pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru Open in urlscan Pro
45.147.197.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Submission: On July 23 via api (July 23rd 2023, 3:47:10 pm UTC) from US — Scanned from US

Summary HTTP 176 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 35 IPs in 7 countries across 39 domains to perform 176 HTTP transactions. The main IP is 45.147.197.153, located in Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru.
TLS certificate: Issued by R3 on June 23rd 2023. Valid for: 3 months.

This is the only time pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	45.147.197.153 45.147.197.153	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
2 11	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
1	77.88.55.60 77.88.55.60	13238 (YANDEX) (YANDEX)
5	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
12	2606:4700:303... 2606:4700:3038::6815:e9e0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
5 12	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1 2	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
1	89.184.81.35 89.184.81.35	28907 (MIROHOST ...) (MIROHOST Web hosting)
3	2607:f8b0:400... 2607:f8b0:4006:824::200e	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:816::2008	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:80d::2001	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
1	2620:100:a001... 2620:100:a001::24	19750 (AS-CRITEO) (AS-CRITEO)
3 6	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
7 29	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
1 1	52.1.202.173 52.1.202.173	14618 (AMAZON-AES) (AMAZON-AES)
1	202.233.84.1 202.233.84.1	131957 (MICROAD M...) (MICROAD MicroAd)
3 3	52.54.23.208 52.54.23.208	14618 (AMAZON-AES) (AMAZON-AES)
1 1	51.222.239.232 51.222.239.232	16276 (OVH) (OVH)
4 4	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
7	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
1	74.119.119.147 74.119.119.147	19750 (AS-CRITEO) (AS-CRITEO)
1	2620:100:a001::9 2620:100:a001::9	19750 (AS-CRITEO) (AS-CRITEO)
2	2620:100:a001... 2620:100:a001::16	19750 (AS-CRITEO) (AS-CRITEO)
9	2607:f8b0:400... 2607:f8b0:4006:80a::200a	15169 (GOOGLE) (GOOGLE)
1	2620:100:a001::3 2620:100:a001::3	19750 (AS-CRITEO) (AS-CRITEO)
24	2606:4700:303... 2606:4700:3034::6815:53c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
2 2	104.65.247.96 104.65.247.96	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
2 2	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
2 2	64.74.236.95 64.74.236.95	19024 (INTERNAP-...) (INTERNAP-BLK5)
1	2600:1f1c:a99... 2600:1f1c:a99:832c:2412:5a3c:977a:e751	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 1	74.121.140.211 74.121.140.211	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	3.215.246.119 3.215.246.119	14618 (AMAZON-AES) (AMAZON-AES)
2 2	185.167.164.39 185.167.164.39	198622 (ADFORM) (ADFORM)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8::16b 2a02:6b8::16b	208722 (GLOBAL_DC) (GLOBAL_DC)
176	35

11 45.147.197.153 (Netherlands)

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: vm1670795.nvme.had.yt

pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:6b8:20::215 (Moscow, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:a::a (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.88.55.60 (Russian Federation)

ASN13238 (YANDEX, RU)
PTR: yandex.ru

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81f::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3038::6815:e9e0 (United States)

ASN13335 (CLOUDFLARENET, US)

xp4stm90bvzr.frontroute.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:816::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:6b8::90 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.184.81.35 (Kyiv, Ukraine)

ASN28907 (MIROHOST Web hosting, datacenter and domain names registration in Ukraine, US)
PTR: c.hit.ua

c.hit.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:824::200e (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:80f::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2001 (Stony Point, United States)

ASN15169 (GOOGLE, US)

ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2008 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:80d::2001 (Stony Point, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81c::2004 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80c::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::24 (United States)

ASN19750 (AS-CRITEO, US)

ads.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:112:f002:bbbb::21 (United States) 3 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.65.226 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.202.173 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-202-173.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.233.84.1 (Japan)

ASN131957 (MICROAD MicroAd, Inc., JP)

aid.send.microad.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.54.23.208 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-23-208.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.222.239.232 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip232.ip-51-222-239.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 174.137.133.49 (United States) 4 redirects

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.147 (United States)

ASN19750 (AS-CRITEO, US)

cat.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::9 (United States)

ASN19750 (AS-CRITEO, US)

imageproxy.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::16 (United States)

ASN19750 (AS-CRITEO, US)

csm.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:80a::200a (Stony Point, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::3 (United States)

ASN19750 (AS-CRITEO, US)

rtb.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2606:4700:3034::6815:53c (United States)

ASN13335 (CLOUDFLARENET, US)

g.bidbrain.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81f::2003 (Stony Point, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.65.247.96 (Miami, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-65-247-96.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.74.236.95 (United States) 2 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f1c:a99:832c:2412:5a3c:977a:e751 (San Jose, United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.30 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.121.140.211 (Reston, United States) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.246.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-246-119.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.167.164.39 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::16b (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

matchid.adfox.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	doubleclick.net 7 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 208 googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 cm.g.doubleclick.net — Cisco Umbrella Rank: 242	240 KB
24	bidbrain.app g.bidbrain.app — Cisco Umbrella Rank: 25006	7 KB
20	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 134 ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 153	269 KB
15	yandex.ru 5 redirects yandex.ru — Cisco Umbrella Rank: 2029 an.yandex.ru — Cisco Umbrella Rank: 5297 mc.yandex.ru Failed matchid.adfox.yandex.ru — Cisco Umbrella Rank: 32371	122 KB
12	frontroute.org xp4stm90bvzr.frontroute.org — Cisco Umbrella Rank: 863840
11	yastatic.net 2 redirects yastatic.net — Cisco Umbrella Rank: 6850	209 KB
11	bookmp3.ru pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru	298 KB
10	criteo.net static.criteo.net — Cisco Umbrella Rank: 605 imageproxy.us.criteo.net — Cisco Umbrella Rank: 2841 csm.us.criteo.net — Cisco Umbrella Rank: 2844	40 KB
9	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 82	6 KB
6	turn.com 3 redirects ad.turn.com — Cisco Umbrella Rank: 902 r.turn.com — Cisco Umbrella Rank: 4050	3 KB
6	google.com adservice.google.com — Cisco Umbrella Rank: 117 www.google.com — Cisco Umbrella Rank: 3	621 B
5	gstatic.com fonts.gstatic.com	78 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	225 KB
3	e-volution.ai 3 redirects rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 10090	1 KB
3	stackadapt.com 3 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 762	2 KB
3	criteo.com ads.us.criteo.com — Cisco Umbrella Rank: 2755 cat.va.us.criteo.com — Cisco Umbrella Rank: 2571 rtb.va.us.criteo.com — Cisco Umbrella Rank: 6416	41 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 59	21 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1161	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 610	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 558	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 355	2 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 737	820 B
2	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 1833	2 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11639	2 KB
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1296	35 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 1019	878 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 15344	521 B
1	mookie1.com 1 redirects odr.mookie1.com — Cisco Umbrella Rank: 1235	730 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8884	557 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 811	464 B
1	adkernel.com 1 redirects dsp.adkernel.com — Cisco Umbrella Rank: 7499	489 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 801	516 B
1	microad.jp aid.send.microad.jp — Cisco Umbrella Rank: 6832	641 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 5329	615 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	77 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1178	598 B
1	hit.ua c.hit.ua — Cisco Umbrella Rank: 172151	738 B
0	mail.ru Failed ad.mail.ru Failed
0	betweendigital.com Failed ads.betweendigital.com Failed
176	39

