steamfriends.info Open in urlscan Pro
163.172.46.245 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://steamfriends.info/
Submission Tags: falconsandbox
Submission: On May 13 via api (May 13th 2021, 5:35:40 pm UTC) from US

Summary HTTP 74 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 19 domains to perform 74 HTTP transactions. The main IP is 163.172.46.245, located in France and belongs to Online SAS, FR. The main domain is steamfriends.info.
TLS certificate: Issued by R3 on March 29th 2021. Valid for: 3 months.

This is the only time steamfriends.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	163.172.46.245 163.172.46.245	12876 (Online SAS) (Online SAS)
18	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
15	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 1	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
5	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	188.138.33.34 188.138.33.34	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
74	19

12 163.172.46.245 (France)

ASN12876 (Online SAS, FR)
PTR: 163-172-46-245.rev.poneytelecom.eu

steamfriends.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.133.58 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.145 (Lingenfeld, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal900013.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.199.35 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.138.33.34 (Strasbourg, France)

ASN8972 (GD-EMEA-DC-SXB1, DE)
PTR: loft9037.serverprofi24.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	323 KB
13	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	50 KB
12	steamfriends.info steamfriends.info	94 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal900013.redintelligence.net	10 KB
4	mathtag.com tags.mathtag.com pixel.mathtag.com	3 KB
3	googletagservices.com www.googletagservices.com	98 KB
3	google.com 1 redirects adservice.google.com www.google.com	790 B
2	contentspread.net cdn.contentspread.net	27 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	756 B
2	awin1.com 1 redirects www.awin1.com	1 KB
2	gstatic.com fonts.gstatic.com	29 KB
2	google.de adservice.google.de	921 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	mookie1.com odr.mookie1.com	324 B
1	everesttech.net 1 redirects pixel.everesttech.net	375 B
1	quantserve.com cms.quantserve.com	464 B
1	googleapis.com fonts.googleapis.com	727 B
1	googleadservices.com partner.googleadservices.com	645 B
74	19

	Domain	Requested by
15	tpc.googlesyndication.com	googleads.g.doubleclick.net steamfriends.info tpc.googlesyndication.com pagead2.googlesyndication.com
12	steamfriends.info	steamfriends.info
9	pagead2.googlesyndication.com	steamfriends.info pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com steamfriends.info googleads.g.doubleclick.net
5	cm.g.doubleclick.net	googleads.g.doubleclick.net
4	hal900013.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900013.redintelligence.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	cdn.contentspread.net	hal900013.redintelligence.net
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.awin1.com	1 redirects googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	steamfriends.info
1	www.google.com	1 redirects
1	fonts.googleapis.com	tpc.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
74	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
steamcommunity.com
twitter.com

Subject Issuer	Validity	Valid
rysanlos.me R3	`2021-03-29` - `2021-06-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
cdn.contentspread.net Go Daddy Secure Certificate Authority - G2	`2020-07-08` - `2021-07-08`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://steamfriends.info/
Frame ID: 96AD7CD50174DB86EE5A6844D9F7ED9E
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/zrt_lookup.html
Frame ID: 9085EA64CE21F7059CC39F2A1ADA5F5E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99
Frame ID: 4A3CC9089D0401C08F5873FB857F7101
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&adk=1812271804&adf=3025194257&lmt=1620927312&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsteamfriends.info%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312789&bpp=1&bdt=339&idt=103&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280&nras=1&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=107
Frame ID: AB245156B9BAC5EAB6E846936E860FD6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
Frame ID: C2E2AD66BB873D44F6D1DC0DCC19DDD4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CUzAJUWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBMwBT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2M4HmDeBZZxtW9NH6bB5QqoaqlgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi05MTg1MzQ5OTIyODg5MTA1&sigh=WkTE_-vk26Y&tpd=AGWhJmvg97yAQ5x9x4iblYLRIuOImCxDSk5LH3F5mEbXgcXyGaYW78RPZSXynX1VbrRKb5zcHLkLop4_EcSyq8fn2fmPDBQu4I9Jpvc0TMeVV7ut3ZMJf29brU10_vpUoWm9wek8_uK-tRaDh8zsub6DU7eH4cHg0TOEwTRiPlnU3XNKkxHUwIjewT19kbRcGDtmNs55TbsOcdaDiS78UHJabmeEBfea1UDyctbmxhr_AKJTaUOBp7duXPnpGz_m6cEY1wTH_Q3MtgDDJU5dZdlzQdZPEEHYm545DDAFYG67sMg7Gz-GpwAvLCCPj4CBwaaeSIEpoxok7D1BeLwBg_d58lRK6RMknnej3oW03teKVig_MdAUaN31HjFXnfpZkRP3ClcKUdQqgMhuMVS5Vtx-0l1QTRkJmVLtfDIVjJirJ_FIOltiK1e0vGZruunQ8NQtSFhPUCFrCTll8xQjh8eq0gMB4ArfOUEc5bMcasTsmPtld_9UmAVi0N-wMwXm7q23P-ZL59njmoc-Un6toBwsHjjUCKvPB9ABgriSDZHWF4LzdVa4otcphi3tPDA9HILIqi8CKDyBRdotT38eFAtCw52sJZhU8jrrugaz66KyEWMCNBLZDsJdINF2XMtN6F5i2x1dxk095P0hNx5LgNtRCnW7q-wknxiTr65h3sYgSKIV3oybbOcmxiZSGR8UAINiIaxXp3wvpu0I83uHQ1ajxHsA-logtmzex6Dj7tm0IpJ7QSh0h7ngOQZpHeUW7zBBJAZjyIr06UkrafkHayVpOFjymRlgpw4IFyao2z-pDzmcnzdOaZXHQyJYEDgHuD6y6dkidIPqUqL12CwH2ci017uTDI4P9ZkYjRHM08udgGZ_Z3q0Wx6L4s_JP1QKeN2Uq93c24QWjouVgUW7YM3NGze9qu_Myjh1XjzTEhgBHYKZPpu1dg3WliTKCztH6hByanAnXcDBclDMLPADru--W7Gq194wA0tOEiIPwbDXovLnaNGX9v7fz9nBaHNfJvH4S_njczCnmPosM-UN2TSX2NBPCoasWxM
Frame ID: B74E39A6F22D31C3D0BDF562739D3B52
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html
Frame ID: 8F84D741731AD1E239130AF9523A2AD9
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C_ddpUGOdYMaZN5bJ7_UPgJujgAif--31YcPd2dOuDb6l2raeDhABIMKZyiFglQKgAbmTg4IDyAEJqQL0Ac0fQky0PqgDAcgDSKoE3AFP0JtcDSVlgxxXzQSfqD6XNGzHo0nnwn0KJZIEBteDW2UrWCjzAVizm6Do9nsr7vfPVxbbuQVhh9DLy1JFJjEuw9U5gcTCuftd94G-dmymbCVIHB99k2S6zGcnEOZ8H6NJc2L-TqFcEZfSSwdSK-cHB1TRXCLwm-1TXisRdS0zg7OlE24oqXJb-gPdpIjmdrq2FuISTgwTl-MQJ5Ar3GgAA7uVWQZCAlXMypRRj5khoMDTb0XYzZw2KfLiOnoET-l9HxQpfk8FrayS4yLuVwpajk520Gje_oFsa_cGwAT22_GQuQOSBQQIBBgBkgUECAUYBKAGLoAHr-z8fagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCHpBPSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTE4NTM0OTkyMjg4OTEwNQ&sigh=xbrJAEabAUM&template_id=419
Frame ID: 646FA84F3BDB135FF9A4E95C19E0A888
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 1279C4D8368A8B50BF37193958E32824
Requests: 2 HTTP requests in this frame

