTZ_g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 97AC 0
0 54ms
53ms Fetch
image/gif 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssOoOyTa-1wTYCX7h4VBEiRJYuIhWPmTe5NeO35bQudOe6dl_cXbh11tSin3BXFOqyf1RGsZlUGXJoPEoXsPXy5hVfKLUhvok8sXEwWYjEv4xd2fQJTuFQk-rQrJkr1YPYt_-WCe0Pjk1QElGPSv7WwPwEJ3b66mbeVO1zj6WJJiNg_ZZXDduTCPlGnJet_O7RMhTKemuEJjnAZySKsYXkejKaChaekeOXONxTv-pwQBTOX_eDppOnh6sMAvTnW6lc7rdH0XlGV-50GpltCSEo-CcZ4EAIcgAxx_4eESJDIZWU6P48XaNeBFGQ2ok81bwcbUs1uLZD44WNBnQwtTvRZdeNzUxoL3YsDvLX1qVnVAdHBrNE_EeeCKMVDDKLNaSqk6CLoogFbQ-rhc5DWYDw1khEZBJ7HDSc1_AU_Yl1lhF0NismXd4416iBeTX134EfDGgSMH4vBHVZSPovLjWyKQVpFaeItRxgJXYOqw0zpdzEp87wANBFWsG0LH8HLE83qCH07_2x0vpbKbe-FadXDz0BKOnnlYb6yTODSNqpFpW846ytoJ_d1GVkTD9l16xXgmvrGhpFWhvT3JTp72HSpAjzVyRp15nUI8EcwCYyHD1iD20ciC7nnZ5_F1d1H05yNwqF6i6_cQ3hKVqeo07FQzZqtVyoYENPZKWUbL_H2jR3P_RM9ugtrtz59Vljef7RpR6cimMurr-PWmkjk6MulC5aO7t9ZVWXINZ6V-l0STYfdwKjJLfBmu0N47oOvv2vxKbztPKR-kJBEaKqBFR_Mhwpew7cEW1_qvR8QNU3NuxTFt5l9t1Q6ojNLUL_vSypuPtGgjDbaB8eUXln9CLl2HUQ4oM2rd9AHy4GUJ-uH4MwOKhhVTM4YWVpx-8IDT0dQNCIvc1snAAO-wvNFG7M9W5kj2vNY-h1nIcmAvsJo8geohZVNLeB2Jr0VRYJjn0a5wKemGfSEVu-2NHRHoslGOXv03jak6Ru0Q0i72KVaNvqZZtyu-00nplHOiaBLhJgaK7RYrAyLIBwn6LqTnQPh2OuloHVrzvTqnVTb96-ESk9EWEutc99bz-N5FqCyjCTL4WNE0PuavGqjHC-Y2ByddVpTrvxoAEUoDQd0KjJSnIstdfbwbwAqTvIrstsfsdmJrflsxah_xZ3exPSsy4v4PTwjUsDKkntSAAv2bC1kmYqOj0st34TtiebMWnpIlLOHGCm0B7_NWPRw4-hNgCJD7BrJ_hwJfLXYaEP6a8qRcVOxlxSgE4hvqFAEAzJaslVzclqR76I0Tm2KUi_PdJbthG29qtqo2O2t_4zcaaduqAagDjwFZi_wb-O0UgMGHx5M-Rod8kg0sP6J3r2ZCy7Egohr_db7Oliu6AZ2zVuhyfHlvl9a-jnaliAh4OWChCifH_itLbil6XJ_wxn-Gnigw4D1OB9x1Hr859mDP1m5XXcXNw&sai=AMfl-YQeWvKebrG_4eUzG2bcuH2lyHWHZXrp_fbAyefAdLem_XlqxJzTIV0iWrmd7YbHG7lmp6TnzwKq2JZL9i-w-vhasTJ_uOfON3D-cLanW1H4PSzyr5KLiVNPYY40-rh1O9XZ__zy0eUQbmw7Ji6gnqn44fMV1Fr5cPLS9nKCfRkwMi1Jx5QuZajrotcSxcDvUDirUtc_hHc0wKBBgChXvWc9FUrlZsHNm754tx6Tghealwpz2snPF0DFbAvwgp8mK9HUvIstK_DrLxKPo6NLRKYWMZWLlRcbt6jNbc2fMiCi0bZVCu0aIwKnNgJ9OXTZHwLw4xYqYJuKZ1FwRc9DKuCMrT0EWjQ7EThq6xBP8cmkZ1bp6p1L9oVZgYwjpa9fQDCLTvBQYQNyTwkVAVZK42wDUq1GK0_tAncYWld7kPB05CVgRngUCn8&sig=Cg0ArKJSzGXrvJgSWOcGEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9jYW52YS5jb20saHR0cHM6Ly9hZC1saWIuaW8&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=279&vt=11&dtpt=160&dett=3&cstd=83&cisv=r20231207.10133&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 95D1
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1883736/77184607/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015453222&ias_pubId=pub-2147948657389864&ias_chanId=1&ias_placementId=20852133819&bi...
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=

17 B
465 B

25ms
25ms

Script
application/javascript

2600:9000:20ab:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Server: 2600:9000:20ab:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 01:45:55 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 e1ffe469ec59bbd0f64b14eb9c83d0d4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 14057689
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: L-DwFfDuu3IahkHLnm3urt_HTYaJFN7Z-tvu28AgXY_ya6MUnZMlKg==

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 72EF 91 KB
23 KB 29ms
29ms Script
application/javascript 2600:9000:20ab:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 e1ffe469ec59bbd0f64b14eb9c83d0d4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 9801215
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 4gh10usnkfFqK6R4ab_wo2QjkIdp2qfGKS3I6F95gxLsfeJlqz7zwQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 357ms
112ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gfi,pingTime:-3,time:176,type:v,im:%7BpBlk:170%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:161%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:176,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:0,renddet:na,siq:161%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: dt28.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 358ms
114ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gfj,pingTime:-6,time:177,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B29~0%5D,as:%5B29~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:0,renddet:na,siq:161%7D&tpiLookup=ao:steamru.org*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: dt32.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 048C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1

43 B
735 B

80ms
80ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUQE8XnLmTSIssk9WsczF2IFG3gbvq6JN9FB_zBUoMrpIrFXRaN06oeh0_vyc6SZZa8eslG6Z0V5magtAsBQHHnhDN8yacrjfc_M7dVPGlyWExwKaN2xNNdWmnP53hz3KC2pJ1fV7noLvc2e9EvpglUkWhF-tZRJZ1RyAvcGVdyKXWnLuI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4z37PFvJEbU15wFRsvXh%2FrYj0L405zUfDe6m10hi6Nkr%2F%2BP9M5rVQAAAGRYdjpgGqvzJvgT6OrBBDbkQQL6s%2FISGI%2FJamIffbdmuQIi3ripwJZfTjh5ynPE05uMSXY2zUkD5cmFRS2onuA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c690ebbd453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 048C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYHjq9VmpFjtMvetL-ambQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1

43 B
736 B

77ms
76ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUQE8XnLmTSIssk9WsczF2IFG3gbvq6JN9FB_zBUoMrpIrFXRaN06oeh0_vyc6SZZa8eslG6Z0V5magtAsBQHHnhDN8yacrjfc_M7dVPGlyWExwKaN2xNNdWmnP53hz3KC2pJ1fV7noLvc2e9EvpglUkWhF-tZRJZ1RyAvcGVdyKXWnLuI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IR2rh3WKyvQvsA2aXO9bs20%2F8y1a2gdxpZKbVXSGac60eHmTt%2BMTArOo97cut0Ecten8Bp6xeSGe%2B85nNnfj6PN%2FfXIauzB5Il1ZVvTydMqwUylMk%2FKLBVA%2BP%2Br7XbXhHDJ1Wri3Q5UFnA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8381c6917d36453a-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENau1FJ5f-HyaDMRadkyJvE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 048C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBVUFEv8d-0MO854FBkzd7M&google_cver=1

43 B
843 B

38ms
38ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBVUFEv8d-0MO854FBkzd7M&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUQE8XnLmTSIssk9WsczF2IFG3gbvq6JN9FB_zBUoMrpIrFXRaN06oeh0_vyc6SZZa8eslG6Z0V5magtAsBQHHnhDN8yacrjfc_M7dVPGlyWExwKaN2xNNdWmnP53hz3KC2pJ1fV7noLvc2e9EvpglUkWhF-tZRJZ1RyAvcGVdyKXWnLuI