	Domain	Requested by
29	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
24	g.bidbrain.app	googleads.g.doubleclick.net pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
12	an.yandex.ru	5 redirects yastatic.net pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
12	xp4stm90bvzr.frontroute.org	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
11	pagead2.googlesyndication.com	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
11	yastatic.net	2 redirects yastatic.net
11	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
9	fonts.googleapis.com	googleads.g.doubleclick.net
8	tpc.googlesyndication.com	googleads.g.doubleclick.net
7	static.criteo.net	ads.us.criteo.com
5	fonts.gstatic.com	fonts.googleapis.com
5	securepubads.g.doubleclick.net	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru securepubads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net
4	www.google.com	googleads.g.doubleclick.net
3	rtb2-useast.e-volution.ai	3 redirects
3	sync.srv.stackadapt.com	3 redirects
3	r.turn.com	googleads.g.doubleclick.net pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
3	ad.turn.com	3 redirects
3	www.google-analytics.com	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru www.google-analytics.com www.googletagmanager.com
2	rtb.mfadsrvr.com	2 redirects
2	c1.adform.net	2 redirects
2	b1sync.zemanta.com	2 redirects
2	x.bidswitch.net	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	px.owneriq.net	2 redirects
2	csm.us.criteo.net	ads.us.criteo.com
2	adservice.google.com	pagead2.googlesyndication.com
2	counter.yadro.ru	1 redirects pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
2	yandex.ru	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
1	matchid.adfox.yandex.ru	yastatic.net
1	rtb.adentifi.com	googleads.g.doubleclick.net
1	sync.mathtag.com	1 redirects
1	im.bluevoox.com	1 redirects
1	odr.mookie1.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	rtb.va.us.criteo.com	googleads.g.doubleclick.net
1	imageproxy.us.criteo.net	ads.us.criteo.com
1	cat.va.us.criteo.com	ads.us.criteo.com
1	dsp.adkernel.com	1 redirects
1	onetag-sys.com	1 redirects
1	aid.send.microad.jp	googleads.g.doubleclick.net
1	fksnk.com	1 redirects
1	ads.us.criteo.com	googleads.g.doubleclick.net
1	www.googletagmanager.com	www.google-analytics.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c.hit.ua	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
0	ad.mail.ru Failed	yastatic.net
0	ads.betweendigital.com Failed	yastatic.net
0	mc.yandex.ru Failed	pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
176	52

This site contains links to these domains. Also see Links.

Domain
mir-knigi.info
vk.com
www.facebook.com
twitter.com
bookmp3.ru
www.liveinternet.ru
hit.ua

Subject Issuer	Validity	Valid
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru R3	`2023-06-23` - `2023-09-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
frontroute.org E1	`2023-06-25` - `2023-09-23`	3 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-07-10` - `2024-01-07`	6 months	crt.sh
bs.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-04-08` - `2023-10-07`	6 months	crt.sh
hit.ua R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-27` - `2023-09-23`	3 months	crt.sh
*.send.microad.jp GlobalSign RSA OV SSL CA 2018	`2022-10-05` - `2023-11-06`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.va.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2023-10-13`	3 months	crt.sh
*.us.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-04` - `2023-08-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
bidbrain.app Cloudflare Inc ECC CA-3	`2022-12-02` - `2023-12-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
adentifi.com Amazon RSA 2048 M01	`2023-07-06` - `2024-08-03`	a year	crt.sh
matchid.adfox.yandex.ru GlobalSign RSA OV SSL CA 2018	`2023-06-01` - `2023-11-24`	6 months	crt.sh

This page contains 13 frames:

Primary Page: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Frame ID: 1FFB14CEAD62B439A4C3A4DCE8F03704
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html
Frame ID: FA2C33E193389620F75D3E2815E972B7
Requests: 1 HTTP requests in this frame

Frame: https://ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BF3ACDC43BC9194B03BB7587996DEF29
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334
Frame ID: C0753B19E6BC106248F777FD72173AE0
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&adk=1812271804&adf=3025194257&lmt=1690127221&plat=2%3A16777216%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220824&bpp=4&bdt=2171&idt=354&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da1f7e42694b36bd9%3AT%3D1690127221%3ART%3D1690127221%3AS%3DALNI_MYGIsaKblVLPn8tvlQKMl7k5IjcIQ&gpic=UID%3D00000d0ee2dfbb14%3AT%3D1690127221%3ART%3D1690127221%3AS%3DALNI_MbAAEJ9kqJso7rHhEc4xg8Lxi7fiw&prev_fmts=710x178&nras=1&correlator=3351506828697&frm=20&pv=1&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=398
Frame ID: 46FDE21C89475AE03E2E8558B3C13649
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=ZL1LdQACpZAE0aGKAAKnoe4wjXxZ1pjEmWb5Cw&u=%7CwA%2BmiyMqVBb9vL3O9A9cozJdmgEWD5DWNb0mPQ1z22k%3D%7C&c1=SMhbYeryLxkG14NwFf2jh1KVMrwDvmO-dbHERHVj9MQgFtTN83TUdVFZz6mvMC78rklu3251mk0mb-RBzl6Q31aohG_DEjutoXymwHZ91Z7Dc748EU96e8cCXwGxXyB5_dhOEg1aQCGLn6HMN8kYuxmq0Ndjr_pkr-lVQJZNsoZlxBr7_QwAgSZL8UhWHaCogbeOP14PXmSsDlUXbOpqr3QWg0szsv_LeHpifnYBK-OsoniL3p4p1UJluB2aJ2m2yntCF3SwNfVPL2m88yOq3WY3ypgSMDtmlVj_dzW6it6MzkS0UBKMqKeUmqrizh_fsVEP-FSNZzQoviaGyxyuwZYnoBMhV-iHkWME2fsX2qm7msLRNHDaOEd_v8NvFcvnWXVFw8BpIf_qfhhe_T7YU2iF-EMeqsw0ds6s8UtiIsQyQrZ5gJE-O8PlpC-ISW_aMXaVobKCc95sgx9Q_MD4EgV9YsHNIDk5Eb9JykkYs-aRnXnNIbeG8Bmv_r-JBF__GiXgt0d8f2KwlWssYx56yK-rTqKWi2P1wcLa1XGlaBdwzskvyvT9DnlHPqY6yhj7N52ZKwqoxUX48UcK9v9-9MuPHyVTkDscT35W1g_GYfeh9ffMULKvzA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8GYndUu9ZJDLCorDxtYPoc-K0A2cge-wXNKWqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItMTYxODU5MjIwNTA4Mzc4MMgBCagDAcgDAqoEmwJP0GqCwEe6WqcZ2EytUu18DhJvqOSTE8Qes61f68juP6wjE-NhBpnehtEim5YNv5IrUXtba567LGt0EmVQAOaxxq2JipXVKZpdwMJ2Vt-ASoe3LULq8hmJvXmmiq4R3DH6bunWYoIQ--UGyZHoc_l4kLoYl0JqQlvySgLjSQ-6THdZpjjusobhhXmZ2DT4Jf21FFhtUB_bwA-MoT9zxB4gj4_peD16ZKEFb_TmeWFFElPH8ICFfXler8Tx_TO9uJPsni2TMKa2ABbc-790kwepImpa1v0F6e9OGzceU2yMUgwGUHfPHD93UnOhY1eCKG26WCAlWm8eT2GAVgZ6GhHWCeDvymwKfoRiKzaxFdPUJpNOQWvvfnAeXym_gAbJx_363fjukhegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0qBGcXrp3ASEA6kZw9E_LGTALnkQ%26client%3Dca-pub-1618592205083780%26adurl%3D
Frame ID: 9C18F9D606D4A903A2C0250C2F666F3F
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4C9D4099E73CBDC31FEEE3241AF4E226
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Frame ID: 426B25FF0AC35BA43BFAB025A4E0A95A
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Frame ID: CA7B1B13BECA088195269CD99074C858
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Frame ID: 3EA485B616C9ED74B994301522B873D7
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0E31075BD836D26544BD21C5155AB45E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5178F5722C5F87C815F08B4BE7293722
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A52720A3139214704E9844ECE31F79D8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Аудиокниги слушать онлайн бесплатно :: bookmp3.ru