Frame: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
Frame ID: 5368477B26A43B05D9FAD21A1E291E49
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3E99D67DFA737D891412DE65DEB49390
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 1BC3D652FC8E9EF7C536D5ECB924EA84
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

74
Requests

99 %
HTTPS

39 %
IPv6

19
Domains

24
Subdomains

19
IPs

5
Countries

636 kB
Transfer

1530 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A//steamfriends.info
Title: Facebook

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/groups/steamfriendsinfo
Title: Steam

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?hashtags=steam&related=trysteamfriends&text=Track%20your%20%23steamfriends%20and%20check%20who%20is%20added,%20deleted%20or%20renamed%20from%20your%20friend%20list.&tw_p=tweetbutton&url=https%3A%2F%2Fsteamfriends.info
Title: Twitter

Search URL Search Domain Scan URL

URL: http://steamcommunity.com/groups/steamfriendsinfo
Title: Steam Group

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 53

https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9185349922889105%26output%3Dhtml%26h%3D90%26adk%3D2743202993%26adf%3D54630664%26pi%3Dt.aa~a.984203930~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1620927313%26rafmt%3D1%26to%3Dqs%26pwprc%3D3312296569%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamfriends.info%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1620927312998%26bpp%3D1%26bdt%3D547%26idt%3D1%26shv%3Dr20210510%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1110x280%252C0x0%26nras%3D2%26correlator%3D4835669536548%26frm%3D20%26pv%3D1%26ga_vid%3D185982504.1620927313%26ga_sid%3D1620927313%26ga_hid%3D698119210%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D200%26ady%3D1240%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26oid%3D3%26pvsid%3D2301042039913280%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3D9NeZEJccbK%26p%3Dhttps%253A%2F%2Fsteamfriends.info%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamfriends.info&random=6596079676727&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9185349922889105%26output%3Dhtml%26h%3D90%26adk%3D2743202993%26adf%3D54630664%26pi%3Dt.aa~a.984203930~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1620927313%26rafmt%3D1%26to%3Dqs%26pwprc%3D3312296569%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamfriends.info%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1620927312998%26bpp%3D1%26bdt%3D547%26idt%3D1%26shv%3Dr20210510%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1110x280%252C0x0%26nras%3D2%26correlator%3D4835669536548%26frm%3D20%26pv%3D1%26ga_vid%3D185982504.1620927313%26ga_sid%3D1620927313%26ga_hid%3D698119210%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D200%26ady%3D1240%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26oid%3D3%26pvsid%3D2301042039913280%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3D9NeZEJccbK%26p%3Dhttps%253A%2F%2Fsteamfriends.info%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamfriends.info&random=6596079676727&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 59

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-k0VSZrtJYbT0j6cola-iHfQedCViS5pXBtyOj4fQyCnD1icnk2jpLsrs&google_gid=CAESEOlcV0f6E1qfN61vqsYwA80&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUoxalVnQUFCVFRjMUhOaA&google_push=AQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-k0VSZrtJYbT0j6cola-iHfQedCViS5pXBtyOj4fQyCnD1icnk2jpLsrs

Request Chain 61

https://rtb.openx.net/sync/dds?google_gid=CAESEG-89GXGf58hyzIkl7o5rvA&google_cver=1&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEG-89GXGf58hyzIkl7o5rvA&google_cver=1&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&google_hm=HszKn1mdxf8rGOX4c-bNeA==

Request Chain 62

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL66bwCeGHIMZG-mGdyAeIs&google_cver=1&google_push=AQvitUJFjA_Z2f0IzsjbMYkmEwYlltlRN3rjUySTFH3yo-Xl3ioRiGkaqRvf-df95xquj77O3RtiDKcmAm__YMtnQWtD_w5YUiQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL66bwCeGHIMZG-mGdyAeIs&google_cver=1&google_push=AQvitUJFjA_Z2f0IzsjbMYkmEwYlltlRN3rjUySTFH3yo-Xl3ioRiGkaqRvf-df95xquj77O3RtiDKcmAm__YMtnQWtD_w5YUiQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=X8mj3C3tTw2EvoGzrUQ0zA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJFjA_Z2f0IzsjbMYkmEwYlltlRN3rjUySTFH3yo-Xl3ioRiGkaqRvf-df95xquj77O3RtiDKcmAm__YMtnQWtD_w5YUiQ

Request Chain 63

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFygKmbSol1uHlJ3swi7p3U&google_cver=1&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA6F6rSLApeIOgywtZ6SrApA1gM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ONjlTRUUtMVUtTTlITw==&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA6F6rSLApeIOgywtZ6SrApA1gM

Request Chain 64

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I

Request Chain 66

https://www.awin1.com/cshow.php?s=2846686&v=14098&q=409715&r=296283&pref1=52886700177894902179195011593013&pv=0 HTTP 302
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_728x90px.gif

74 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
steamfriends.info/ 6 KB
3 KB 247ms
57ms Document
text/html 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: d3e00ac160527fc880c6f79b6d79a864d13ded2823acefeb31fbfaa05383b1bb

Request headers

Host: steamfriends.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2212
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bootstrap.slim.min.css
steamfriends.info/css/ 108 KB
16 KB 238ms
60ms Stylesheet
text/css 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/css/bootstrap.slim.min.css?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: ee63b6f91b47dde98d3aa5940dd18e541a6a8aed068bb8ddd33e171bead47157

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:26 GMT
Server: Apache
ETag: "1b0c6-564ca048bde80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 16314

GET
H/1.1 200
OK glyphicons.min.css
steamfriends.info/css/ 12 KB
3 KB 237ms
55ms Stylesheet
text/css 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/css/glyphicons.min.css?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: b6ae7ed2fcff005ffbdafc2fcb2ea153662bb01dc6931b2a456b80e79977b614

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:26 GMT
Server: Apache
ETag: "2f0d-564ca048bde80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 2354