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: 7e8d6458-c0b3-4de0-8310-ef3f3b7d66c9
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBVUFEv8d-0MO854FBkzd7M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 048C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
an-x-request-uuid: 9d70c2b1-bfd0-4a18-9876-a981c3994812
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTM2ODQ4OTMxMDk0NDU2Mg%3D%3D
x-proxy-origin: 84.19.175.165; 84.19.175.165; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 352ms
113ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gfo,pingTime:-2,time:182,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:456,beZ:456,mfA:601,cmA:602,inA:602,inZ:604,prA:604,prZ:613,si:617,poA:617,bl:626,poZ:626,cmZ:626,mfZ:626,loA:632,loZ:633,ltA:637,ltZ:637,mdA:456,mdZ:577%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:161%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:182,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B34~0%5D,as:%5B34~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:161,sinceFw:20,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A6EB 8 KB
6 KB 100ms
58ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50131e2329ad12ad6cbe6a59cd187db8a1a22c863c7c49194871f36f5042d4d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5932
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DF 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1434935915348&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DF 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1434935915348&version=m202309260101&ct=77&x=1&cor=6011468200112204000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E2DF 20 KB
13 KB 320ms
320ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuJ9SX1hJ6exTCk-VBlq5TGkOnIEpMukoHFh8jnsOWjyrt-AnN6LC1-FNQ1Cj_pypBXx96pvYPr3UCErEFay7vOnEDy0M-BftR00TcCEYB_sQJLGwewYSStKNaHDKxBWnHB0pDQgPq_tbDkg_cL4NAHFyrSGTdlm5vvIePe95Nb5_bnR4&cry=1&dbm_d=AKAmf-DcaCU4kG1McylRHq7VPd6jsrSy_ElgCbWStAT3snin26SHUwTCh2HyshaCcsomIxrWh-zD3YwwUINc6OLHJHyufQULFpHNkpxHmdLNkkE6Kj9PBGOgqj9lHfTTYZFSALu-ciy-mS6nX05Qfj8hfepJUoH-koxNmn--EhcAXg8DqxEro3xGCTtVOdj8ycuLJQBi_2mr0V8U3hiaqGG3rDUKK-RGp7UGQw9OpUjgMhYOCu9rZPRsrfyVSi5Lppdnhyzx7W2ItmU2EZC2cJM8g5ENyeE0mwlTEM2XSFCdBzmznhBWzFP6KWXw78mnvAsyfUu-IZJF8irTHr_GrSuVjNiyVLnLwgG2U-usFz5nzOMSSgth2LE8jSWY5RGD0i7rKJsphIiySjwOWc2Z1PXK8zjYdQoa79i2ja-DSrgknDVREBCcxZQ1bemyK097ckBD6i6pc6cLj0Gp1D3qLG449ciwLebCox_jIsAJoj3e664Uh-xz7bD793n8pGaoystXEfUTluIzkqMuvgzDwvEY8BhqRKj8jtF2JFQV11xnZUHhh8t7V_XXzlhg2nx4pXw93R1zwthhMPY_pqhjyvqyQXn-ZmnaqiCQmIwLCXgoABJFZL1kEzmKlXoJrI5Nf6PgqgJYfHncPr16eNJ0MoHdcFjDtx4So4kpSI6n3IXJM6CQash1NwIOu1EGNsBykR7ic9vCNpqnY1iOt4vFp7pqWWXg9-DcNg3V6CfIRboTVd24ULlXaQqoPzLpF1OfSFrN0ANmr_lPVU9GJvxQHpZ5fZd6PHaH1QD6AFqJdgzJIGr6pwRmtVoud2qovbGgEb5AQ0scUwiWDnhQEh0ojQniLh3tBWrev_7YxzMoL_zW1YWJadkXrNimVIn80Ibkd35CFu0XgqOLscoFjmPmUN-EDQtr0_S0kA8STz5_lCJKVHYVolfN3ORcjuTr3k7FLmJ9gvYZKahejicBsSFBZR51535_nH0qU9u6SUAnpinkEABbcrqxMgTKzF9frg0pRtAR-dTLaRhyO3i-JsN7-KizNXcolOM3ypXXiRnTvrp-L8A3IoTjNIVmC0mKY5bNLrZ2SisGvx0nT6Rf4ImWM2KFtFaGuVOPXaa1HriSSVYj4zWS4RkwXhvuaOoIkY6AJ-6bj8LKOlhkgf-G8O7i6SrssvAjz5cWqTrz-zPjRB19o9cMEOP4AdxNq1n_onYO0wneCG6k1uGvZ_s2BPqHNEWToM7L48y4P_4dLXosjA9wyZFjiR7yR03Xn4NKjyCpPnXpDyNA0lVTAWeXVQyxbt8xODBJUAoARqmQ7Z5Xn7zffwjkk64-Vxr44B9RbaJQI_yOHtWiXsQKf8LrC8UG0afFXxIJ615uOAiO3dsgJFwKXtCoXHD-xVVSu-CemJeSeMn3de62ykZshkaQXqpFwAZHe_25y7yAHVqD6q6wp8iH159BUxIVma95K2JceY5fXx92t7KM4GCZoS1Rhysu3pDSl98nj6fVwUeYKZQvCEgclG3gnBf8sys30_lchtN6UsII5Lu3WCLuygrUZNHA4V1s0dkBuluhRj8vzQ1-LQLACyaHEOB9GHpUT8JxkRPaFxtq9w-zwnWvLQkcHXO-GAetTUUj_ink2CtgCtsTAJO0GnRWnH7Vc8TqPikq4o0E4_54hnEQbZJkAZ1vg_54N9c_z1YCgDWJX9I_Gug6zqKnNVrYMgCHx6_np8h_vRcjGLUIFXv7A36C2P42ynKsD5oUIe-MtoOxBwwGuZTCP93wdJCv08SyDXbutspyubJYELPfsoxjbpiL2iTFXvu4K_CuM2DcE1WRjBQqyXvOZWTU7ph6LBwVyoN26fnl27DsOx3QIutcigBaT49PYOKQEsTNyPtYUUi2vVcxosLt1N8AdR1G3DAI4xXf51Fye09lJDTXtLIhne8m3J1ftPgOUWaBHE-T6jxIpNrcdMjlPTKh9gDkgtlXlVoDid1cfL4WKvnLxcmf1m2aPoW8MM2zH5b9HFbUvf975wFrj9Td0mv3PAmTnYpexuxlznolfXPjFSgAcqB2t5GTOJEhuRJ-on-mj5Sd-X_ho16KXkK2YadkSFSdsbpKmKX_dPz_oOgm4WDX4MXOmTOmKsqcExOylABqqYaAbZckZqKlr_TdLWFMk5wojkr2I9bLrrCbjgXKjNP7MwzDIURGyqoN3mMF46helk_BQX0LoTISkgZ2xyAoDG1o4OrcJ6iYfmxiAJmd-j0Z42M0-U1kJZID1GL0FI7MmzmiD10nXLHzgGUItAUGUtcwen6i0FNBrScX66uEgzQ4Wi-4bIm6T6g0ilUtF_gwFISFTqf6osS9qkYPxl5CJ0bIVFOd-_eqjLGi_uHVOsJFeOn9VKp-agW0VYlR7GMhtztzQDyt-fyMUn6r-l4Ud31Pp8UbYnf3s_g8ixV_w19KrNaxDP1aKP_OrMN4FKZ0oMUVFXkEqF_vF5b0hUyKIEqBq_7lxjkIwj8FObvJuhzj_MDYSzPu9GQyemlBcNv9I9h4BH4M_MmhbjZisG3oVOIfutTnkRvmb9cBMiJ0Pfnt1OqcT8rOmNs6cbtdVJbdBXPo3qLW53pwr1LgBjB8pz8DG7BDVVfcIKoGX2gg7O2iuzNWt1tzu3EH4CSJK9boo6R94PCB58vx8qE35k60UroNQrII1TyLbOxT7zXamS8vBu6FA82aFJDtA6kWGAtbJQjO6qww61RiJV3zVl3RgMpEdyY2Am-N-NP20Bf4Bt5qT1nGjkWlwtBxtYC0MDe9wUW-0VQ5U6KDJOJJhBnLd0hYmHLHVnO7p_fVUONQbNX5sbbaS4WrzTdYg1FEuJSgDrqLr8EMvx4XuEbgySqRec_I1myUS1v55iMtI7GxOJt6YXvx_o5N2v88-iQ08_UejIg5gsbM3mzBFJZkkKl5OtA72-C5q96rVqIR0GzVYIGGjXshnvCT570h2iS9fyhxa3LT2Dpn0UdoBNIhnlS95ldKPdiA8KahEzb7d1WHutl9ls57xXG7x7azigz20kLRMBXX8SwGm5l-ZzA6S85Nv3fqcu2nmKCluIeOpkQTRJdFltxuBV9SMgHa5t0YlJ3HKNGO48rH2Cy0iGvzR-diTxmy-vX780SKgckIznTYn35EVLqulgtEmv8R1NTkkSRD4X_Q2A_klDdbTD-ZxPHO3JN8sHFPPaqtBVAlfchl3CsI0gAY7NN4d4Gyo-kPTojgvUKjRYv_j6MKznj_pi1ne2fceD8ezEheNO9vQAYw6auLUY_dQvV6xEvQq-m87kn6bwi1o6hTYrxBhNdCQOn2BSAH69LD6cGUzvHN0ly7ttHHr7LhrwX6ihB2Fk0vb-F-tOOQy3OA66gGqKwMK6j98yfT01cT2MTnvBsCeu6wkaJGo-JM5CJ9vIlPx7AXIQEHRTdRgXo3KzXQF9iDLZ-TdBEkF5p7rPJK-nLlQA81GPjCUhalzBqBQIGLTEXop6XaiUh2z0jNnZ5w9NS9245cJKQRxHkV1VqF7N5lVBW9s7BjoCuTb2SgLSuW9loYUAZb5uAhTVJJJnwUXuHTyl-FrUy3N4T2KXJ-U6bi-wKTg1s9-G1Xls2rQaxk40_LJBz8PuhvtsjMEkQzeg8nIIUU7bkrFiNnKwPLrY1kZr932v4pk7tBKHnsiHJQKjgqlAAy9-wDIBsC726e9dUGp1QnJlfj1nWkXmLIzchVlNRoQiKMjtmzepEbhVWflkLmYt7z-djbQQ8gpGmRwpK5FZsu4GeWZb7yhOkoTQfow4aoMUW_qA392FZbgUTiaQIh1VqkVAMJhTFLdonMYnMfjOnL6LzpjjVyq8lfSkIF62yAN6TYetSnGVY8bdhLzuPW536RtFb7C3VaIGxORfLnMTJzlPYyz-bb6a2fnzoLUhIqw6dmby2tY--Bemc-T4LqJpiwgoZOHHXu_16TPPoje7yvoOn97XFGc3pTFA0_KRORAGmSyiqqvyL0LgrjlGu0I_VZM8s7rGWtiM0sy63ApYT0eJ79ng6o7LDTiv4vBrLGvb1TrS-I6Ac1scmDExX49RNfRDf7OWVJXviSD7WmB5ka-upRHwtNvmV4rqVHcHNIZO7zQtOVNqQIXjxA-BWz5zjLaHqYISEq18iOeQGZab-QJaDOFKmainwFnZAPQFqiUH7IcW7wXK8-WaVG17Lnw2MC805q03MXLWPZaYZP7hcl1dk3KGDJrHpkM5iSN6chmm0TPTa8jIB0M0fr-dQjhhtW7Nx77A509w&cid=CAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fsteamru.org%2F&ds=l&xdt=1&iif=1&cor=6011468200112204000&adk=1761367584&idt=95&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a26a662e83a08427634f1b7b5fcfb4202ec35328a64010a1736f2906ebf3212e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13559
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
216 B 291ms
111ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0ggl,time:241,type:e,im:%7BpWait:4%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:241,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B93~0%5D,as:%5B93~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:0,renddet:na,siq:161%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: dt31.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Blue%20Dark.png_1682319839930_Blue%20Dark.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63e5162bb9902100cf171eb6/original/ Frame A6EB 19 KB
19 KB 23ms
23ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63e5162bb9902100cf171eb6/original/Blue%20Dark.png_1682319839930_Blue%20Dark.png