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

176
Requests

82 %
HTTPS

54 %
IPv6

39
Domains

52
Subdomains

35
IPs

7
Countries

1635 kB
Transfer

5252 kB
Size

56
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://mir-knigi.info/
Title: Книги

Search URL Search Domain Scan URL

URL: https://vk.com/bookmp3_ru

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bookmp3ru/

Search URL Search Domain Scan URL

URL: https://twitter.com/bookmp3

Search URL Search Domain Scan URL

URL: https://bookmp3.ru/rss

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/authors
Title: «Авторы»,

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/genres
Title: «Жанры»

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/top
Title: «Топ 100»

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: http://hit.ua/?x=84925
Title:     <img src='//c.hit.ua/hit?i=84925&g=0&x=1' border='0' width='88' height='31' alt='hit.ua: сейчас на сайте, посетителей и просмотров за сегодня' title='hit.ua: сейчас на сайте, посетителей и просмотров за сегодня'/>

Search URL Search Domain Scan URL

URL: https://bookmp3.ru/
Title: bookmp3.ru

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://yastatic.net/pcode/adfox/header-bidding.js HTTP 302
https://yandex.ru/ads/system/header-bidding.js

Request Chain 5

https://yastatic.net/pcode/adfox/loader.js HTTP 302
https://yandex.ru/ads/system/context.js

Request Chain 34

https://counter.yadro.ru/hit?t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437 HTTP 302
https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437

Request Chain 58

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEDtpf9uTxjZUbAPYmirL_BU&google_cver=1&google_push=AaAOQGHyLqMjOFW-XqBf5jV0I4ZfHI1EOoKe0ZFdjm23sxmRH3PXqFkz1MuxbAJ4e2CaF6tFY2bjFAviJZvt5Wak_1db15AtXWrrvgY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

Request Chain 59

https://fksnk.com/cs/google?google_gid=CAESELJ5kAafMvJjwLhZawzaJ1M&google_cver=1&google_push=AaAOQGHqGVRiFzUsjE6koh---r0dZjKlWi-Cp5CH6mlzSugX1bmiGqH-dMXdtikwTDIf4Fa_8siTQxg28V-fWVDwvXmavdHMpI1TjS4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkIzMzQ5NjM0NEY5MjA5RA==

Request Chain 61

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEHRSOtNvfCnVVepGYCMblfg&google_cver=1&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-uxXYBx9bLPAXVGOMQA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-uxXYBx9bLPAXVGOMQA

Request Chain 62

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFp13cPoy9V1cHRHjtrbQ2M&google_cver=1&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65SGozB68IicqZLGr5tyuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABiYNup0Sqe-Qdqk4PkHbZUgCaHcMziQvToA&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65SGozB68IicqZLGr5tyuw

Request Chain 63

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEJZ8fKERy00Bse9uudfhrck&google_cver=1&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5 HTTP 302
https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESEJZ8fKERy00Bse9uudfhrck%26google_cver%3D1%26google_push%3DAaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5 HTTP 302
https://rtb2-useast.e-volution.ai/sync?adkuid=A7423259293904304121&exchange=193&google_gid=CAESEJZ8fKERy00Bse9uudfhrck&google_cver=1&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5

Request Chain 64

https://an.yandex.ru/mapuid/google/CAESEAHgBEPa7WhnemWLdqeQPnY?ext-param=AaAOQGEJ7fmu9yMljUQ7XPONYAjTXwYa-Rs_UoUHdf1TUqp4ds3UEyKwUkyXQI30YiN14TzSiA_L-XqMsRtD2PsEuRxVn-WfrwwGjD4H&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEAHgBEPa7WhnemWLdqeQPnY?redir-setuniq=1&ext-param=AaAOQGEJ7fmu9yMljUQ7XPONYAjTXwYa-Rs_UoUHdf1TUqp4ds3UEyKwUkyXQI30YiN14TzSiA_L-XqMsRtD2PsEuRxVn-WfrwwGjD4H&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEAHgBEPa7WhnemWLdqeQPnY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 116

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1&google_push=AaAOQGGbf6hRy9fRXFOaRtjhbIEP_YKR5V1A5S3jR0I-fjo98y872aiEsuW_ZFsl6CQF1mkbF3qvGB6KXS9Zcgx5mr3-JOQtjOyQ5AE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

Request Chain 117

https://px.owneriq.net/ecmg?google_gid=CAESEDMf5S-77Cz8f1jxEmFHzFg&google_cver=1&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fcm.g.doubleclick.net%2fpixel%3fgoogle_nid%3downeriq1%26google_sc%26google_push%3dAaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg%26google_cver%3d1%26google_gid%3dCAESEDMf5S-77Cz8f1jxEmFHzFg%26google_hm%3dUTc0MzQxMzYyMjE3MTQ1NzIwNzM%3d&uid=Q7434136221714572073&ref=%2Fecmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg&google_cver=1&google_gid=CAESEDMf5S-77Cz8f1jxEmFHzFg&google_hm=UTc0MzQxMzYyMjE3MTQ1NzIwNzM=

Request Chain 118

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGFjBu4vCMdlWJjbU7UGZUEd56T3OIVXUN-qFW7cxCWLcOPCLelMB80ZwJvYNn7dNOcqYn_o34XqDotiDuFgmSBxFR-J69524A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_push=AaAOQGFjBu4vCMdlWJjbU7UGZUEd56T3OIVXUN-qFW7cxCWLcOPCLelMB80ZwJvYNn7dNOcqYn_o34XqDotiDuFgmSBxFR-J69524A