GET
H/1.1 200
OK main.css
steamfriends.info/css/ 5 KB
2 KB 240ms
59ms Stylesheet
text/css 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/css/main.css?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 6ec41e866f92a33f89b9917411d7c41bc437c3fd61a8bec50010c7e13d56696d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:26 GMT
Server: Apache
ETag: "12d7-564ca048bde80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 1529

GET
H/1.1 200
OK cookieconsent.min.css
steamfriends.info/css/ 4 KB
1 KB 247ms
63ms Stylesheet
text/css 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/css/cookieconsent.min.css
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 6b8dd2d9ab57a3d53dece32023f3403cb97f93d7c4182c0e57a4e2ef0e6a97de

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Sun, 25 Mar 2018 19:56:36 GMT
Server: Apache
ETag: "f75-568420e15475e-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 1198

GET
H/1.1 200
OK cookieconsent.min.js Show response
steamfriends.info/js/ 19 KB
7 KB 248ms
60ms Script
application/javascript 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/js/cookieconsent.min.js
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Sun, 25 Mar 2018 19:57:54 GMT
Server: Apache
ETag: "4d5b-5684212ad9f6d-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 6514

GET
H/1.1 200
OK sits.png
steamfriends.info/img/ 455 B
687 B 257ms
81ms Image
image/png 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://steamfriends.info/img/sits.png
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: c733baee4cf123134f5f17a5be72fc127af77edf75f2b1df9900eb71797de889

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Last-Modified: Fri, 09 Feb 2018 16:28:26 GMT
Server: Apache
ETag: "1c7-564ca048bde80"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 455

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
49 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

609a19b322b83fb63bc14f80f90a9bf8fe5f0f8197f06400a4c9e191496700d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49934
x-xss-protection: 0
server: cafe
etag: 11525281512292455215
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 13 May 2021 17:35:12 GMT

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
steamfriends.info/js/ 85 KB
30 KB 262ms
69ms Script
application/javascript 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/js/jquery-3.2.1.min.js?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:24 GMT
Server: Apache
ETag: "15287-564ca046d5a00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 30147

GET
H/1.1 200
OK popper.min.js Show response
steamfriends.info/js/ 19 KB
7 KB 255ms
110ms Script
application/javascript 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/js/popper.min.js?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 0883ffacfd4c998ca72bcaac0bfa192ea0c9cd0db257c03a3ef83d5df5fe8a7c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:24 GMT
Server: Apache
ETag: "4a5e-564ca046d5a00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 6859

GET
H/1.1 200
OK bootstrap.slim.min.js Show response
steamfriends.info/js/ 14 KB
5 KB 252ms
106ms Script
application/javascript 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/js/bootstrap.slim.min.js?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 09488d4c38630134321f03e2cb11a3c1f29d43c38f186d786b1910a1d3fb3853

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:24 GMT
Server: Apache
ETag: "3894-564ca046d5a00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 4623

GET
H/1.1 200
OK main.js Show response
steamfriends.info/js/ 542 B
626 B 256ms
90ms Script
application/javascript 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://steamfriends.info/js/main.js?v7374c768af9d
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 2d2bdce1975ec8d532d7fd86c172fc46452094ae6267d3f2fd41b623711271ec

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://steamfriends.info/
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Feb 2018 16:28:24 GMT
Server: Apache
ETag: "21e-564ca046d5a00-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 329

GET
H/1.1 200
OK sf.jpg
steamfriends.info/img/ 20 KB
20 KB 278ms
71ms Image
image/jpeg 163.172.46.245
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://steamfriends.info/img/sf.jpg
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/css/main.css?v7374c768af9d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.172.46.245 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-46-245.rev.poneytelecom.eu
Software: Apache /
Resource Hash: 7c8f615238d0812c8d8735e3a972c54930067aa61d3f96e73e06291b50d8bccc

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: steamfriends.info
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://steamfriends.info/css/main.css?v7374c768af9d
Cookie: PHPSESSID=cp2u9bkc7ivs7u0nkn4h1nbto5
Connection: keep-alive
Referer: https://steamfriends.info/css/main.css?v7374c768af9d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:12 GMT
Last-Modified: Fri, 09 Feb 2018 16:28:26 GMT
Server: Apache
ETag: "50b9-564ca048bde80"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 20665

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/ Frame 9085 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210510/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://steamfriends.info/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://steamfriends.info/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 12 May 2021 18:01:56 GMT
expires: Wed, 26 May 2021 18:01:56 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 84796
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/ 223 KB
82 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9185349922889105&plah=steamfriends.info&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6130fe8ded2255439c42cf9e805c28b1a72bfcad166d9dcd720243d33557628b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84099
x-xss-protection: 0
server: cafe
etag: 12011922212658401594
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 13 May 2021 17:35:12 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 207 B
645 B 302ms
138ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=steamfriends.info&callback=_gfp_s_&client=ca-pub-9185349922889105

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9185349922889105&plah=steamfriends.info&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

52bd0cb22cbc69bfce3416f2691fd6a9e10683ff48d562763c857703b90198cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=steamfriends.info

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 17:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 36ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=steamfriends.info

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 17:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4A3C 112 KB
36 KB 475ms
474ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94af95e1e9d942c499a501faf95e03729313dbcb02c37cbde3a412b5269f3c5c

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMaBxeWYx_ACFZbkuwgdgM0IgA&gqi=UGOdYPPeNsqI-gb4546ACA&layout=/sadbundle/%24csp%253Der3%24/71086705892980042/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://steamfriends.info/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://steamfriends.info/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMaBxeWYx_ACFZbkuwgdgM0IgA&gqi=UGOdYPPeNsqI-gb4546ACA&layout=/sadbundle/%24csp%253Der3%24/71086705892980042/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 13 May 2021 17:35:13 GMT
server: cafe
content-length: 36699
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 13-May-2021 17:50:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 17:35:13 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 38ms
16ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f874ff88caab3c7b634468acfc642a6bdca8bb2e9499e8f8271555b29e2129f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620837820103308"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27989
x-xss-protection: 0
expires: Thu, 13 May 2021 17:35:12 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsteamfriends.info%2F&tn=NAV&cls=navbar%20navbar-expand-md%20navbar-dark%20fixed-top%20bg-%20static-top&ign=false

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AB24 1 KB
437 B 72ms
71ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&adk=1812271804&adf=3025194257&lmt=1620927312&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsteamfriends.info%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312789&bpp=1&bdt=339&idt=103&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280&nras=1&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=107

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7780fffceef2acbc4ba25977cd2710c03580db5c2f685533931ef7d7e16f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9185349922889105&output=html&adk=1812271804&adf=3025194257&lmt=1620927312&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsteamfriends.info%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312789&bpp=1&bdt=339&idt=103&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280&nras=1&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=107
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://steamfriends.info/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://steamfriends.info/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 13 May 2021 17:35:12 GMT
server: cafe
content-length: 414
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 13-May-2021 17:50:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 17:35:12 GMT
cache-control: private