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fadc2074fdbb60d7f34bd18f346391f6c8c44f65e3e80f1b21599add4a84f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 09:11:45 GMT
x-content-type-options: nosniff
age: 34138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19197
x-xss-protection: 0
last-modified: Mon, 24 Apr 2023 07:04:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 09:11:45 GMT

GET
H3 200 blank.png_1671714812913_blank.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63a3f0cb03497090adda2da6/original/ Frame A6EB 191 B
220 B 26ms
25ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63a3f0cb03497090adda2da6/original/blank.png_1671714812913_blank.png

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a466c320c6c23384298a00c8a1192195225a11d1bce68328cf37a6bce29aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 02:26:17 GMT
x-content-type-options: nosniff
age: 58466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 191
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 02:26:17 GMT

GET
H3 200 logo2.png_1671714812913_logo2.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 3 KB
3 KB 25ms
24ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/logo2.png_1671714812913_logo2.png

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c3e404f048288e67b6048f88e121f4c5f3927377058000a01e057b1ff218839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 08:59:09 GMT
x-content-type-options: nosniff
age: 34894
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3138
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 08:59:09 GMT

GET
H3 200 logo3.png_1671714812913_logo3.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 3 KB
3 KB 37ms
36ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0bdc4694a5f3bdd17a15d5dfc5375fe32ca435f5d81cff6c3bda066e18ebb2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 01:46:15 GMT
x-content-type-options: nosniff
age: 60868
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2974
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 01:46:15 GMT

GET
H3 200 spritesheet.png_1671714812913_spritesheet.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63a3fc1b0349706994dac3a8/original/ Frame A6EB 628 KB
629 KB 27ms
26ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/63a3fc1b0349706994dac3a8/original/spritesheet.png_1671714812913_spritesheet.png

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2decfcea631dc6e5a39e44aa0bf4be206b10870490d78d75996c896b5a6825df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 21:57:34 GMT
x-content-type-options: nosniff
age: 74589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 643531
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 21:57:34 GMT

GET
H3 200 frame1Image2.png_1671714812913_frame1Image2.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 27 KB
27 KB 38ms
37ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aa12d2d3f125294a2bb3ef90ef5cc4d99e2e26f2b05f1fd44eba25fe1674823

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:09:01 GMT
x-content-type-options: nosniff
age: 19902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28114
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 13:09:01 GMT

GET
H3 200 blank.png_1671714812913_blank.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 927 B
956 B 35ms
34ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45dbdb7b09412d6e8d0a108245bf284d53a80fe178119869ca65654c0621a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 07:15:43 GMT
x-content-type-options: nosniff
age: 300300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 927
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Dec 2024 07:15:43 GMT

GET
H3 200 frame1Image4.png_1671714812913_frame1Image4.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 31 KB
31 KB 31ms
31ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b0254fd8f86e2ca0c495ad707da3cf3003df8bd6be01c70a5afbc68f8234b80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 16:27:32 GMT
x-content-type-options: nosniff
age: 353591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31984
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Dec 2024 16:27:32 GMT

GET
H3 200 spritesheet_(11).png_1683680545788_spritesheet_(11).png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/64470360177b674ab8664379/original/ Frame A6EB 1 MB
1 MB 39ms
38ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v3/partners/633cdb43c2dff55335fd416b/assets/singleFiles/64470360177b674ab8664379/original/spritesheet_(11).png_1683680545788_spritesheet_(11).png

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

758f0a4b9eb624c2ac73a52c800c14c810ff1e09e55c7d1df6436ad0daaa5bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 22:54:40 GMT
x-content-type-options: nosniff
age: 71163
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1232826
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:02:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 22:54:40 GMT