Request Chain 119

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDA7peJqlaE6H7NUDLC8-gw&google_cver=1&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDA7peJqlaE6H7NUDLC8-gw&google_cver=1&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU&google_hm=R7p3-0zaSOCDwsaU3PSo_A==

Request Chain 120

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEDr29_TynIRab5IGU-GL15k&google_cver=1&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEDr29_TynIRab5IGU-GL15k&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w&google_hm=TU8tc3RTQjhOUEJpMlg3eXpUOTI=

Request Chain 121

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJFrtuV6PkEXgz-igKONEy0&google_cver=1&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_LtBRJnA4WLIKa82yuE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_LtBRJnA4WLIKa82yuE

Request Chain 122

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGHs_ukJbmYDhuVXrgl14tQgeIq4Gm-6KBGrj67rdh40oM8PRdFyHlGMY7lKNjqarIWvBB-pzHImgANGNB6gjcxifM5S4WVIOkS_&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 129

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1&google_push=AaAOQGGakyZYJd839vXrfvd9s3leFZsDBfb0p_d8A6pEDfZptb4sINSAYcL592PK44Hn_tPDI6fhMHVzEsi_NTXBCRsHcBb7ZEGsrg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

Request Chain 131

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKtBUe9Bztcvy4xch2yr62Q&google_cver=1&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPzP-Tr6wtUcbpEqT4 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WI3uzYdSTXioER0lMHunsg2&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPzP-Tr6wtUcbpEqT4

Request Chain 132

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJjJKSizRmJPupiqYTP2hEA&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyPc3unmfys&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyPc3unmfys&google_hm=MTA1OTQ3ODg0OTk2NTI1NTY5ODY

Request Chain 133

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJFrtuV6PkEXgz-igKONEy0&google_cver=1&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw-2xjeqt2J0J75nSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw-2xjeqt2J0J75nSw

Request Chain 134

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEABED8TFRROQfy9cK1QKtM4&google_cver=1&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey906XEZCru-IFypyWlsDFOcSRfAExJIbYBY48crQFQ9jM9_84V HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey906XEZCru-IFypyWlsDFOcSRfAExJIbYBY48crQFQ9jM9_84V&google_hm=QlMuNTBiZS0wNzc4LTQwOWUtOTA2Zg==

Request Chain 135

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGHEI3du49kRqFqndLQaAEQmlpCZqD95rCeLQk1-M2c-BaPehRGY2Mh1WOmDipkLd4-RnvJDYBAcCFJM9AU23IfyzLFQ-jQWH054&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 144

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEKQZYryG6e7w3kfEnTCnW0I&google_cver=1&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGONeCJ10WiKbqxxVzHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGONeCJ10WiKbqxxVzHk

Request Chain 145

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGHUbkJ_h4eNtep4kv8KIxj9SWMdtYRVM2nXDH5CFyy21BozanyYRXYtPVesdyvUVqRmL9rZFEdiK1PcEydokNVg2oQiqHUebmY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkwxTGRnQURCYnhRTGdBXw==&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGHUbkJ_h4eNtep4kv8KIxj9SWMdtYRVM2nXDH5CFyy21BozanyYRXYtPVesdyvUVqRmL9rZFEdiK1PcEydokNVg2oQiqHUebmY

Request Chain 147

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGysj7cIKv7frvsKXneJi1E&google_cver=1&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nNWyGITat60GUUX6rgxPVaHRev HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEGysj7cIKv7frvsKXneJi1E&google_cver=1&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nNWyGITat60GUUX6rgxPVaHRev HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODY2OTY4NjEzNTA5MjEwMzc4OQ&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nNWyGITat60GUUX6rgxPVaHRev

Request Chain 148

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEABYZTwSAJI8TWvEN3zM1cs&google_cver=1&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUTdsXEDtrp75AF2AFYYSTDR79abaw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUTdsXEDtrp75AF2AFYYSTDR79abaw

Request Chain 149

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEGnkSNMlRIbmPgWwKMpsHeQ&google_cver=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr9xuBrpznAxYC40E_tZG0RLnOjPdBdQ HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEGnkSNMlRIbmPgWwKMpsHeQ&google_cver=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr9xuBrpznAxYC40E_tZG0RLnOjPdBdQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=6uKnUqulQK60Igv4EjU7yw==&no_redirect=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr9xuBrpznAxYC40E_tZG0RLnOjPdBdQ

Request Chain 150

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGEvLKhaMuI1T5zylDf9jfg-k8BeA7xhcPJB3A0BU8xBEk40r8EVrYoNguTAqfFM2M-BKqpWmATgj6T7hrVJKRpI6NFik4jaHhtO5A&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

176 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/ 70 KB
14 KB 1346ms
1132ms Document
text/html 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard / PHP/7.1.33

Resource Hash

d34194fe51ff39df244e84b34ff81e8481464d14fe3eefb20b62b63e7c2d923a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: max-age=1, private, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 23 Jul 2023 15:46:58 GMT
expires: Sun, 23 Jul 2023 15:46:58 GMT
server: ddos-guard
strict-transport-security: max-age=31536000;
vary: Accept-Encoding
x-powered-by: PHP/7.1.33

GET
H2 200 jquery.js Show response
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/ 334 KB
94 KB 499ms
495ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/jquery.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

b9db30db84c353b393ebed43c0803e40d62453ec010584b9449a28f0348cd01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 08:53:06 GMT
server: ddos-guard
age: 1
etag: W/"536b8-55b2d6f820080-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Sun, 23 Jul 2023 15:46:59 GMT

GET
H2 200 main.js Show response
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/ 860 B
561 B 421ms
419ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/main.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

a94755ecd90a113ceb5ffbb9a9834639bbf215711895074c4181eb309929ca25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Wed, 25 Oct 2017 18:13:28 GMT
server: ddos-guard
age: 1
etag: W/"35c-55c630327a200-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 style.css
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/ 94 KB
15 KB 529ms
527ms Stylesheet
text/css 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

47a37cabd33f930dd28119e3ba60cca269770f1b2a774a52bad0a75d8076cd8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Wed, 30 Jun 2021 13:22:17 GMT
server: ddos-guard
age: 1
etag: W/"17698-5c5fb9c888be4-gzip"
vary: Accept-Encoding
content-type: text/css
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
expires: Tue, 22 Aug 2023 15:46:59 GMT

GET
H2 200 font-awesome.min.css
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/ 30 KB
7 KB 368ms
366ms Stylesheet
text/css 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/font-awesome.min.css

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 15:14:28 GMT
server: ddos-guard
age: 2
etag: W/"7918-55b32c3619d00-gzip"
vary: Accept-Encoding
content-type: text/css
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
expires: Tue, 22 Aug 2023 15:46:58 GMT

GET
H2

200

header-bidding.js Show response
yandex.ru/ads/system/
Redirect Chain

https://yastatic.net/pcode/adfox/header-bidding.js
https://yandex.ru/ads/system/header-bidding.js

110 KB
32 KB

2666ms
646ms

Script
text/javascript

2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/header-bidding.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

b38bb9174e4b7d8a2dcf5eb8cc14bf1a817b1cf9b4fe89be4cdca41d81a9fe4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1690127222500888-11165549465621946124-balancer-l7leveler-kubr-yp-vla-35-BAL-7129
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sun, 23 Jul 2023 16:47:02 GMT