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=steamfriends.info

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 17:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=steamfriends.info

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 17:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C2E2 16 KB
7 KB 335ms
335ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf3416e8e60fe5e0bbc9662c89cc80d1e1c428dc670354050b6a7fab994e8405

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://steamfriends.info/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://steamfriends.info/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 13 May 2021 17:35:13 GMT
server: cafe
content-length: 7654
x-xss-protection: 0
set-cookie: IDE=AHWqTUl_jh1mr3rW-xZJdCMlXXTES007Y_80-SXmS9nRLzvaxMY2BIAu1S905aPFMD4; expires=Tue, 07-Jun-2022 17:35:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 17:35:13 GMT
cache-control: private

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame B74E 0
0 80ms
76ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUzAJUWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBMwBT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2M4HmDeBZZxtW9NH6bB5QqoaqlgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi05MTg1MzQ5OTIyODg5MTA1&sigh=WkTE_-vk26Y&tpd=AGWhJmvg97yAQ5x9x4iblYLRIuOImCxDSk5LH3F5mEbXgcXyGaYW78RPZSXynX1VbrRKb5zcHLkLop4_EcSyq8fn2fmPDBQu4I9Jpvc0TMeVV7ut3ZMJf29brU10_vpUoWm9wek8_uK-tRaDh8zsub6DU7eH4cHg0TOEwTRiPlnU3XNKkxHUwIjewT19kbRcGDtmNs55TbsOcdaDiS78UHJabmeEBfea1UDyctbmxhr_AKJTaUOBp7duXPnpGz_m6cEY1wTH_Q3MtgDDJU5dZdlzQdZPEEHYm545DDAFYG67sMg7Gz-GpwAvLCCPj4CBwaaeSIEpoxok7D1BeLwBg_d58lRK6RMknnej3oW03teKVig_MdAUaN31HjFXnfpZkRP3ClcKUdQqgMhuMVS5Vtx-0l1QTRkJmVLtfDIVjJirJ_FIOltiK1e0vGZruunQ8NQtSFhPUCFrCTll8xQjh8eq0gMB4ArfOUEc5bMcasTsmPtld_9UmAVi0N-wMwXm7q23P-ZL59njmoc-Un6toBwsHjjUCKvPB9ABgriSDZHWF4LzdVa4otcphi3tPDA9HILIqi8CKDyBRdotT38eFAtCw52sJZhU8jrrugaz66KyEWMCNBLZDsJdINF2XMtN6F5i2x1dxk095P0hNx5LgNtRCnW7q-wknxiTr65h3sYgSKIV3oybbOcmxiZSGR8UAINiIaxXp3wvpu0I83uHQ1ajxHsA-logtmzex6Dj7tm0IpJ7QSh0h7ngOQZpHeUW7zBBJAZjyIr06UkrafkHayVpOFjymRlgpw4IFyao2z-pDzmcnzdOaZXHQyJYEDgHuD6y6dkidIPqUqL12CwH2ci017uTDI4P9ZkYjRHM08udgGZ_Z3q0Wx6L4s_JP1QKeN2Uq93c24QWjouVgUW7YM3NGze9qu_Myjh1XjzTEhgBHYKZPpu1dg3WliTKCztH6hByanAnXcDBclDMLPADru--W7Gq194wA0tOEiIPwbDXovLnaNGX9v7fz9nBaHNfJvH4S_njczCnmPosM-UN2TSX2NBPCoasWxM

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 13 May 2021 17:35:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame B74E 3 KB
2 KB 270ms
103ms Script
application/x-javascript 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRsaU5UUTRNR010WlRNM1lpMHhZVFZsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTkwMzk5MTIwNjc0OTA1ODcvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmMWlXaHVuaG1EWkdVaUxibXJoalFkWS8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjY5MzE5NjkwMjg1Mzc5NjQ4NS9hbXMvMC8yNTIvODEvOTk5LzY2LzJhMDE6NGY4OjE5Mjo6LzAuMDAwLzE2MjA5MjczMTIvMTYyMDkzOTkxMi80L3B1Yi05MTg1MzQ5OTIyODg5MTA1Lw/Kqvr2ihC54DivA2QHpubzHjvSWw&nodeid=1603&group=eu&auctionid=4999039912067490587&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.232&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%26client%3Dca-pub-9185349922889105%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: e2bbd7a1f50bdb80ab234e38c4a90b1245021a0b3513ba056d5ce4ab19b9dc05

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:06 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1620927312
Last-Modified: Thu, 13 May 2021 17:35:12 GMT
Server: MMBD/3.199.0
x-mm-latency: 23 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x73, cdg-bidder-x130
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Thu, 13 May 2021 17:35:05 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame B74E 2 KB
1 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:34:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 17:34:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B74E 116 KB
35 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f711976feb745d0a181437d8d6b31bd07213c35cddb8c1e53c99aef0635d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620837837546646"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36097
x-xss-protection: 0
expires: Thu, 13 May 2021 17:35:13 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame B74E 13 KB
6 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:31:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 17:31:50 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 4A3C 67 B
196 B 19ms
9ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 01:32:03 GMT
x-content-type-options: nosniff
server: cafe
age: 57790
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Fri, 14 May 2021 01:32:03 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/ Frame 8F84 82 KB
18 KB 19ms
18ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f15d8b64e3311ec9d82b7fa696be939858b011ec9313d4ad124e64a048c1688

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/71086705892980042/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sun, 09 May 2021 06:28:38 GMT
expires: Mon, 09 May 2022 06:28:38 GMT
last-modified: Fri, 19 Mar 2021 06:51:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18780
age: 385595
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 646F 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_ddpUGOdYMaZN5bJ7_UPgJujgAif--31YcPd2dOuDb6l2raeDhABIMKZyiFglQKgAbmTg4IDyAEJqQL0Ac0fQky0PqgDAcgDSKoE3AFP0JtcDSVlgxxXzQSfqD6XNGzHo0nnwn0KJZIEBteDW2UrWCjzAVizm6Do9nsr7vfPVxbbuQVhh9DLy1JFJjEuw9U5gcTCuftd94G-dmymbCVIHB99k2S6zGcnEOZ8H6NJc2L-TqFcEZfSSwdSK-cHB1TRXCLwm-1TXisRdS0zg7OlE24oqXJb-gPdpIjmdrq2FuISTgwTl-MQJ5Ar3GgAA7uVWQZCAlXMypRRj5khoMDTb0XYzZw2KfLiOnoET-l9HxQpfk8FrayS4yLuVwpajk520Gje_oFsa_cGwAT22_GQuQOSBQQIBBgBkgUECAUYBKAGLoAHr-z8fagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCHpBPSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTE4NTM0OTkyMjg4OTEwNQ&sigh=xbrJAEabAUM&template_id=419