GET
H3 200 logo.png_1671714812913_logo.png
s0.2mdn.net/dynamic/2/11032346/cdn.ad-lib.io/v2/partners/633cdb43c2dff55335fd416b/assets/concepts/634e1187c2dff56bd63c1f5d/templates/63a1666b011c425078e946ce/content/ Frame A6EB 12 KB
12 KB 30ms
29ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61eb4bd63b7ad05757982fcfd7badeeb3d592fa56e6999698e9f65b7ffeadf38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17822369404113911808/300x250-Canva-Evergreen/index.html?e=69&leftOffset=0&topOffset=0&c=rssAqnhs31&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 16:37:51 GMT
x-content-type-options: nosniff
age: 93772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12375
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:13:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 16:37:51 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A6EB 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 19 Dec 2023 18:40:43 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame C35F 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 11:16:32 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 157ms
156ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gkf,pingTime:-10,time:483,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1703011243927%7C%7Ca7f568a16cef9fa1c12a3b951e90ce13%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7C2719bae8945d2af1f1c8638317b8e171%7C%7Cb70ae7b6f16ef4c5cb7373076fec42f1%7C%7C61fbfa2c1c99df06d2b475b652b608a2%7C%7C0949b9569d101f08b949065fcf570024%7C%7C2dc5fae0c031c679152626cac363c3bb%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
server: nginx
x-server-name: dt20.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E2DF 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuJ9SX1hJ6exTCk-VBlq5TGkOnIEpMukoHFh8jnsOWjyrt-AnN6LC1-FNQ1Cj_pypBXx96pvYPr3UCErEFay7vOnEDy0M-BftR00TcCEYB_sQJLGwewYSStKNaHDKxBWnHB0pDQgPq_tbDkg_cL4NAHFyrSGTdlm5vvIePe95Nb5_bnR4&cry=1&dbm_d=AKAmf-DcaCU4kG1McylRHq7VPd6jsrSy_ElgCbWStAT3snin26SHUwTCh2HyshaCcsomIxrWh-zD3YwwUINc6OLHJHyufQULFpHNkpxHmdLNkkE6Kj9PBGOgqj9lHfTTYZFSALu-ciy-mS6nX05Qfj8hfepJUoH-koxNmn--EhcAXg8DqxEro3xGCTtVOdj8ycuLJQBi_2mr0V8U3hiaqGG3rDUKK-RGp7UGQw9OpUjgMhYOCu9rZPRsrfyVSi5Lppdnhyzx7W2ItmU2EZC2cJM8g5ENyeE0mwlTEM2XSFCdBzmznhBWzFP6KWXw78mnvAsyfUu-IZJF8irTHr_GrSuVjNiyVLnLwgG2U-usFz5nzOMSSgth2LE8jSWY5RGD0i7rKJsphIiySjwOWc2Z1PXK8zjYdQoa79i2ja-DSrgknDVREBCcxZQ1bemyK097ckBD6i6pc6cLj0Gp1D3qLG449ciwLebCox_jIsAJoj3e664Uh-xz7bD793n8pGaoystXEfUTluIzkqMuvgzDwvEY8BhqRKj8jtF2JFQV11xnZUHhh8t7V_XXzlhg2nx4pXw93R1zwthhMPY_pqhjyvqyQXn-ZmnaqiCQmIwLCXgoABJFZL1kEzmKlXoJrI5Nf6PgqgJYfHncPr16eNJ0MoHdcFjDtx4So4kpSI6n3IXJM6CQash1NwIOu1EGNsBykR7ic9vCNpqnY1iOt4vFp7pqWWXg9-DcNg3V6CfIRboTVd24ULlXaQqoPzLpF1OfSFrN0ANmr_lPVU9GJvxQHpZ5fZd6PHaH1QD6AFqJdgzJIGr6pwRmtVoud2qovbGgEb5AQ0scUwiWDnhQEh0ojQniLh3tBWrev_7YxzMoL_zW1YWJadkXrNimVIn80Ibkd35CFu0XgqOLscoFjmPmUN-EDQtr0_S0kA8STz5_lCJKVHYVolfN3ORcjuTr3k7FLmJ9gvYZKahejicBsSFBZR51535_nH0qU9u6SUAnpinkEABbcrqxMgTKzF9frg0pRtAR-dTLaRhyO3i-JsN7-KizNXcolOM3ypXXiRnTvrp-L8A3IoTjNIVmC0mKY5bNLrZ2SisGvx0nT6Rf4ImWM2KFtFaGuVOPXaa1HriSSVYj4zWS4RkwXhvuaOoIkY6AJ-6bj8LKOlhkgf-G8O7i6SrssvAjz5cWqTrz-zPjRB19o9cMEOP4AdxNq1n_onYO0wneCG6k1uGvZ_s2BPqHNEWToM7L48y4P_4dLXosjA9wyZFjiR7yR03Xn4NKjyCpPnXpDyNA0lVTAWeXVQyxbt8xODBJUAoARqmQ7Z5Xn7zffwjkk64-Vxr44B9RbaJQI_yOHtWiXsQKf8LrC8UG0afFXxIJ615uOAiO3dsgJFwKXtCoXHD-xVVSu-CemJeSeMn3de62ykZshkaQXqpFwAZHe_25y7yAHVqD6q6wp8iH159BUxIVma95K2JceY5fXx92t7KM4GCZoS1Rhysu3pDSl98nj6fVwUeYKZQvCEgclG3gnBf8sys30_lchtN6UsII5Lu3WCLuygrUZNHA4V1s0dkBuluhRj8vzQ1-LQLACyaHEOB9GHpUT8JxkRPaFxtq9w-zwnWvLQkcHXO-GAetTUUj_ink2CtgCtsTAJO0GnRWnH7Vc8TqPikq4o0E4_54hnEQbZJkAZ1vg_54N9c_z1YCgDWJX9I_Gug6zqKnNVrYMgCHx6_np8h_vRcjGLUIFXv7A36C2P42ynKsD5oUIe-MtoOxBwwGuZTCP93wdJCv08SyDXbutspyubJYELPfsoxjbpiL2iTFXvu4K_CuM2DcE1WRjBQqyXvOZWTU7ph6LBwVyoN26fnl27DsOx3QIutcigBaT49PYOKQEsTNyPtYUUi2vVcxosLt1N8AdR1G3DAI4xXf51Fye09lJDTXtLIhne8m3J1ftPgOUWaBHE-T6jxIpNrcdMjlPTKh9gDkgtlXlVoDid1cfL4WKvnLxcmf1m2aPoW8MM2zH5b9HFbUvf975wFrj9Td0mv3PAmTnYpexuxlznolfXPjFSgAcqB2t5GTOJEhuRJ-on-mj5Sd-X_ho16KXkK2YadkSFSdsbpKmKX_dPz_oOgm4WDX4MXOmTOmKsqcExOylABqqYaAbZckZqKlr_TdLWFMk5wojkr2I9bLrrCbjgXKjNP7MwzDIURGyqoN3mMF46helk_BQX0LoTISkgZ2xyAoDG1o4OrcJ6iYfmxiAJmd-j0Z42M0-U1kJZID1GL0FI7MmzmiD10nXLHzgGUItAUGUtcwen6i0FNBrScX66uEgzQ4Wi-4bIm6T6g0ilUtF_gwFISFTqf6osS9qkYPxl5CJ0bIVFOd-_eqjLGi_uHVOsJFeOn9VKp-agW0VYlR7GMhtztzQDyt-fyMUn6r-l4Ud31Pp8UbYnf3s_g8ixV_w19KrNaxDP1aKP_OrMN4FKZ0oMUVFXkEqF_vF5b0hUyKIEqBq_7lxjkIwj8FObvJuhzj_MDYSzPu9GQyemlBcNv9I9h4BH4M_MmhbjZisG3oVOIfutTnkRvmb9cBMiJ0Pfnt1OqcT8rOmNs6cbtdVJbdBXPo3qLW53pwr1LgBjB8pz8DG7BDVVfcIKoGX2gg7O2iuzNWt1tzu3EH4CSJK9boo6R94PCB58vx8qE35k60UroNQrII1TyLbOxT7zXamS8vBu6FA82aFJDtA6kWGAtbJQjO6qww61RiJV3zVl3RgMpEdyY2Am-N-NP20Bf4Bt5qT1nGjkWlwtBxtYC0MDe9wUW-0VQ5U6KDJOJJhBnLd0hYmHLHVnO7p_fVUONQbNX5sbbaS4WrzTdYg1FEuJSgDrqLr8EMvx4XuEbgySqRec_I1myUS1v55iMtI7GxOJt6YXvx_o5N2v88-iQ08_UejIg5gsbM3mzBFJZkkKl5OtA72-C5q96rVqIR0GzVYIGGjXshnvCT570h2iS9fyhxa3LT2Dpn0UdoBNIhnlS95ldKPdiA8KahEzb7d1WHutl9ls57xXG7x7azigz20kLRMBXX8SwGm5l-ZzA6S85Nv3fqcu2nmKCluIeOpkQTRJdFltxuBV9SMgHa5t0YlJ3HKNGO48rH2Cy0iGvzR-diTxmy-vX780SKgckIznTYn35EVLqulgtEmv8R1NTkkSRD4X_Q2A_klDdbTD-ZxPHO3JN8sHFPPaqtBVAlfchl3CsI0gAY7NN4d4Gyo-kPTojgvUKjRYv_j6MKznj_pi1ne2fceD8ezEheNO9vQAYw6auLUY_dQvV6xEvQq-m87kn6bwi1o6hTYrxBhNdCQOn2BSAH69LD6cGUzvHN0ly7ttHHr7LhrwX6ihB2Fk0vb-F-tOOQy3OA66gGqKwMK6j98yfT01cT2MTnvBsCeu6wkaJGo-JM5CJ9vIlPx7AXIQEHRTdRgXo3KzXQF9iDLZ-TdBEkF5p7rPJK-nLlQA81GPjCUhalzBqBQIGLTEXop6XaiUh2z0jNnZ5w9NS9245cJKQRxHkV1VqF7N5lVBW9s7BjoCuTb2SgLSuW9loYUAZb5uAhTVJJJnwUXuHTyl-FrUy3N4T2KXJ-U6bi-wKTg1s9-G1Xls2rQaxk40_LJBz8PuhvtsjMEkQzeg8nIIUU7bkrFiNnKwPLrY1kZr932v4pk7tBKHnsiHJQKjgqlAAy9-wDIBsC726e9dUGp1QnJlfj1nWkXmLIzchVlNRoQiKMjtmzepEbhVWflkLmYt7z-djbQQ8gpGmRwpK5FZsu4GeWZb7yhOkoTQfow4aoMUW_qA392FZbgUTiaQIh1VqkVAMJhTFLdonMYnMfjOnL6LzpjjVyq8lfSkIF62yAN6TYetSnGVY8bdhLzuPW536RtFb7C3VaIGxORfLnMTJzlPYyz-bb6a2fnzoLUhIqw6dmby2tY--Bemc-T4LqJpiwgoZOHHXu_16TPPoje7yvoOn97XFGc3pTFA0_KRORAGmSyiqqvyL0LgrjlGu0I_VZM8s7rGWtiM0sy63ApYT0eJ79ng6o7LDTiv4vBrLGvb1TrS-I6Ac1scmDExX49RNfRDf7OWVJXviSD7WmB5ka-upRHwtNvmV4rqVHcHNIZO7zQtOVNqQIXjxA-BWz5zjLaHqYISEq18iOeQGZab-QJaDOFKmainwFnZAPQFqiUH7IcW7wXK8-WaVG17Lnw2MC805q03MXLWPZaYZP7hcl1dk3KGDJrHpkM5iSN6chmm0TPTa8jIB0M0fr-dQjhhtW7Nx77A509w&cid=CAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fsteamru.org%2F&ds=l&xdt=1&iif=1&cor=6011468200112204000&adk=1761367584&idt=95&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Dec 2024 13:49:16 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzAxMTI0MzY4MjYyNwogIHNlcnZlcl9pcDogMTM0MDYyOTcwCiAgcHJvY2Vzc19pZDogMjE5ODcyNDE0NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame E2DF 0
22 B 56ms
56ms Image
image/png 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzAxMTI0MzY4MjYyNwogIHNlcnZlcl9pcDogMTM0MDYyOTcwCiAgcHJvY2Vzc19pZDogMjE5ODcyNDE0NAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA5MTkwMzU1NTQ1OTczNTQwODQ2CmRlYnVnX2tleTogMjQ0MDMzNTk5ODAzMjgwNzI3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0xOSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMi5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xc806535ab67f4cf20000000000000000","13":"0x9c2f4c37340d27390000000000000000","14":"0x346f50f54d6cdb9d0000000000000000","15":"0x4d6f34da97b3d7760000000000000000"},"debug_key":"244033599803280727","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"9190355545973540846"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame E2DF 11 KB
4 KB 92ms
28ms Script
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1703011243029076&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 30a5987b28c34e8fe4284127926b76d141391a136d056c4fc1044f7f6ff474b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 18:40:44 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4208
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9D69 38 KB
13 KB 25ms
25ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 15605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 14:20:39 GMT
expires: Wed, 18 Dec 2024 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D69 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 11:16:32 GMT