Redirect headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
server: nginx/1.17.9
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
location: https://yandex.ru/ads/system/header-bidding.js
access-control-allow-origin: *
timing-allow-origin: *
content-length: 0

GET
H2

200

context.js Show response
yandex.ru/ads/system/
Redirect Chain

https://yastatic.net/pcode/adfox/loader.js
https://yandex.ru/ads/system/context.js

299 KB
86 KB

1063ms
155ms

Script
text/javascript

77.88.55.60
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

77.88.55.60 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

yandex.ru

Software

Resource Hash

13f5a94a9a48ad2d88290043b8529326e91b6bc2f08cf01ce2658e5fec6414ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1690127220069288-6146809260454955227-balancer-l7leveler-kubr-yp-sas-19-BAL-1236
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sun, 23 Jul 2023 16:47:00 GMT

Redirect headers

date: Sun, 23 Jul 2023 15:46:59 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
server: nginx/1.17.9
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
location: https://yandex.ru/ads/system/context.js
access-control-allow-origin: *
timing-allow-origin: *
content-length: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 181ms
89ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07d266f7989ef1aa720edf6ae227b42159c64c65d88590186a1a16971026d874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27593
x-xss-protection: 0
server: cafe
etag: 795 / 19561 / m202307180101 / config-hash: 3532551707473895787
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 502 audiobook-lermontov-odin-mezh-nebom-i-zemlejj.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/9/ 0
0 448ms
364ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/9/audiobook-lermontov-odin-mezh-nebom-i-zemlejj.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-chelovek-v-vozdukhe-2.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/8/ 0
0 467ms
383ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/8/audiobook-chelovek-v-vozdukhe-2.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-chelovek-na-zemle.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/7/ 0
0 440ms
356ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/7/audiobook-chelovek-na-zemle.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-dvojjnjashki.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/6/ 0
0 442ms
358ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/6/audiobook-dvojjnjashki.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-zelenoglazaja.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/5/ 0
0 443ms
359ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/5/audiobook-zelenoglazaja.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-poslednjaja-dver.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/4/ 0
0 440ms
362ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/4/audiobook-poslednjaja-dver.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-znakhar-polskijj-jazyk.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/3/ 0
0 395ms
355ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/3/audiobook-znakhar-polskijj-jazyk.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-tropinka-v-odin-sled.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/2/ 0
0 402ms
361ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/2/audiobook-tropinka-v-odin-sled.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-nechestno.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/1/ 0
0 366ms
355ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/1/audiobook-nechestno.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-zvezdochka-svetlaja-zvezdochka-rannjaja-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/0/ 0
0 360ms
349ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/0/audiobook-zvezdochka-svetlaja-zvezdochka-rannjaja-1.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-kosti-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/9/ 0
0 364ms
354ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/9/audiobook-kosti-1.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 502 audiobook-staryjj-prestaryjj-sposob.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/8/ 0
0 363ms
352ms Image
text/html 2606:4700:3038::6815:e9e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/8/audiobook-staryjj-prestaryjj-sposob.jpg
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
50 KB 144ms
67ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8396e571ae530c2c35832b621c27614fcccc7b47f4e63a9d2e28b0ca8201b3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50557
x-xss-protection: 0
server: cafe
etag: 277771437999913957
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 webfont.js Show response
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/ 13 KB
5 KB 130ms
130ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/webfont.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 08:53:02 GMT
server: ddos-guard
age: 0
etag: W/"3384-55b2d6f44f780-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 audioplayer.js Show response
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/ 386 KB
58 KB 494ms
493ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/js/audioplayer.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

f919c02713441d1502a5297ec6201783ecf8070a47d5df866a78ca2fb83bc865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:46:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 14:24:22 GMT
server: ddos-guard
age: 0
etag: W/"607be-55b321035b180-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 6784b6590879e680b5e1.js Show response
yastatic.net/partner-code-bundles/811262/ 14 KB
5 KB 207ms
203ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/6784b6590879e680b5e1.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

015cbb23fe64ff8f80ebf425fc0470508add4fd73d829b5857e2af5e011c2488

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4776
last-modified: Fri, 21 Jul 2023 12:47:14 GMT
server: nginx/1.17.9
etag: "3644e8e92196f267c174ee6630004610"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:17 GMT

GET
H2 200 da6b99126d8e2b168021.js Show response
yastatic.net/partner-code-bundles/811262/ 24 KB
8 KB 238ms
234ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/da6b99126d8e2b168021.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

918d86b34426127afbbb1bf5164bc3aa6867a9b591f5cbf78b385abcad00d925

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7946
last-modified: Fri, 21 Jul 2023 12:47:15 GMT
server: nginx/1.17.9
etag: "4d9268255fb762dc9ded1ba6cd25da18"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:17 GMT

GET
H2 200 8bac57c047c5fa05c5b8.js Show response
yastatic.net/partner-code-bundles/811262/ 126 KB
26 KB 272ms
269ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/8bac57c047c5fa05c5b8.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e1895e29e4dfd0928386fb0b6be3a94ce6d554d52c589a4e68e768d0092c4fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26359
last-modified: Fri, 21 Jul 2023 12:47:14 GMT
server: nginx/1.17.9
etag: "37e55c2fd59e02363efcbb4575cb58ad"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:17 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 309ms
306ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:18:17 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 140ms
139ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: 697ee02e3b259bb7
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Jul 2024 21:31:29 GMT

GET
H2 200 a42bb8515b5b7b168f15.js Show response
yastatic.net/partner-code-bundles/811262/ 7 KB
3 KB 319ms
316ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/a42bb8515b5b7b168f15.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

87cbff2907addb1f3e879fb7781be8a5595479856c1c5965a99efb56afed6144

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 2083
last-modified: Fri, 21 Jul 2023 12:47:14 GMT
server: nginx/1.17.9
etag: "f92dceaeb2dde551b8c299bc5e3f9744"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:22 GMT

GET
H2 200 be2122aa86467d086063.js Show response
yastatic.net/partner-code-bundles/811262/ 621 KB
117 KB 320ms
317ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/be2122aa86467d086063.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

475b5e40e4c41e722538f591ff5a9782f86bace4216a0da52b4fbaaf871e3769

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 119471
last-modified: Fri, 21 Jul 2023 12:47:15 GMT
server: nginx/1.17.9
etag: "5401e6453df338953d7603809c69ff1f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:22 GMT

GET
H2 200 fontawesome-webfont.woff2
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/fonts/ 75 KB
76 KB 144ms
142ms Font
application/octet-stream 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/font-awesome.min.css
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 15:17:21 GMT
server: ddos-guard
age: 0
etag: "12d68-55b32cdb16240"
ddg-cache-status: MISS
cache-control: max-age=1
accept-ranges: bytes
content-length: 77160
expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H2 200 bookmp3-logo.png
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/ 27 KB
27 KB 467ms
466ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/bookmp3-logo.png?v1