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 13 May 2021 17:35:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/ Frame 646F 17 KB
7 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0489619b42dc28c6d135cf946eaea95f6206229dedbad28a2636d3525fdb3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 8099588968410230469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 17:34:40 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame 646F 2 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:34:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 17:34:08 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 646F 116 KB
35 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f711976feb745d0a181437d8d6b31bd07213c35cddb8c1e53c99aef0635d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620837837546646"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36097
x-xss-protection: 0
expires: Thu, 13 May 2021 17:35:13 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame 646F 13 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:31:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 17:31:50 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1279 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl_jh1mr3rW-xZJdCMlXXTES007Y_80-SXmS9nRLzvaxMY2BIAu1S905aPFMD4; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=280&slotname=3883613473&adk=1475013227&adf=4059110530&pi=t.ma~as.3883613473&w=1110&fwrn=4&fwrnh=100&lmt=1620927312&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312784&bpp=4&bdt=333&idt=66&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4835669536548&frm=20&pv=2&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=IgIJOWbOCY&p=https%3A//steamfriends.info&dtd=99

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 13 May 2021 16:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2283
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 646F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ccf3b9fcd8ce831f993e85e6cafa8d56a4bd151572b8db341b3ec23c3164a97

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 8F84 4 KB
727 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:regular,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 May 2021 16:10:23 GMT
server: ESF
date: Thu, 13 May 2021 17:35:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 May 2021 17:35:13 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8F84 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:09:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 14 May 2021 17:09:25 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8F84 26 KB
10 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 23:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 13 May 2021 23:11:01 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1279
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl_jh1mr3rW-xZJdCMlXXTES007Y_80-SXmS9nRLzvaxMY2BIAu1S905aPFMD4; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 13 May 2021 17:35:13 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 13-May-2021 18:35:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 17:35:13 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 13 May 2021 17:35:13 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 8F84 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:regular,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 229476
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 8F84 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:regular,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 161675
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 11 May 2022 20:40:38 GMT

GET
H/1.1 200
OK kfm7pdl6j5sw Show response
hal9000.redintelligence.net/zone/ Frame B74E 11 KB
4 KB 166ms
54ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/kfm7pdl6j5sw?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=4999039912067490587&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D
Requested by: Host: steamfriends.info
URL: https://steamfriends.info/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7f2e245bec8b87ae675c6406a2e2329970934d2f8c1340ef3f2d3d0f965f2d87

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:13 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3420
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame B74E 49 B
330 B 255ms
96ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=4999039912067490587&node_id=1603&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRsaU5UUTRNR010WlRNM1lpMHhZVFZsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTkwMzk5MTIwNjc0OTA1ODcvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmMWlXaHVuaG1EWkdVaUxibXJoalFkWS8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjY5MzE5NjkwMjg1Mzc5NjQ4NS9hbXMvMC8yNTIvODEvOTk5LzY2LzJhMDE6NGY4OjE5Mjo6LzAuMDAwLzE2MjA5MjczMTIvMTYyMDkzOTkxMi80L3B1Yi05MTg1MzQ5OTIyODg5MTA1Lw/Kqvr2ihC54DivA2QHpubzHjvSWw&nodeid=1603&group=eu&auctionid=4999039912067490587&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.232&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%26client%3Dca-pub-9185349922889105%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:06 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x33, cdg-bidder-x130
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 13 May 2021 17:35:05 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame B74E 43 B
360 B 174ms
66ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=4999039912067490587&v3=863182&v4=7324419&v5=8675613&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRsaU5UUTRNR010WlRNM1lpMHhZVFZsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTkwMzk5MTIwNjc0OTA1ODcvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmMWlXaHVuaG1EWkdVaUxibXJoalFkWS8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjY5MzE5NjkwMjg1Mzc5NjQ4NS9hbXMvMC8yNTIvODEvOTk5LzY2LzJhMDE6NGY4OjE5Mjo6LzAuMDAwLzE2MjA5MjczMTIvMTYyMDkzOTkxMi80L3B1Yi05MTg1MzQ5OTIyODg5MTA1Lw/Kqvr2ihC54DivA2QHpubzHjvSWw&nodeid=1603&group=eu&auctionid=4999039912067490587&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.232&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%26client%3Dca-pub-9185349922889105%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3709 11aaa92 master cdg-pixel-x13 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:13 GMT
Server: MT3 3709 11aaa92 master cdg-pixel-x13
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 13 May 2021 17:36:44 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame B74E 49 B
330 B 261ms
98ms Image
image/gif 185.29.133.58
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=4999039912067490587&st=7324419&time=1620927313&nodeid=1603
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWVRsaU5UUTRNR010WlRNM1lpMHhZVFZsTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTkwMzk5MTIwNjc0OTA1ODcvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmMWlXaHVuaG1EWkdVaUxibXJoalFkWS8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMjY5MzE5NjkwMjg1Mzc5NjQ4NS9hbXMvMC8yNTIvODEvOTk5LzY2LzJhMDE6NGY4OjE5Mjo6LzAuMDAwLzE2MjA5MjczMTIvMTYyMDkzOTkxMi80L3B1Yi05MTg1MzQ5OTIyODg5MTA1Lw/Kqvr2ihC54DivA2QHpubzHjvSWw&nodeid=1603&group=eu&auctionid=4999039912067490587&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.232&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%26client%3Dca-pub-9185349922889105%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.133.58 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.199.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:06 GMT
Server: MMBD/3.199.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x75, cdg-bidder-x130
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 13 May 2021 17:35:05 GMT

GET
H3-29 200 TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F84 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cc9b955df15cad8db09c988709ba675a33e27b1b2f533761d7e390f9144305c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 16:23:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 4314
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5679
x-xss-protection: 0
expires: Fri, 13 May 2022 16:23:19 GMT

GET
H3-29 200 Logo_liNear.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/ Frame 8F84 3 KB
1 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/Logo_liNear.svg

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07dd0a12cbe92eee2c08c36cafc2b9f028e8a3b48556afe516138067b1b2e268

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 148819
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1263
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 06:51:40 GMT
server: sffe
date: Wed, 12 May 2021 00:14:54 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 May 2022 00:14:54 GMT

GET
H3-29 200 Stoerer_1.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/ Frame 8F84 2 KB
1 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/Stoerer_1.svg

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e693bbbe20a2803b7355b830edff7ed9efd0272dd87c649b6f2e8b352379c324

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 219822
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1157
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 06:51:40 GMT
server: sffe
date: Tue, 11 May 2021 04:31:31 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 May 2022 04:31:31 GMT

GET
H3-29 200 Softwarebox_Desktop_klein.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/ Frame 8F84 52 KB
52 KB 11ms
10ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/Softwarebox_Desktop_klein.png

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68060b657cd4add338fb142c80b748092e2059bf6f56209d71b32c4d26372aa8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 473814
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53304
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 06:51:40 GMT
server: sffe
date: Sat, 08 May 2021 05:58:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 May 2022 05:58:19 GMT