GET
H/1.1

200
OK

request.php Show response
hal900019.redintelligence.net/ Frame E2DF
Redirect Chain

https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

176ms
121ms

Script
application/x-javascript

78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: HTTP/1.1
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: bd5d40a6dd62ae4af790ddfb17399959bc5a15c8764b5baa47ce67ade1fd451f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Dec 2023 18:40:44 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 80723700153542104444550012543019
Connection: close
Content-Length: 1328
Expires: Tue, 19 Dec 2023 18:40:44 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 19 Dec 2023 18:40:44 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 19 Dec 2023 18:40:44 +0100

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 113ms
112ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gnH,time:697,type:e,im:%7Bpci:%7Btdr:499%7D,pLoad:657%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:697,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B549~0%5D,as:%5B549~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:172,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:161,sis:254%7D&br=c
Requested by: Host: steamru.org
URL: https://steamru.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D69 0
22 B 54ms
54ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BjH8Vq-OBZYPVKfrG9u8PsLy3mAgAAAAAOAHgBAI&bg=!9_Sl9LvNAAY3kmNgF5I7ADQBe5WfOOUKkEb7yxbQCQc_ydwe2eotrLlR_-ezB8GkbXrRaqe-btw73XRdtFvH_puuMo18AgAAAEJSAAAAAWgBB5kDOSk9cFvYNAyDHiG1qnDuykAJZZ-mZjw3TAy0NHHym0CPikCZSEwbz-tAz1rPj6Mn3jEUUbVVti6wFKYp8XNzxQBuodIgJb_lD4xYVWaYCJgHx1HEugNuuzYUmfE_fZf3MZLT_atbsDhb8EkX8_SKaUsUpeOjS-N08nfVX21FAPRslubyaAK2BoXzboblMQspenRe2tSbSo_i0qb7YI60xNcBicWcICmrIIhWdEzWLAZYo4z3oTtTqvm9DAan4vF_rQOYHCLOIWaJeoG1-BhQd_v1hDmgMxLm0rdSZbiaHeuetWcJoLKbIUu8dvsDTCMyKDc1grclDx5o9TtwjGr3iKE3SoMJQg6Hu5nNHBYmM5rTypADnYYWdap4fG954MMkExmOKC3caTU3P_Bq7b1cx3d4_J2sxiO7cnSmBzV7s-1KwO81f2H5T_J76ID6xkUZAM1ythMjG8TpdmPWTB-1M41QsU7V_jtsPgJk14yc8HHeFh7OBEe2kDjsQmK7w0gab1TwDOWCOSN-TOFaHZkSMe48KYOu2h105k34wxdFUR1qNVbiI0ZDDh5OzcXIM1FmLhz2j7aKxKBGHP89av4z5fTeD9xSnlsVTWBKTYb0h_eLuX4nYGPUx5ozhM0XD3nmVxv181T9Q46IKM5bDHL1GhyJODOG1siRrFRqwbwpVWIewx8VyYUSmJvnnF81ENgRbcYJwKtEBSNttNmF5kCsy1gXVvU1lWqs2jPPSKnE1tXDMOozc3rlC4ThrLSxb5NMCTHgEdYEw4DrApbODTkEOuhrUqU4PT6tXS3wyAKjd-lRwsWc5k9o7snh1T3qJpc2TEv3x_qHxu9yHXqWf58LJfXoaS72KrRADHbagBaewvsti2G9m7dpae50JX0Zhf2ROMaX9iDUDyreSrK0wgVn1hth45brdaKmwmz6PbnXt-sfDSXssdsPukFlqWGsef4YmdPjKk8GK3r1P9aJ940OQQ_arW56vErT3-IoQUGtTJi6SOC0XdJzv6vHaukOa2oXDlXuaIl9zaZs6RX0Ro-YFpZV8k3f3pYRY9LjiFSr0Jt1_pIBidO7A5eBnIPFxD5pHZPMvvTjW6g4Xw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 30EC 930 B
923 B 125ms
21ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 19 Dec 2023 18:40:44 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 26 Dec 2023 18:40:44 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 69AB 0
327 B 100ms
31ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Tue, 19 Dec 2023 18:40:44 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 link.html Show response
track.webgains.com/ Frame E2DF 2 KB
2 KB 167ms
81ms Script
text/html 3.9.151.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=80723700153542104444550012543019&nw=1
Requested by: Host: steamru.org
URL: https://steamru.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.151.155 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-151-155.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 8effa871c30e0e24ade33e86cd40ed4d882c9921e5a38b9cab783a18b4016e4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
last-modified: Tue, 19 Dec 2023 18:40:44 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 19 Dec 2023 18:41:44 GMT

GET
H2

200

activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11 Show response
5994599.fls.doubleclick.net/ Frame 85F8
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11?

390 B
323 B

61ms
61ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11?

Requested by

Host: steamru.org
URL: https://steamru.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f6.1e100.net

Software

cafe /

Resource Hash

c608841bb8b3d8814e6de0b9b81c43b4fb546baa194369eef7fc595086b95f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:44 GMT
expires: Tue, 19 Dec 2023 18:40:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame FDFA 7 KB
2 KB 82ms
27ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=7decf73f43&subid=&uid=faa2d2874214217d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCC_jWq-OBZZTjAeuDpt8PtKC7uAum5b2gaYWVnKfJD_AuEAEgkLuABGCVgoCAmAfIAQmpAgCIDL1wVbI-qAMByAObBKoEmQJP0DrkHvRqiN_fqirhbA-vRGfahR7c2jB9f0on2Kv_mj0z-nLo_4xAsvlAuN38VYibThREDX8slL-DCOLFHupUu6SJY5EGPU8EaVZ4bOVaSnpMHHsEY6vCqUQ1iBXvv_vi26HA8ZGf7OHCzumjIK47EcQTft7YHt6F-ra7b8XALluLpPiMI7ZpdhB9qGV15VTQxP4ne1nEoEXNFm83WfFmIlJnBgXmIOpKPjRjh2saW9xU5wH9_icJrWqPTGBBcOtQis2RNzAwc1JVFfo23ZZVcnqKhZmeizSgNh8aMqT5Ar8C_50CXZgYEKS7bG2LdNTa0KekVWulSFduSFYZiYft-Vi_oyNyt6l3lAE649LmNvqQwaw94qZgH8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlieyrihk5yDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwAvHhf_kKK1k15jGwJEKMcb2tfiXvhJPooluZjMA30yB0DoOU6s-WasV3_CFuvG8binrEEuwJf8tX9_GAE%26sig%3DAOD64_3k3eAhxm3BM_C7KfzL9kQp35F9FQ%26client%3Dca-pub-2147948657389864%26dbm_c%3DAKAmf-DXSx46P4OlaGMV_pXPcFXzjiaJ6Xab5pxLfJkxWx22VbuaAGHFRfDwCh5nE_5JN2nVFu3chHFNGmdxJae6FusFXX415_AL6BtYpDxuMgqIO_18rtxIGv8F0y2XeIqCfKT4DdILngEC86myw5Ig7F52WAxIp7LurES5m8DCR9feB5zg1sA%26cry%3D1%26dbm_d%3DAKAmf-C3Ko8uzvJ_IryqJv6spqyIZYE9XpaokUe-5qCOikg6hWFrn_igg8UZUNkdJD0p6VAmJGZVL78S0UMrOomy2V8Bb9pYOS3hZKaOyF77MktRAWEjWWEbF2HKphy9HGRHI9gsWUsjm_tQdeuQXuBHSrPqRc7LLCe80Ho7UrNbJ25MHs-BH1sEmzSBT5Fswp06FwWGtzMXMb0g9dX1uQloq_DjVX9HHhDLktBatjV0ThW4VEYK6wLO8kVMzWD3qkQACyYewwJk4atajGUJBu3RQ19bpVWJnzOykCqJdO7f7vHO0X7uIa8EHtGe9wqfAfniHijcDxheLaPSYCNfWH_XanaltYOnL_sAHYy0WISe9uUC68D3cDf7GzPwD32OSexPi9xWCmil9lPcC112BhOFlYbT8Gu1aFZ8EnaInGYta4RFAjME61AoyskA9KQG9TIq2Z0QpPFJ-IDVIn3IKjDGWEcOoZLm79PJqtYzicqlJ6Mml1jBn6BzeHC7NP2HJHA8VwADnlyI6I3qNz4ack85ep6nHyQyMNpw7WSt2NTVrbGqZkkhXKg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2147948657389864%26output%3Dhtml%26h%3D90%26adk%3D4204718025%26adf%3D2896993837%26pi%3Dt.aa~a.819600158~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703011241%26rafmt%3D1%26to%3Dqs%26pwprc%3D7089917814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamru.org%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703011242841%26bpp%3D1%26bdt%3D1065%26idt%3D1%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C307x250%252C1200x280%26nras%3D4%26correlator%3D410371231247%26frm%3D20%26pv%3D1%26ga_vid%3D4890874.1703011242%26ga_sid%3D1703011242%26ga_hid%3D577308995%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1762%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079965%252C44809005%252C95320885%26oid%3D2%26pvsid%3D253180864439339%26tmod%3D2118921673%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D3%26fsb%3D1%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamru.org&random=6401848819315&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 79eb9aa81342de861c60c2291038145b512af578277af96719356c0a37421560

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2085
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Dec 2023 18:40:44 GMT
Expires: Tue, 19 Dec 2023 18:40:44 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame E2DF
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
360 B