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

12d8aae0cf51d039bfbef1c8f7ec828851423f05c8f9e5d290b2c2e15cd9a8a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=31536000;
last-modified: Sat, 21 Oct 2017 10:38:23 GMT
server: ddos-guard
age: 2
etag: "6d15-55c0c3048e5c0"
content-type: image/png
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 27925
expires: Tue, 22 Aug 2023 15:47:00 GMT

GET
H2 200 icon-menu-dd.png
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/ 190 B
267 B 157ms
156ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/icon-menu-dd.png?v1

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

db0d17ee9c24794dc313d2588c0c19bccccb2f7439a0dcb6be8cc985df84baf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 12 Oct 2017 17:43:11 GMT
server: ddos-guard
age: 0
etag: "be-55b5d12ea89c0"
content-type: image/png
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 190
expires: Tue, 22 Aug 2023 15:47:00 GMT

GET
H2 200 icon-search.png
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/ 380 B
490 B 132ms
132ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/images/icon-search.png?v1

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

3be3f024c46ff93eb55bb00f599911ef69c7957b19c8c3df9aca743259f35ae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 12 Oct 2017 17:41:41 GMT
server: ddos-guard
age: 0
etag: "17c-55b5d0d8d3f40"
content-type: image/png
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 380
expires: Tue, 22 Aug 2023 15:47:00 GMT