GET
H3-29 200 Background.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/ Frame 8F84 51 KB
51 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/71086705892980042/Background.jpg

Requested by

Host: steamfriends.info
URL: https://steamfriends.info/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a33ac17d187dcab4d778baad47a23a8bdc8a72f48faf2a05f2940a460f68f95e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 151900
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52404
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 06:51:40 GMT
server: sffe
date: Tue, 11 May 2021 23:23:33 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 May 2022 23:23:33 GMT

GET
H/1.1

200
OK

request.php Show response
hal900013.redintelligence.net/ Frame B74E
Redirect Chain

https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

216ms
104ms

Script
application/x-javascript

116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9185349922889105%26output%3Dhtml%26h%3D90%26adk%3D2743202993%26adf%3D54630664%26pi%3Dt.aa~a.984203930~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1620927313%26rafmt%3D1%26to%3Dqs%26pwprc%3D3312296569%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamfriends.info%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1620927312998%26bpp%3D1%26bdt%3D547%26idt%3D1%26shv%3Dr20210510%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1110x280%252C0x0%26nras%3D2%26correlator%3D4835669536548%26frm%3D20%26pv%3D1%26ga_vid%3D185982504.1620927313%26ga_sid%3D1620927313%26ga_hid%3D698119210%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D200%26ady%3D1240%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26oid%3D3%26pvsid%3D2301042039913280%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3D9NeZEJccbK%26p%3Dhttps%253A%2F%2Fsteamfriends.info%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamfriends.info&random=6596079676727&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 7bf19c8dba36b4c2a97ed6b285a20d67e8a14ef9c204472287f40908efa13b30

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 13 May 2021 17:35:14 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 52886700177894902179195011593013
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 724
Expires: Thu, 13 May 2021 18:35:14 +0200

Redirect headers

Pragma: no-cache
Date: Thu, 13 May 2021 17:35:13 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9185349922889105%26output%3Dhtml%26h%3D90%26adk%3D2743202993%26adf%3D54630664%26pi%3Dt.aa~a.984203930~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1620927313%26rafmt%3D1%26to%3Dqs%26pwprc%3D3312296569%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamfriends.info%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1620927312998%26bpp%3D1%26bdt%3D547%26idt%3D1%26shv%3Dr20210510%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1110x280%252C0x0%26nras%3D2%26correlator%3D4835669536548%26frm%3D20%26pv%3D1%26ga_vid%3D185982504.1620927313%26ga_sid%3D1620927313%26ga_hid%3D698119210%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D200%26ady%3D1240%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26oid%3D3%26pvsid%3D2301042039913280%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3D9NeZEJccbK%26p%3Dhttps%253A%2F%2Fsteamfriends.info%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamfriends.info&random=6596079676727&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Thu, 13 May 2021 18:35:13 +0200

GET
H/1.1 200
OK request_content.php Show response
hal900013.redintelligence.net/ Frame 5368 3 KB
2 KB 151ms
51ms Document
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=c9147eebf4&subid=&uid=ddbf811cc1370f11&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4999039912067490587%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_cid%3Dccc1609d-6351-4101-b376-022b41aec892%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCqQN7UWOdYMzAAeiu7_UPusuQgA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTkxODUzNDk5MjI4ODkxMDXIAQmoAwGqBM8BT9CINBffncQa4tqQs0pDQxJTc0oV5vnwZQAStBcFdivt11YYKNFY7gYEl0rToVM22F0tw7UJddGl-PeC1-s53sUw51GuoW-ZtvuRxoqHeMnGWfrs87Oc4ECd_FNB_5FQytucscZeQGC8NWhUwMzxAV1Y3zzCsuYYlopBilsQpsrXdndQ35dz7azjdpXJAqxB_EkQZVjdRa12s6258mQy02T70_eJRdBg2_IUtZr1F3RWsIRCH8ucM-2MonuO6rrJYtIwkDYw39SFUbexoBNsgAb6mbThpNbXtEegBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAewmLEC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ToeFVejfMmKjNoOXVSd83YoSyPg%2526client%253Dca-pub-9185349922889105%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9185349922889105%26output%3Dhtml%26h%3D90%26adk%3D2743202993%26adf%3D54630664%26pi%3Dt.aa~a.984203930~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1620927313%26rafmt%3D1%26to%3Dqs%26pwprc%3D3312296569%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fsteamfriends.info%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdXQ..%26dt%3D1620927312998%26bpp%3D1%26bdt%3D547%26idt%3D1%26shv%3Dr20210510%26cbv%3D%252Fr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D1110x280%252C0x0%26nras%3D2%26correlator%3D4835669536548%26frm%3D20%26pv%3D1%26ga_vid%3D185982504.1620927313%26ga_sid%3D1620927313%26ga_hid%3D698119210%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D200%26ady%3D1240%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26oid%3D3%26pvsid%3D2301042039913280%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3D9NeZEJccbK%26p%3Dhttps%253A%2F%2Fsteamfriends.info%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fsteamfriends.info&random=6596079676727&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 45d654cba0318fef3616cd4c1300197953947659e2b2b3cb059856caa3dac73d

Request headers

Host: hal900013.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=6f322d31fcdde54e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Thu, 13 May 2021 17:35:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 13 May 2021 18:35:14 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1341
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B74E 43 B
704 B 169ms
59ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2846686&v=14098&q=409715&r=296283&pref1=52886700177894902179195011593013&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 13 May 2021 17:35:14 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3E99 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 13 May 2021 03:14:09 GMT
expires: Fri, 14 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 51665
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B74E 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc4374593061b12751a11c1f88bed920394e9c81f53ae4bd89019e4db067c34b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3E99 35 B
464 B 32ms
9ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJO3Wd9b1XYb9CLfttKUPvw&google_cver=1&google_push=AQvitUJasmkcZ4UTd8TVvIwdjk1IOn8InO1-pYzV7u24uBlNtDmoEV_tWCFK-s8i70OS_SYbQIVzPoU5m7DCK-hKaxoMOaAZsHHm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3E99
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUoxalVnQUFCVFRjMUhOaA&google_push=AQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-k0VSZrtJYbT0j6cola-iHfQedCViS5pXBtyOj4fQyCnD1icnk2jpLsrs

170 B
188 B

92ms
55ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUoxalVnQUFCVFRjMUhOaA&google_push=AQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-k0VSZrtJYbT0j6cola-iHfQedCViS5pXBtyOj4fQyCnD1icnk2jpLsrs