32ms
32ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80723700153542104444550012543019&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Tue, 19 Dec 2023 18:40:44 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E2DF 43 B
703 B 134ms
86ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=80723700153542104444550012543019&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Dec 2023 18:40:44 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DA08 1 KB
645 B 20ms
20ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 18 Dec 2023 20:39:54 GMT
etag: 48472445140208031
expires: Tue, 19 Dec 2023 20:39:54 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E2DF 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f6da76f7355217338d6173d26bd70de36f7fac41a12ba80a0dd3dca548c5a84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame DA08
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1&google_push=AXcoOmRa9SuQkMRqlF439EFQC7cliW-tK2DDZr9cKBDerEIRlwXyJ7r1v8lRJEqA9v-7sG-gfzfzj2ezcWN_U56T9ErYSTTKqJ_P0...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgyODk5MTkxODEwNjc3NjIxMA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1

43 B
398 B

80ms
80ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOfzrHxn9a2DCzRUpdd3E-c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame DA08 35 B
463 B 64ms
22ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ1jadT2fY0L9-Wo-g86xng&google_cver=1&google_push=AXcoOmToo_aCN7tQsktm7Y6NlGjcIMzqAQftyvz8K-vtP0I4dgfLe5oLGDtEpzkB0_GJpIW2_V05YL-6NP3tHfGMahcf5-1jzUS4O-zinEZs5gYpd4QwtO0AUjSwlmlvvPlhVo65Su2jOq987_vFau4neoycbQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame DA08 0
98 B 90ms
29ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmTmagh6J9LWguA5jJLE9DnTr7L20EokyUUh93DDhRiOGB_cT6lMskI7rcmbWSq9GcT09e5ykIRAWlJZTI7iGMyhiW7Vb6r4fT9CUK-1PVcLYFtPKYeJxd7MfkOO9MWuD5aBNPU29NFGOslyhweXuc0bdw&google_gid=CAESECyUYKOv7BpB2io1v-Bv5mU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA08
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDhxRbMyKaVrfjmVC4tfcrU&google_cver=1&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd4ADV3EoXGrAKAZxqlXqvKENDy_wsi9ETnnwTnn...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd4ADV3EoXGrAKAZxqlXqvKENDy_wsi9ETnnwTnnFoT8kQouo7qCf4zCRzlvAXMAA&google_hm=eS13aDcwY3BkRTJwSFEueVhwUExMZzRHZGdxZ28zcHIzen5B

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 19 Dec 2023 18:40:44 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQqyVH7scagO_VWUKgDgGBWDCmJqzsoSCGms06h-NjaN3LSuQ_sOXJCFIVFwAQCuFUmtiYjuBTKMVvovEFCjhzZxDd4ADV3EoXGrAKAZxqlXqvKENDy_wsi9ETnnwTnnFoT8kQouo7qCf4zCRzlvAXMAA&google_hm=eS13aDcwY3BkRTJwSFEueVhwUExMZzRHZGdxZ28zcHIzen5B
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame DA08 43 B
146 B 74ms
21ms Image
image/gif 3.73.141.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google_jp&google_gid=CAESEJ-5Hq15WBIZGGFLkHggTkA&google_cver=1&google_push=AXcoOmQpN9uNnUo9AGrn6QSNhGIca8GZIcQ39Av32gVtSaf6JLX7Veb4oXg18RT-O_PWK8PILA0cEA13KpnE4xjJuRAvFH7WVnwW8qVYpcCU4CS7UMAX95RtwE6FrCg9eIoGKIgJpXF6k10p2qe_SihE0omJ1Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.141.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-141-43.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame DA08 43 B
363 B 99ms
28ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSz73vieZ_y4DBz86hZUiB7H2t0tcFbq-K9Wzz2ynnCjpned0DwcdJnaFlGLZbzx0kwHGIB9xFhp8tE7FaqGgulVxEVqpf2sE4KFDEswVaV9GXIah31wUbbvVGeX5DNLfHhQl-ZZ1bQzXURThy1owGm-g&google_gid=CAESELQuswjrGXgS10t2NEGUtgs&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:43 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 270167
expires: Tue, 19 Dec 2023 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame DA08
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOQIhzZr1X1b...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQlKs5tSP45c5-3OIGA9jakUymUQ9WVpoE6vZ56J3K6ZYz3cTa8APg3_IVE_a0HZPIEamJd9iDCqacjv3NVTRPYqKjo_vwKjbT08U9jteYwUXCCp...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

77ms
77ms

Image
image/gif

2.19.217.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Server: 2.19.217.101 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-101.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 19 Dec 2023 18:40:44 GMT
pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DA08 0
12 B 28ms
28ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LQXe6Z04RZlHVpmE_vrYfC3AgL-6VE9HErNxCpioxbHzPT7E511kFlH02j3xpAOaePKcE45w

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 95D1 42 B
64 B 53ms
53ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuY2YgBD14JsIuHhdD_O1e4hz6D96pXlgslJxvT1UrE9ccwCxbUk55ywZHM0wAyE-DYTSxL4D5_3LSwyfd4-NUkSx0WvCNPIAgU07z3pQpPmtB4zDmk_tPnaPOiKKSfYpkS_BCiDTT7CtURSn3KxtPRj9Ca&sai=AMfl-YStj-wCLZ5YM1027gXV-doMRQWIfJRlTFy2Nxj2VHSIF4rqbkIuCVGsyMOXY7v_2VfY5wHS46I5Pd8BHX-Fd1lgCGh4XrVV8gK4kUCAN9OG35lBcSmdHOrUg6qx89PNUYAd_95_IyDzlSGBdNNfcw&sig=Cg0ArKJSzH6BH2X9cfibEAE&cid=CAQSTwAvHhf__tI_X6zV3t7KH2IiD_lRZRxLC-ANtNV3ga5BC7JBic7nHzv5PmV0v4Mzx8KgJvkDE_0zIxpcq_LvSqei4eR1CAnBs8urE-wvA08YAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=496,979,1000,1000,1000&tos=496,483,21,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703011242989&rpt=437&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame FDFA 2 KB
434 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 19 Dec 2023 18:40:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 19 Dec 2023 17:03:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Dec 2023 18:40:44 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame FDFA 9 KB
9 KB 122ms
72ms Image
image/png 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 44f543a029c115c6c19444fa15ea8e8aebb62f9bb6005efc874a098bd4059b26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 18:40:44 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame FDFA 10 KB
10 KB 78ms
26ms Image
image/png 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: adedb0ddeea373f5ebb7de38dfb42ab3f0b5b2c68bbccd776769f155662b0249

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 18:40:44 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9891
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame FDFA 7 KB
7 KB 79ms
28ms Image
image/png 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1cb350d6dd6653c198f6581aefc9516966c9f707d546670d5b2e50cc890e5d54

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 18:40:44 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame FDFA 0
150 B 77ms
26ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=80723700153542104444550012543019&a=e00aa679&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=80723700153542104444550012543019&a=0a44e317
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Tue, 19 Dec 2023 18:40:44 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 30EC 175 KB
63 KB 76ms
28ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d72e8e66b05aaf3ad84c31efbb877b4fc6bebbbff50ae028f4651ed9a1b542d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64120
x-xss-protection: 0
last-modified: Tue, 19 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Dec 2023 18:40:44 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame E2DF 53 KB
19 KB 128ms
31ms Script
application/javascript 52.222.139.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=80723700153542104444550012543019&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-62.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 02:11:35 GMT
content-encoding: gzip
via: 1.1 d8c5e23736c47a3e5184b0a78042898e.cloudfront.net (CloudFront)
last-modified: Sat, 09 Dec 2023 12:01:22 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 60112
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: xTO9z5iLXLdFy0UZ_00-r2MRiMSFDGVlUiw17U6QZ4EkdEWh5jRRfw==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame E2DF 85 B
419 B 107ms
27ms Image
image/gif 18.239.50.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1703011544&Signature=SSrxtcS8y4Ng82AADjgLgeDUtGZZTlPaUNVbBEWVH1QzsH4oDMbOnQnHADnnDcDXWRurewwacFt0YPmInlHyZav4KSqVmtj3-PGFUHrtNhGCI6Xmt4zu4b-w8qtFPZ-oJHo4Ebxqy4l4zX8rP4tZd78NqPR64miSpZTRftQ9F5ymB2CljRVpi4gxbGrWy2AkVihDTJeLTB3vv9pSY-X18y49S6TGX6gZtuE0uMc4D8~jAUUgFmlVgcdHTHeJ5N7-TvQo5C~HeEukvRgAM3baVzmDgqQT0hU-oJOtuErRIozc7r1teAfEHZHy-EHNKBAMWsmWJj-5jvtitCkETVB7Zw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2147948657389864&output=html&h=90&adk=4204718025&adf=2896993837&pi=t.aa~a.819600158~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703011241&rafmt=1&to=qs&pwprc=7089917814&format=1200x90&url=https%3A%2F%2Fsteamru.org%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703011242841&bpp=1&bdt=1065&idt=1&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C307x250%2C1200x280&nras=4&correlator=410371231247&frm=20&pv=1&ga_vid=4890874.1703011242&ga_sid=1703011242&ga_hid=577308995&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079965%2C44809005%2C95320885&oid=2&pvsid=253180864439339&tmod=2118921673&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.50.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-50-47.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 22:01:08 GMT
x-amz-version-id: null
via: 1.1 af1da25c2dddf71cac076999aa9861e6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P3
age: 74376
etag: "70af33d70b6810475aae19743c8c435b"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: 1w1lTXzgidS0CUydNtx3JRKDpJK2h3TaABjBw6CXleU6Cz8nd9qZNg==