GET
H2 200 v2 Show response
an.yandex.ru/adfox/264109/getBulk/ 210 B
819 B 1114ms
181ms XHR
application/json 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/adfox/264109/getBulk/v2?pr=2072589700&pr1=167824811&dl=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&prr=&extid_loader=&extid_tag_loader=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&date=2023-07-23T15%3A47%3A00.590%2B00%3A00&pd=23&pw=0&pv=15&pdw=1600&pdh=1200&ylv=0.811262&ybv=0.811262&ytt=139637976989701&is-turbo=0&skip-token=&ad-session-id=8913641690127220599&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22supportHDRBrightness%22%3Afalse%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1600%2C%22h%22%3A0%2C%22width%22%3A0%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A810%2C%22top%22%3A-12%2C%22req_no%22%3A0%2C%22ad_no%22%3A0%7D&enable-flat-highlight=1&pcode-version=811262&p1=cmaqk&p2=gxwa&slotNumber=3&bids=W10%3D&utf8=%E2%9C%93&pcode-test-ids=810507%2C0%2C9%3B810244%2C0%2C34%3B802252%2C0%2C59%3B806791%2C0%2C58%3B802634%2C0%2C95%3B803000%2C0%2C48%3B808036%2C0%2C3%3B805962%2C0%2C31%3B801975%2C0%2C88%3B798891%2C0%2C60%3B803896%2C0%2C13%3B802014%2C0%2C75%3B805227%2C0%2C3%3B805235%2C0%2C5%3B800948%2C0%2C61%3B808198%2C0%2C36%3B811262%2C0%2C95%3B681843%2C0%2C78&pcode-flags-map=eJy1WNty2zYQ%2FRc9Ry7vF7%2BBBEih4kUFQDlKxoNRY9VVx5eO7aSpM%2F73LgBaEmUFci71g0xS2sMFdvfsWXwZzRGXfNKeSYRlhTJSyaJlkjYyQ01D2Oj0%2FZfRp%2BXVx9XodCRYR0ZvRg%2Br%2Bwd6AfdR5PtBPHo6f7OFmbEWd7ngsm3kDHWcWBFiNw18g0AalFVEkryttyAV5UI5M6eYtOoCvs1aiVg9gF19%2FnsPNfRDjYop17B52zVCMoIpI7mCRLOZ3TPPCQJvszZYiKy7SlDWVhWgNUJdECbPkMgnBEtBayLbouBE2HF9z4n39kxQAS6iBsusxQsViRliqCYC8DEpELx3gFmgig9BgziItqCMCLZQAWiIOGvZVBLGWnso4zAK4nSD0AeD5wg%2BKzqFy47NyQIQz8AlTsvGDhc5sR%2B%2FgPsRjKptSllUqFR71lVYQgSrheRTOjObP0dVdyTb4ihOog0ixC2fQtIv2k5IXrXwQd8RiEHXYMQo4UfAEjdwh%2B6RtzPjIiRwTjin8Ay%2BFPJtXdnBEt8N4teDyWwBm4olX0A5%2FHxohLGsqXmeVy2H%2FM4YyqfHtuS7VpG3mMiOVa%2FGVtFWIZsxoqtxW5eGJvrvB3CuA38DvNRPY%2BcIXtYVBdQgqWdiAWVQ033Qb0aczxDFP9%2FDooPr70VtFFX%2FZE%2B%2FgvlD8TmM%2Bf%2FtwPdGX%2BV%2ByVAmK9KUYjIwgq6S7JolTuLEwbYdCE2Uc8I4bYf0CL9Lw3Bg6zp%2B7GvbBTQP8layTuK2RrSxdcfQiT0%2FOmgmoV0KRjOruec6UdCbK0tjIlF1hhbcagmtPjWMOdNFD22Uk0bYbULPcQatvG%2FhOWdWw9SNE%2BOmjqiRM7JraEGBzmgDzbVAObFjJF7fq1XPYqRghE%2BA10qa2%2BwiN%2FH7LYIlFpTViukYELZKVJBXkGsZxVYI2GXPHawbJAhDJexX37hUxvOcEdJIzmd2f1I36P1BkNht0%2FuCCiUxaKHEBiwLYWJ3Kk7SyIgEpYcK6JENhh5s7CF99kWV3T6b6obL9ZYMFZ4dJQ2ceINSEdBLgGBVhFGUBJHZzp1tKxkwHCiRqWjtfidR4Pq7%2B6cFlTybAMgOXgMSQge87JhqmZ1SnDmhc%2Fu2xq4TxEauMiZNpomONX148opCtMWEtV05sfdIF5DM%2Flbo3UJHVOpS2zX7Mvpj9fDhz3p5d7m%2BGZ26ofNmdH37%2B%2FpqxT8sr9Y3l6NT72mAGkIZaFReIybkbx3piG7sWYWUggIG2H3B%2B9H1cn11cvcRfPt3eXOx%2BgzXv6yvl5er%2B8Gjy%2BW1fnLxuLoxP19%2BWj%2Fcmsvrk52bi5t1%2F1QhbxDgwd3y8er28c%2F%2B68c78%2F%2Fj3fLkZvXP%2FYsf%2FLW8vV5r0%2FPDS2yQgHjJmrBSfWKKpECllddA0nt9cumyIBB7RlAugMKPGIa%2BY2YMGBuepT6If3h109UZsTJcHLp%2B33H0oKWHGrCEXpaR3FTknHIK3HEEJnZM9gGNgPSrFcGVmnIoLtCB8BJceCj2orFLCm8cBDkaZxnOxjhHnp8khEQhHu5vEoZp3xyHk9xO9Yi2yyemhpTkVOuAdshUDf0KhH%2BkhqBEobOqN6jW6ylGAIrFgItqa3HHSRy40SHf9GwGs1aVqSyfwQc8Ecov2lBxYKh6gRwEoTtE3lmvpkBaSsQh%2BFxToRUtdSFdjuyhwswF0rPkZqDvp1V7Kh5A38GtaDkRwEGkfq2PwGTPUx9klVb84AcIG2u7j1Ngau8AQF%2BWr4JIwx7CqAxBuKCYv2iSn5b3D0MpFnvhs7CBzBM0N7WcVS3EH1rF2YQKcqAe2JiOvSB1QdyNXYDcvff27v29%2B0Dfo7EXglCNPbA%2FH%2FiURu52Yn3Wq6KFojDFAdkIAkPt7qRrQBQgOhwHw6H4Bc0YOtsRDQmh5C3%2FFkT%2Fa4AIczyd75EWfO8FwZ6F16sR2kB6IchZk3MEsUGSOif%2BYC88L%2FR2z4pUq9yU5RER8eHhahjs6FmLqpqZYAYTrkryBmZUu6EX%2Bcb71x1VqeoGVptQbC2dxPEdZ48iRYkkq2cDpafP2HaoyCSn0XN2fHhDdBRfiw0zg6hfvRKxj8cOjjnfGQalf90rMRvSMVRJWkM3PBKRMI28rR5UB2oEBih1ZAE0aASZ%2FaVu2usvzck7ZtIoHkGP9NA0Sfps0gHqmroDpthf%2FZH4gzjeOKGpVgM807jd2HNck5RMZOawE5SjgJXwWctUKaOmPJJ%2FoddLoFwdaUqOCmKEvc4Ja%2FdQxv2Bq3mT5ux%2B5FIMUyFB7DF00r59G82ljzjNm%2B12iZsmW7J%2FyT6uF3lD9tFPns6f%2FgNrw7OU&use-server-side-rendering=1&pcode-icookie=ke%2FWdq1tz0LHrWI5mK03WsVwRpwA2pvrOhfRVgMgstu7NS6mRsJv03s3wQWeOJG4I2u2a7%2BSVX9UO7ZSecLvxnLvZTE%3D&top-ancestor=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&top-ancestor-undetermined=0&grab-orig-len=2956&grab=eyJncmFiX3ZlcnNpb24iOjIsIm9sZF9ncmFiX3NpemUiOjE2MH0KEqW0kCS570EYqJOKlf4khQfue69rtITXr0u_BPzztZmTPmvXt4vhyKaB-YnTxBHcj2zFMdpCS2-aLFkKX34BfSKAK2amrV2hSTylevHVL6ej0ZiYmEBiYmIGs0HQKQfGSEY8lEP2gDBHMjvVUHTKTjLUXduJ5kOUDcVQD9QhmwNrpA8B5eS79qHHs66nLc9pzEYWVgM1fNeA8OCrOvFI54sWagHfOXC6bqQPJ3-uoV7Db6sa6vmQXmT6YMcredwrT0648YTPMsA-pHgOlO2J0cD_zoqu-W7a7znQjtXpwOqaa6TuJAfzDO9a2Ncf-yvTDLRnXada8UN-BTpoM3Nhd9CWFb3dkVmyorQjRGYdntbHYS6zapoqcwnHS1_qrQaLMbPkJu-05qasNGVwvAP_-yg60XOcTqf7ARSY8YdTHNPEi780x9LSksvOiYhSPl-C8AuLB-p8qMoXS8U6B-TNJub3e-Hyh4S-JTyrY-TYc-3CFB0tfP4vAbrtmRwVPxB1J_vCE1avR5wZNCU0GLmBXh9giRqpdLALOGigUr6ihan46vU06rDl9NDsDnoLzGktKr0ejtfGFpU6bWwwDJXRKwopy422yiAmlVW2ohSTNeQwxOStZVG8NHURyhcWffbyhcXuqAKSbIXFROO1Awx-gHuWo0yX2-3wVF_PCUNeCMEf5El313VixAqAtMn-S-61n-oeaIJY0PbL81_9_0QMj_jfIR6YiBWEG1KiRIiHuhDO2DRY6GgveXpjZbIPiJ34X3JPjjsZ6xX3R9Z08trhWfFCSdhenm_FByCBN2dgoM0L-tLg5QvFYjKVhpcoKwMsC3R-Is2VxSQC7a4m1KZJMTD8BwOdJBnM6XKvXUKeQ5KGJHFuCRJiV8ihLc8CHEryJxFtLk3UAcGFRYBgBktWmq-YRqOh2JOK6GEAJflro8_gqf30EifpCNiJPxEW5h-53vgDiAH4wAMjMHEfL4I08AYkYfD2L7Byg1mIofqnXivtfeEgIEcV-tywRBwpkq-n3dBI65JAvLMsnjjNHxGRdvE_9rhEmxhzfaYXP0djobjY4-gB2NKQg8DAYM1hLomNRFZ8xDK0FPEl7UERT9Sz3OwVb2nLTFNcbGspgncJ575TIp6_zZeXbwkLKeLw_5o-NnTYhuyeMFT1_Hceb7LDH9KB3nzRc_vl632iPaz8L5QOVAFVLxYpxkb6KqsQjyFOWBbDBwprXlCbTT5xs6nPDBYTndf-TvVHeMWyMDnfGeITRPKNnIdPq_g-CplWT2iT7acYijlwFjfX-ejoYqyZ4dXMLEjj1QGAOAcB04OA3bD09PuAlIcjPND4z4PxpZOPlGvuM8B3KPcj_Md0oXxqsdpp_P2IYEmTcn0P2bNAd-Q7fuCac4-O0Pju5HTW55FxLgRAX2gRmtIAxCUn-lL2T4cowVvWq_9CGD6fOR918m07_mG-EL8T1O2i-UT4CELwahYn50U8fREwG5ceMf-oVZIzLHPLo4DeELcE9AgjymIPyqH2F5MEuwSXC9kaStGOxKy9NT3kqm_-3Uy1G17tgst5EE8fBOSGoXQxOcxFAaE9Xxpu-Y4UFYVwtwQOeFBABhEk4EHwd6zz8GsnJzLx8lg4zQ61lo6LSpqzCakWiyPiknC0NqBDnqEeuvV8fJkPPGMCW5Qljb9vuWo33JqZ4znxLmadgpr86OY5BO2-tLp0qnP0nwJWMU08lKByy53APd6P8cT00zjfQ44jDB5zqNne2WrK1nOMkk7qyzXCPbVzJ9nQQbGOzDkzZ2P29xLGmoWldjNxXsLTl4BbC_A5dLJz6NY8H0cGzDDOcIllE5DQvon96Mlk9aGpHwvnEQ9tpC8knuuHqwGkdZOJqXZxDJy8PBCEj5ekkW_3GBCXvOps9fIzoDZrveIj3K38E18RboA_Tcm6CLK5WK2yvSrEZv3ZOi8Ucd7EQ5f9LJ5oO_wm3Vj01Z83pF11goZ9NnSwmGjdGsLWu-EOtOO5uRRtST0Hfoh-7Dp_58DbWKM7LTL2BZmh8NmXmbFm5vjtvLwKbuS-JVwSfXA-16SX-qYC1XWys2jujthfSJPqGZPTVgK22kqisxP5c-jdtZuR8yyePgt7d4i6R1KisrWNYjQ6XNnZDGG3Vh5Y3BGZUFdt_ccheODJaj9UflTsQjrK4M5w58lBBJE_hTpcMPR7hDtU9DDZpC8Vk7AVuZUG2fW4saKzmKosN4hPhSOpW9u17XW00I4AS1bWLpFRtVNEnkVEnllEnklEnlF4_yw2lBZmeXC9lpXQsykKwxYNVI32AflWnm3_lrSZq3R8zT53Dtcp52pLd-WVzo-fqp30qdtESyU1kcrakurdb9JmePrOKew5AG0DqwOnrc6eU8WCrAZ9Dsjh2irUAr5z1CnW4i8Ph203OT-g69PvkrmTL2r0a5Y1D-fqWaIWWC19dN_iov3XmtJRdyUezZRePMrzSNxWYOpF4N0sVSvdbV2WMc6KyH5pjsM9a8t7vMtF7bNncxiFWZH8tUy2Jdgh51YsyjrWHcoWK2-OYtzx55HWrx7zZoWbvGNgKs3MVSt40cvq8BjtDlqnHeHXOg7PN76X4z_kQ3yjb3oDN_-zv1R6ub1Zzl67LXEUB430Ln0s64QHL9UTNRToqs0-IcrvfVH96f7SteXJI9V7cj1aFpLgjUUXMp3wktDSSHhTtFP8yy5FbYu02lZy1lNcBTuFTI_bEw4NoZE0_AaaGensiY4FSxPfimrH9u0Ft965ZN-ypQ3VTv33nB5oaKe6_m4YZ_eL1Cbtf2TbiipIwI_TJJqiLCU3e8nVdQqguKGqrtiwzFVytBmnvBWmaX0XLmQiepvFH1VTbL-UfW4ilRsAkhP48H_AKGI0O7pMiFoEvfv_OP_Zt_AA6A%3D%3D&tga-with-creatives=1