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUoxalVnQUFCVFRjMUhOaA&google_push=AQvitULTHPLEUJZJj15qBa7ldUr4fVeTdK94cnuzcd-k0VSZrtJYbT0j6cola-iHfQedCViS5pXBtyOj4fQyCnD1icnk2jpLsrs
Date: Thu, 13 May 2021 17:35:14 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 3E99 43 B
324 B 241ms
131ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPQPKbVVeRV3mS17V2MWKMQ&google_push=AQvitUKnkpip5dLcsdXok15-ukrk2WLbhCtWYQNiGriAyJ6khGI6iGsf-V2KbMm2aLjrU9vOD3HmMuQAJVjchGD5Grwb3IwIUT6s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9185349922889105&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.984203930~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1620927313&rafmt=1&to=qs&pwprc=3312296569&psa=0&format=1200x90&url=https%3A%2F%2Fsteamfriends.info%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620927312998&bpp=1&bdt=547&idt=1&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1110x280%2C0x0&nras=2&correlator=4835669536548&frm=20&pv=1&ga_vid=185982504.1620927313&ga_sid=1620927313&ga_hid=698119210&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1240&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2301042039913280&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=9NeZEJccbK&p=https%3A//steamfriends.info&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3E99
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEG-89GXGf58hyzIkl7o5rvA&google_cver=1&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE
https://rtb.openx.net/sync/dds?google_gid=CAESEG-89GXGf58hyzIkl7o5rvA&google_cver=1&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&google_hm=HszKn1mdxf8rGOX4c-bNeA==

170 B
188 B

83ms
55ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&google_hm=HszKn1mdxf8rGOX4c-bNeA==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:13 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULHh_M7MwmxqxXt7lzTrDmA0tdCwmLeRojstJMtzO4406ALP8Rv79sbQ3JjISr0vM12pbZrsPOmGr2DW0lTrGjcnRIushE&google_hm=HszKn1mdxf8rGOX4c-bNeA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: s5sfru94dc2bsie6budr9amtkeqh4cuf

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3E99
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=X8mj3C3tTw2EvoGzrUQ0zA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

81ms
54ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=X8mj3C3tTw2EvoGzrUQ0zA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJFjA_Z2f0IzsjbMYkmEwYlltlRN3rjUySTFH3yo-Xl3ioRiGkaqRvf-df95xquj77O3RtiDKcmAm__YMtnQWtD_w5YUiQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=X8mj3C3tTw2EvoGzrUQ0zA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJFjA_Z2f0IzsjbMYkmEwYlltlRN3rjUySTFH3yo-Xl3ioRiGkaqRvf-df95xquj77O3RtiDKcmAm__YMtnQWtD_w5YUiQ
date: Thu, 13 May 2021 17:35:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3E99
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFygKmbSol1uHlJ3swi7p3U&google_cver=1&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ONjlTRUUtMVUtTTlITw==&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA6F6rSLApeIOgywtZ6SrApA1gM

170 B
188 B

110ms
56ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ONjlTRUUtMVUtTTlITw==&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA6F6rSLApeIOgywtZ6SrApA1gM

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ONjlTRUUtMVUtTTlITw==&google_push=AQvitULYPHAefEdgqyU5VhzQOe2Eg6QjHnjtvx1YIgkoQqoTqWFJC5k5xK_80yTVEpkAyUR65sA6F6rSLApeIOgywtZ6SrApA1gM
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 3E99
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iA...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 3E99 0
227 B 157ms
56ms Image
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JHwPBpYrIVwY-fPC38cLAkeUKN1vrI3Su2a379iSIQanMmdNMICvdMHAwi4ua4M7LXMZOE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:14 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

kl_kis_728x90px.gif
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame 5368
Redirect Chain

https://www.awin1.com/cshow.php?s=2846686&v=14098&q=409715&r=296283&pref1=52886700177894902179195011593013&pv=0
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_728x90px.gif

26 KB
26 KB

199ms
85ms

Image
image/gif

188.138.33.34
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_728x90px.gif
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.138.33.34 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: loft9037.serverprofi24.de
Software: nginx /
Resource Hash: c9197eb66582a6ba6de2d288af7a6e06eee8e7abff50dadca9313cb03970b965

Request headers

Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:14 GMT
Last-Modified: Mon, 29 Mar 2021 07:44:32 GMT
Server: nginx
ETag: "60618560-6857"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 26711

Redirect headers

Date: Thu, 13 May 2021 17:35:14 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_728x90px.gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
hal900013.redintelligence.net/ Frame 5368 0
150 B 162ms
54ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/viewability?s=52886700177894902179195011593013&a=b93b1d6c&vb=m
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:14 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 5368 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame 5368 851 B
1 KB 167ms
52ms Script
application/javascript 188.138.33.34
GD-EMEA-DC-SXB1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=52886700177894902179195011593013&a=7db093ac
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 188.138.33.34 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS: loft9037.serverprofi24.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 17:35:14 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
7 KB 26ms
25ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210510&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47169da0a223b4bc2f99c9106e7b157914c350109baaaf3e94691f6cc5c15c88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 17:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7618
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 17:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 13 May 2021 17:35:14 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 1BC3 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://steamfriends.info/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://steamfriends.info/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 13 May 2021 17:07:19 GMT
expires: Fri, 13 May 2022 17:07:19 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1675
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1BC3 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cc9b955df15cad8db09c988709ba675a33e27b1b2f533761d7e390f9144305c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 16:23:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 4315
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5679
x-xss-protection: 0
expires: Fri, 13 May 2022 16:23:19 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210510&jk=2301042039913280&bg=!5Oel56PNAAY59bwoOfU7ACkAdvg8Wt0EYqY4VTWX8db1GDCxgVh3XPX467usE5KHX1MRYxwiLp3AiQIAAACJUgAAAAxoAQeZAkhSFH_mUNAFqVYZtjRaRADOoaEnGaDtTEaAIEu__Dgy6DzkwtaG5d3Nnq8cT_PCAnDbozlmjdIeJCTMVKanAXnSHyxcMbxMX60sG0FjJXcdWpvDFvD_NvEQVSbIEQulNKLhOSmCN1TN4KF4L2b1N63JrqjJ3puOtVdWzYHFROe68W5idRZ80XkQp0vBZJvTxJxjmKrwxEJjGmcExe59in08sMUjsSe-ZOjl0jb6NOpcz8sAC-ky-9LQ862w0i-B8EVsfpZ_V9U0tEGr1t0_EpNCFn_XTIIfdhgmZ0o8O8kC-b_trNEkdpIHd2iBdcEhgw_aDAS-a3sfjjAPxLtrwIDarXRHAJV1rG42_Zbdxd-nQGD9JG2Z8HhRqE1b1lyuTgowTAOxlB0ixj_j_gxYpbKcf9VSDGLjX0lAKnGjUUv99v78z62GCsdWF9x3-nV9-qaIsJwznQzELiYbtg-83yG7T7tJRbTZrZD0iL9RCf3k7sDWkwVnIJn4yxRHeO7g5HTydbwQalF0-H49b6L--O9M3iUqTrEmA00cI8AH2TD_C_QJY_rMv_ZW3R8BJPkAxztgN-T7R1Vz5fIKM7Hj_fmnJ_neUWGwXvejUad5IBgTtX4mlYtzkyBiNFjiCKW2qUCN6NNwZdrHGUINt60GhZVcmuQYIw6t5-p5ya7zlBvvzs40SFzNt6b361ldxTBXCWkfwetBMg27KisIiVY8FGI4mQNic_xBVoYLxg0sGaNdjA-ywfmUede4QxnSvCX7iXjMhhMZDdk3Tg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://steamfriends.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F84 0
66 B 38ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=229.0000&a1=https&f1=layout_html&s1=0&d1=22.0000&i=507628060002&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F71086705892980042%2Findex.html&gqi=UGOdYPPeNsqI-gb4546ACA&qqi=CMaBxeWYx_ACFZbkuwgdgM0IgA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 17:35:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ1jUg8Gs9xHwccazyP25QAABKkAAAIB&google_gid=CAESEKDaLlSLPixLnXyYf7mcS1w&google_cver=1&google_push=AQvitUIuLN8v2km4RLdTfASiAQkgmxZrHf9iAWvlTKM94B0JP_AuhxizyU6V4yKyIUU3cytNJV6ujo4kwidqjBw3koxabasv02I