GET
H2 200 dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11
adservice.google.com/ddm/fls/z/ Frame 85F8 42 B
401 B 104ms
55ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKjWmqKTnIMDFYvMOwIdn_MCXg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9572200207924.11?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 30EC 274 KB
91 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cce64d56944daf71abe3e91a6df9f101e5aeb9efdfa2621dd8c2ff1ab9bd6e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93076
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 19 Dec 2023 18:40:44 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 66ms
65ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4de58596eec1645fced96cf77a57c185be9c59c223147140c93e2fccc2f9399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12298
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 19 Dec 2023 18:40:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9240 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34254
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 09:09:50 GMT
expires: Wed, 18 Dec 2024 09:09:50 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7438 829 B
559 B 32ms
32ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e304541bc04e03da5e270d7fe13246d90af8dc8c49df12709abca5a3f4094c8d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OCEluXHkfoCaea9jBK1A4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://steamru.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-OCEluXHkfoCaea9jBK1A4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 19 Dec 2023 18:40:44 GMT
expires: Tue, 19 Dec 2023 18:40:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9240 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 11:16:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Dec 2024 11:16:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7438 0
0 51ms
50ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=253180864439339&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9240 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fRtwZg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 18:40:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95D1 0
24 B 50ms
50ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6482091276596&version=m202309260101&ct=76&x=1&cor=8967707601658678000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame E2DF 16 B
209 B 99ms
99ms Fetch
application/json 35.177.175.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.175.102 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-175-102.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 19 Dec 2023 18:40:45 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 123ms
35ms Preflight 35.177.175.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.175.102 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-175-102.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 19 Dec 2023 18:40:45 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 54ms
54ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=253180864439339&bg=!h4SlhMvNAAY3kmNgF5I7ADQBe5WfOMJD9siafbOOR_5GaNxYWubfv2k4A8EmqVSyN3uCL-V5HDEl_0RJjSle5Iy_Y9OXAgAAADJSAAAAAmgBB5kC_x9O0IH__txrsP4nKfMpPduljgAi2tU12QgALsQxa-r5htF3eKaVTGp01VHUX-aJzUxPY8ubeKdAWModafsQWDg_LJSeQcIal1LVTwHSRRNtB5P0CtQAB2S_xGdpF_vB8DecUcsnn1oBG002KwsDXxvdYjLVzKd7h4w0sk_RxTljUuRqYtZtQ4MmMBejE0RP-7XrXVJ7K8giegY5vETHp-1BTCew8KIdA6RenQ4WuGqfXTgJqP8-8dq3pgTXXKy42w6ezfCvYTqzoma3RhwfK_r55ZQgWftzBRYpWJEmeNSKIy2o1km-rRoNevHz1eqocHREMfinFi0DOw5nsDyNZBjc0sbAZ-oVktmt1IrguJu_2dSJF8PJdmXDtRRfHkUcXPcWlli-Qh-9Clxz5d-B0l5OuezEMhM2l6Evi_9SYUR9ydGVMFpcxn6qLLaYkIWidf22_WgHB2wHGPVQLz-dk7rayx4gUV-ZIxyEnNuQ65pE-QmF5CimDOnaGy_B7pYWuKjSnVyO1U6QoHBlZX76y38PLc4crFU6K8_yHXgkNr9KlikT-CW14_M1_T2PGff49to5NRlb8ENdOchh1qa4pNlvskDvw0COeK003TtchaI4dej8aq0cVlkosBemxPuxH3y8WWSZRv5VXI4_fXsgrxUdSxEn6ciRFZLz9ClzkoZ1uopzpSlXiPkgTNvrljfXz-Lpk0jitohNH-vptTrT07f5zAOv6mTdJWnNmnVczDYAGtGLFCDodMXf4FY6w5cGLF2f6WmgqDxU9_LdCVhAVtwGfKNkhZnw8JCcKkHc0PxIQ9JLSWZpapTD01WYqfyAdipNcRJh3kSPUE0iRiHCedGfMj-cKJ0iSHN-wM16TnVbnLaG0HmkkATcZPiMNqImAICxCrrGqrjjac4tXvqtEC7BD16v0TUePhZ99Ik6KpgongG0XumzkNbQHgi5KlxZUenG-aB0m4otNL5iaSta3bJuOXo9bMVPOrvCzeH-NSQ4zVKjV-ukRrD6pFAXXoOi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://steamru.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DF 0
24 B 50ms
50ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1434935915348&version=m202309260101&ct=77&x=1&cor=6011468200112204000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 112ms
111ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gQO,pingTime:1,time:2502,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:161%7D,%7Bpiv:100,vs:i,r:,t:1501%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1501,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1353~0,0~100%5D,as:%5B1353~728.90%5D%7D%7D,%7Bsl:i,t:1501,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:161,sis:254%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:46 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 95D1 43 B
215 B 113ms
113ms Image
image/gif 2600:1f18:1aca:4281:55e6:37cb:1c:63b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1883736&asId=80871d69-5dc9-951e-d002-b032d711ebcb&tv=%7Bc:xh0gQO,pingTime:1,time:2502,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:161%7D,%7Bpiv:100,vs:i,r:,t:1501%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1501,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:160,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1353~0,0~100%5D,as:%5B1353~728.90%5D%7D%7D,%7Bsl:i,t:1501,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tYUBCFm+11%7C12%7C1311%7C1312%7C1313%7C1314%7C14%7C1511%7C1611%7C1612%7C171*.1883736-77184607%7C1711%7C1712%7C1713,idMap:171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:161,sis:254%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:55e6:37cb:1c:63b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Dec 2023 18:40:46 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
steamru.org/	1970-01-21 02:29:26	Name: _pk_id.steamru.org.f8d7 Value: 054610f884ba66fd.1703011242.
steamru.org/	1970-01-20 17:03:33	Name: _pk_ses.steamru.org.f8d7 Value: 1
.steamru.org/	1970-01-21 02:25:07	Name: __gads Value: ID=8fd52aa97bff9bc9:T=1703011242:RT=1703011242:S=ALNI_MYbdeCUVa4rRLqO5WZq3-Ux4GQSwQ
.steamru.org/	1970-01-21 02:25:07	Name: __gpi Value: UID=00000d21c353acb6:T=1703011242:RT=1703011242:S=ALNI_Mbc9eUEQ0eZqghj2lyFWeS3Lj9n8g
.doubleclick.net/	1970-01-20 21:22:43	Name: APC Value: AfxxVi7YN_3Hh9b93CzWApyvu-Z-5-gR0UckDXUqN5DRMSUi7JAU9A
.casalemedia.com/	1970-01-20 19:13:07	Name: CMPS Value: 1220
.adnxs.com/	1970-01-20 19:13:07	Name: uuid2 Value: 6335368489310944562
.doubleclick.net/	1970-01-20 17:03:34	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-21 01:49:07	Name: CMID Value: ZYHjq9VmpFjtMvetL-ambQAA
.casalemedia.com/	1970-01-20 19:13:07	Name: CMPRO Value: 3163
.ctnsnet.com/	1970-01-21 01:49:07	Name: cid_b8530e0eb08b439ca7f826bd8fe36493 Value: 1
.ctnsnet.com/	1970-01-21 01:49:07	Name: gid_CAESEOo7blxSjoJvJgSE4klLKoE Value: 1
.travelaudience.com/	1970-01-21 02:35:12	Name: _tracker Value: %7B%22UUID%22%3A%22964C82B3-58D1-401E-2A11-89E85284133C%22%7D
.w55c.net/	1970-01-21 02:35:12	Name: wfivefivec Value: 4smOXfC21RfF1h5
.w55c.net/	1970-01-20 17:46:43	Name: matchgoogle Value: 5
.doubleclick.net/	1970-01-21 02:25:07	Name: IDE Value: AHWqTUni71mL2t-JZK5PB_hILIJcEHpSZXtoJ--rc2X6QwvQee0-Yca2oBhs-rtJirk
.innovid.com/	1970-01-20 19:13:07	Name: uuid Value: b182cd13-aab9-47d2-856c-39f35538e93a-20231219 13:40:43
.turn.com/	1970-01-20 21:22:43	Name: uid Value: 2828991918106776210
.bluekai.com/	1970-01-20 21:22:43	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 21:22:43	Name: bkpa Value: KJyN0AWvQY9xxBcENBqJSuj5uJLrWiD6AY/k7EXhVdfcPf5Ag0y0XUhvAm0QET4WfwpMRI8yAjYSgnvUjL/OneUq3CPCibw8XS33QjAZe5QT4S2O+Q9WntndJmL=
.bluekai.com/	1970-01-20 21:22:43	Name: bku Value: ts6O9vFMQVPRJg/N
.adnxs.com/	1970-01-20 19:13:07	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?'^U#kk!1yIE`fS1ueD1W-044)d+]Ue)D%hEx(l)n=T?nGC#FCC)Wrj2%WpuvamD!P(hw9P-HC_#tt8j)`hxb
.doubleclick.net/	1970-01-20 17:46:43	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 19:13:07	Name: 8lcfmzhxc8d6_uid Value: c63f2aeae1ddc157
.quantserve.com/	1970-01-20 19:13:07	Name: d Value: EGsBCQHZKoEA
.quantserve.com/	1970-01-21 02:33:45	Name: mc Value: 6581e3ac-733e8-447af-1a468
.awin1.com/	1970-01-20 17:13:36	Name: awpv11601 Value: 113440\|1703011244\|1e431c00-9e9e-11ee-bd07-2236e1f32b64
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.yahoo.com/	1970-01-21 01:49:28	Name: A3 Value: d=AQABBKzjgWUCELoG7PgAB_lYoZfMFHEgHXIFEgEBAQE1g2WLZQAAAAAA_eMAAA&S=AQAAAlSXglxNZs9IytvsAipO2Po
.office-partner.de/	1970-01-21 02:39:31	Name: source Value: {"webgains_webgains":{"timestamp":1703011244643,"clickCookie":false}}

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmTmagh6J9LWguA5jJLE9DnTr7L20EokyUUh93DDhRiOGB_cT6lMskI7rcmbWSq9GcT09e5ykIRAWlJZTI7iGMyhiW7Vb6r4fT9CUK-1PVcLYFtPKYeJxd7MfkOO9MWuD5aBNPU29NFGOslyhweXuc0bdw&google_gid=CAESECyUYKOv7BpB2io1v-Bv5mU&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
ad.turn.com
ads.travelaudience.com
adservice.google.com
adv.office-partner.de
ag.innovid.com
analytics.webgains.io
api.webgains.io
cdn.track.production.webgains.team
cm.g.doubleclick.net
cms.quantserve.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900019.redintelligence.net
ib.adnxs.com
id.rlcdn.com
match.adsrvr.org
medialead.de
odr.mookie1.com
pagead2.googlesyndication.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
r.turn.com
s0.2mdn.net
static.adsafeprotected.com
steamru.org
sync.teads.tv
tags.bluekai.com
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
138.201.135.164
142.250.185.230
142.250.186.98
172.217.16.194
172.64.151.101
178.250.1.9
18.239.50.47
185.197.162.100
2.19.217.101
2001:678:cb4:bbbb::11
216.58.206.38
2600:1f18:1aca:4281:55e6:37cb:1c:63b
2600:9000:20ab:a000:8:48e:53c0:93a1
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:808::2002
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a05:d018:d29:3602:f518:22e7:3421:18e4
2a05:d01c:1d8:8102:4dc8:bb9c:b52c:3b27
2a0b:4d07:101::1
3.33.220.150
3.73.141.43
3.9.151.155
34.160.236.64
35.177.175.102
35.186.193.173
35.190.0.66
35.244.174.68
37.252.171.85
52.222.139.62
52.28.254.225
52.51.211.154
72.246.169.24
78.46.90.238
91.121.248.44
92.123.148.9
94.23.99.218
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1151ef049d22f85e76d0cd7c6e431c60811fcb5935937e899d98af508328baab
1170e5ad25efe380f59e1be8fdba17edf8fd30a7ef495bfb3c258f5bce2eec29
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c45dbdb7b09412d6e8d0a108245bf284d53a80fe178119869ca65654c0621a1
1cb350d6dd6653c198f6581aefc9516966c9f707d546670d5b2e50cc890e5d54
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2decfcea631dc6e5a39e44aa0bf4be206b10870490d78d75996c896b5a6825df
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30a5987b28c34e8fe4284127926b76d141391a136d056c4fc1044f7f6ff474b0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31739169a388c5d4ccfbd1c40795e28ab33be327834119aa6df3ea17d0e65726
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32db0f4150f47fb422e10e2e67fc0d546864ec13d6c85c937ed36487ae0e3714
346a1a70d74349065e3f362c0ec44f02f1b2d9aa10d10d3e175e094f08755423
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3aa12d2d3f125294a2bb3ef90ef5cc4d99e2e26f2b05f1fd44eba25fe1674823
3af60e02cb6bc35aa2819df692eba285304603fb49d8c7bc3e683e4c0f2887be
3de6dfcaee1602f519b15567d870fe6fcbe7851dc56d032f1fb9edd5ad6ffdf4
41448ce4891ad73962363ab2f22c05a38d45c057a987752611ae74cbb29b49e6
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44f543a029c115c6c19444fa15ea8e8aebb62f9bb6005efc874a098bd4059b26
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bc3445fadd67604273cc7409380f0b1ea5e99e39702dd6dee254762c8029bce
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50131e2329ad12ad6cbe6a59cd187db8a1a22c863c7c49194871f36f5042d4d7
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
59385ae49bf5fa9dc2f4f9d8eadd4586a0b5573cde21be5e289b6a8a0ee6d400
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d621f523e84eb7af66e3daba984f5ee4ab9257e301462577c3c66582c880ab0
5fadc2074fdbb60d7f34bd18f346391f6c8c44f65e3e80f1b21599add4a84f01
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61eb4bd63b7ad05757982fcfd7badeeb3d592fa56e6999698e9f65b7ffeadf38
658763708a45d3b028477e7bde12bf3da7292317c8f82c01131600f89052ef53
6b0051875d649286101f19e6ce9a14451c0c32638fc91cbe486e5db4dcbb3433
70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
758f0a4b9eb624c2ac73a52c800c14c810ff1e09e55c7d1df6436ad0daaa5bb4
79630aa66a2fd742af143103e8114c9ea35d4308fd3523bd101a89d8b908923a
7982f4bc1307135b4a87aaa36ba836190a4151b63edd2b0f37dd5d0fd186af84
79eb9aa81342de861c60c2291038145b512af578277af96719356c0a37421560
7b0254fd8f86e2ca0c495ad707da3cf3003df8bd6be01c70a5afbc68f8234b80
7c3e404f048288e67b6048f88e121f4c5f3927377058000a01e057b1ff218839
7cc2754efacf022e129de434cd25c825599899c59e1b2052144716a31024f471
7f4972b6f7feb7a2dd6f98c8ea06df115dc3c07dca4efe0c0114ac85ddac47d4
80a466c320c6c23384298a00c8a1192195225a11d1bce68328cf37a6bce29aa9
8acc1f1025dcaf26f8f860f726b3a05a701b77eb685301d4f25bc8339bbf891f
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8effa871c30e0e24ade33e86cd40ed4d882c9921e5a38b9cab783a18b4016e4c
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a886adbe15add3ec3eb5ed564419a60981a0a2bb266efc369417df69c1f1064
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9f6da76f7355217338d6173d26bd70de36f7fac41a12ba80a0dd3dca548c5a84
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a10af1bd891b0ab4eaa5848148ab99a21df817f41a084354b3d35cd3a1bcd4f6
a26a662e83a08427634f1b7b5fcfb4202ec35328a64010a1736f2906ebf3212e
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
aa6670cd216514598e9395fb4bcaeecbd3d8bdd4bb541cc63ac995cf0308585e
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
adedb0ddeea373f5ebb7de38dfb42ab3f0b5b2c68bbccd776769f155662b0249
ae3a0957fc5669d282e41e4d6107d528898f07b480ec550cb34ba6797a384b8d
aefdb07258782fc3aa84dc518ab2052e5b1dad3405867fb1f9d65f816b03c12a
af0ba8db1d78be9a5ad19943e9bb23445c3d31568b61369c6235a8bf8bdfed07
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c82318a8caff5ec91652b4e667837c6568ebc4a1b942e72a13c2cf11520fad
bd5d40a6dd62ae4af790ddfb17399959bc5a15c8764b5baa47ce67ade1fd451f
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be4d053e45e01dd979efed6ec7650927c1d64658a04123c6068175b252582744
be5de26b4c662c492dc47273afe90d3c778ec25998dd2a3a6f7f291c26ca5803
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c0bdc4694a5f3bdd17a15d5dfc5375fe32ca435f5d81cff6c3bda066e18ebb2f
c16d54750f85b108bf37c9b64ccd50572a56d7f4ffe9a99726310bf35a01b8fb
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c4de58596eec1645fced96cf77a57c185be9c59c223147140c93e2fccc2f9399
c608841bb8b3d8814e6de0b9b81c43b4fb546baa194369eef7fc595086b95f6b
c821ac5b54d6356aa81644902d5fad10603c9a415679c081d7760dde7f7bdbd4
c8e48ea465007a8f3473fecfbcfe2e31e0d807e98f8ab65f8b0e655779ae2b72
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cce64d56944daf71abe3e91a6df9f101e5aeb9efdfa2621dd8c2ff1ab9bd6e6b
d473d1cb26421c33200e6a1e036a17e738f4ca3dce4f404b708e9f8ab4f75c82
d72e8e66b05aaf3ad84c31efbb877b4fc6bebbbff50ae028f4651ed9a1b542d1
d95ffdcf010d6749281f6cd27c3a5f9c856d4b5590cee285f4b4fdbebce22b4c
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
e2b80247038739299b71545084dc4ebff2edd21e6f1ffafe013376bb2e92c4be
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e304541bc04e03da5e270d7fe13246d90af8dc8c49df12709abca5a3f4094c8d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f028466362f275b6e8fb4becd087987ee2927f8cea331f460b989b3ad1066563
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

steamru.org Open in urlscan Pro 185.197.162.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

194 Requests

89 %HTTPS

40 %IPv6

33 Domains

46 Subdomains

41 IPs

8 Countries

3702 kBTransfer

6811 kBSize

30 Cookies

0 Outgoing links

Page URL History

Redirected requests

194 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

steamru.org Open in urlscan Pro
185.197.162.100 Public Scan

Screenshot
Live screenshot

Full Image

194
Requests

89 %
HTTPS

40 %
IPv6

33
Domains

46
Subdomains

41
IPs

8
Countries

3702 kB
Transfer

6811 kB
Size

30
Cookies

194 HTTP transactions
4 data transactions