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.redintelligence.net/	1970-01-19 20:25:03	Name: 8lcfmzhxc8d6_uid Value: 6f322d31fcdde54e
.doubleclick.net/	1970-01-19 18:15:30	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 18:15:28	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 03:37:03	Name: IDE Value: AHWqTUl_jh1mr3rW-xZJdCMlXXTES007Y_80-SXmS9nRLzvaxMY2BIAu1S905aPFMD4
.steamfriends.info/	1970-01-20 03:37:03	Name: __gads Value: ID=7c4e49c397cbabe2-223f872e11c8002d:T=1620927313:RT=1620927313:S=ALNI_MZ4kJxwLkJ8nb2uKnuduNZtEmft5g
steamfriends.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: cp2u9bkc7ivs7u0nkn4h1nbto5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.contentspread.net
cm.g.doubleclick.net
cms.quantserve.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900013.redintelligence.net
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
rtb.openx.net
steamfriends.info
tags.mathtag.com
tpc.googlesyndication.com
www.awin1.com
www.google.com
www.googletagservices.com
cm.g.doubleclick.net
104.111.239.217
116.202.48.214
138.201.63.145
142.250.181.226
142.250.74.194
163.172.46.245
185.29.133.58
185.64.189.115
188.138.33.34
2.18.233.201
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:808::2004
2a00:1450:4001:810::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
34.98.67.61
35.227.252.103
69.173.144.139
99.80.199.35
016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac
07dd0a12cbe92eee2c08c36cafc2b9f028e8a3b48556afe516138067b1b2e268
0883ffacfd4c998ca72bcaac0bfa192ea0c9cd0db257c03a3ef83d5df5fe8a7c
09488d4c38630134321f03e2cb11a3c1f29d43c38f186d786b1910a1d3fb3853
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
2d2bdce1975ec8d532d7fd86c172fc46452094ae6267d3f2fd41b623711271ec
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30f711976feb745d0a181437d8d6b31bd07213c35cddb8c1e53c99aef0635d89
3ccf3b9fcd8ce831f993e85e6cafa8d56a4bd151572b8db341b3ec23c3164a97
45d654cba0318fef3616cd4c1300197953947659e2b2b3cb059856caa3dac73d
47169da0a223b4bc2f99c9106e7b157914c350109baaaf3e94691f6cc5c15c88
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4cc9b955df15cad8db09c988709ba675a33e27b1b2f533761d7e390f9144305c
4f874ff88caab3c7b634468acfc642a6bdca8bb2e9499e8f8271555b29e2129f
52bd0cb22cbc69bfce3416f2691fd6a9e10683ff48d562763c857703b90198cb
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
609a19b322b83fb63bc14f80f90a9bf8fe5f0f8197f06400a4c9e191496700d1
6130fe8ded2255439c42cf9e805c28b1a72bfcad166d9dcd720243d33557628b
68060b657cd4add338fb142c80b748092e2059bf6f56209d71b32c4d26372aa8
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b8dd2d9ab57a3d53dece32023f3403cb97f93d7c4182c0e57a4e2ef0e6a97de
6c0489619b42dc28c6d135cf946eaea95f6206229dedbad28a2636d3525fdb3e
6ec41e866f92a33f89b9917411d7c41bc437c3fd61a8bec50010c7e13d56696d
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7bf19c8dba36b4c2a97ed6b285a20d67e8a14ef9c204472287f40908efa13b30
7c8f615238d0812c8d8735e3a972c54930067aa61d3f96e73e06291b50d8bccc
7f15d8b64e3311ec9d82b7fa696be939858b011ec9313d4ad124e64a048c1688
7f2e245bec8b87ae675c6406a2e2329970934d2f8c1340ef3f2d3d0f965f2d87
94af95e1e9d942c499a501faf95e03729313dbcb02c37cbde3a412b5269f3c5c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a33ac17d187dcab4d778baad47a23a8bdc8a72f48faf2a05f2940a460f68f95e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6ae7ed2fcff005ffbdafc2fcb2ea153662bb01dc6931b2a456b80e79977b614
b7780fffceef2acbc4ba25977cd2710c03580db5c2f685533931ef7d7e16f650
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bf3416e8e60fe5e0bbc9662c89cc80d1e1c428dc670354050b6a7fab994e8405
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c733baee4cf123134f5f17a5be72fc127af77edf75f2b1df9900eb71797de889
c9197eb66582a6ba6de2d288af7a6e06eee8e7abff50dadca9313cb03970b965
d3e00ac160527fc880c6f79b6d79a864d13ded2823acefeb31fbfaa05383b1bb
e2bbd7a1f50bdb80ab234e38c4a90b1245021a0b3513ba056d5ce4ab19b9dc05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e693bbbe20a2803b7355b830edff7ed9efd0272dd87c649b6f2e8b352379c324
e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425
ee63b6f91b47dde98d3aa5940dd18e541a6a8aed068bb8ddd33e171bead47157
fc4374593061b12751a11c1f88bed920394e9c81f53ae4bd89019e4db067c34b

steamfriends.info Open in urlscan Pro 163.172.46.245 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

74 Requests

99 %HTTPS

39 %IPv6

19 Domains

24 Subdomains

19 IPs

5 Countries

636 kBTransfer

1530 kBSize

6 Cookies

4 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

steamfriends.info Open in urlscan Pro
163.172.46.245 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

99 %
HTTPS

39 %
IPv6

19
Domains

24
Subdomains

19
IPs

5
Countries

636 kB
Transfer

1530 kB
Size

6
Cookies

74 HTTP transactions
3 data transactions