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

a77253dbd514195ad72d61e790bac8c93e77ab51b4489020982dd39d60595a13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Sun, 23 Jul 2023 15:47:01 GMT
x-yandex-req-id: 1690127221645210-996868425506545227300252-production-app-host-sas-pcode-376
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
content-type: application/json
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437
https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437

753 B
1 KB

147ms
147ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

HTTP/1.1

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

a61735542ef93f832ab8321f9670a83ff11f58b5e122b2fb014199e32de05312

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 23 Jul 2023 15:47:01 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 753
Expires: Fri, 22 Jul 2022 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 23 Jul 2023 15:47:01 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/;0.8010692155632437
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Fri, 22 Jul 2022 21:00:00 GMT

GET
H2 200 hit
c.hit.ua/ 471 B
738 B 1050ms
142ms Image
image/png 89.184.81.35
MIROHOST Web hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.hit.ua/hit?i=84925&g=0&x=1&s=1&c=1&t=0&w=1600&h=1200&d=24&0.08462296421849702&r=&u=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 89.184.81.35 Kyiv, Ukraine, ASN28907 (MIROHOST Web hosting, datacenter and domain names registration in Ukraine, US),
Reverse DNS: c.hit.ua
Software: nginx/1.17.9 /
Resource Hash: e15abeb092cdbdbf13387272ef594bdc55711678877bd4d70165479676545af6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="UNI"
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
server: nginx/1.17.9
expires: 0

GET watch.js
mc.yandex.ru/metrika/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 245ms
25ms Script
text/javascript 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 23 Jul 2023 13:56:36 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6624
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 23 Jul 2023 15:56:36 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/ 385 KB
122 KB 26ms
24ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 00:12:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56046
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125179
x-xss-protection: 0
server: cafe
etag: 2430563369519042680
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 22 Jul 2024 00:12:54 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 83 B
101 B 98ms
38ms XHR
application/json 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

509acd0a7a223475c8d8d3a41a9221985749279ff42da166a5974c643e068433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76
x-xss-protection: 0
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/ 360 KB
123 KB 69ms
67ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a3ab3034d8f8e53865994d18730046a9453ed8e61d8f03843f3e51596eaff27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126143
x-xss-protection: 0
server: cafe
etag: 14793590950562149881
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/ Frame FA2C 10 KB
5 KB 93ms
25ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24672
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 08:55:48 GMT
etag: 12368291122986407432
expires: Sun, 06 Aug 2023 08:55:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
526 B 83ms
81ms XHR
text/plain 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2375589004232872&correlator=2733959403433059&eid=31072020&output=ldjh&gdfp_req=1&vrg=202307180101&ptt=17&impl=fif&iu_parts=21635236099%2Cbookmp3.ru%2CM_Interstitial&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=3&adks=218515113&sfv=1-0-40&ists=1&fas=8&sc=1&cookie_enabled=1&abxe=1&dt=1690127220984&lmt=1690127220&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=false&dlt=1690127218653&idt=2278

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f31b1043f1cc0f458e742251b52d80e5923ec214b6838c24adb575489c19f878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 496
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BF3A 6 KB
3 KB 245ms
134ms Document
text/html 2607:f8b0:4006:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 15:47:01 GMT
expires: Mon, 22 Jul 2024 15:47:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/ 37 KB
13 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f0f1071ab7fcf6a87e947376a3d52b3cdbffe66c5a0acfc72a6e17fbd4a4eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 13:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9360
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13169
x-xss-protection: 0
server: cafe
etag: 3859843786994776570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 22 Jul 2024 13:11:01 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
255 B 40ms
39ms XHR
text/plain 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1607610873&t=pageview&_s=1&dl=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&ul=en-us&de=UTF-8&dt=%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAACAAI~&jid=1529232520&gjid=1830146029&cid=79069004.1690127221&tid=UA-109514583-1&_gid=1244563249.1690127221&_r=1&_slc=1&z=382783744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

bc4540a14193a6537e0c03127bbf19848e6226bd437f2550d18f1f385c55eccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 387 B
598 B 470ms
114ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&callback=_gfp_s_&client=ca-pub-1618592205083780

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db129aa3921147903ef714d1826cb9e5ee3dd8183fbe7b18579215096509e06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 470ms
91ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C075 37 KB
15 KB 231ms
229ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca45bad6468c27d6c1d3eb78e2e652313a31fd0af830051547ab6e5253d07597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 15488
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 15:47:01 GMT
expires: Sun, 23 Jul 2023 15:47:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 76ms
71ms Image
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=b-topbar&ign=false&pw=1600&ph=1200&x=800&y=0

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 46FD 342 KB
39 KB 506ms
505ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&adk=1812271804&adf=3025194257&lmt=1690127221&plat=2%3A16777216%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220824&bpp=4&bdt=2171&idt=354&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da1f7e42694b36bd9%3AT%3D1690127221%3ART%3D1690127221%3AS%3DALNI_MYGIsaKblVLPn8tvlQKMl7k5IjcIQ&gpic=UID%3D00000d0ee2dfbb14%3AT%3D1690127221%3ART%3D1690127221%3AS%3DALNI_MbAAEJ9kqJso7rHhEc4xg8Lxi7fiw&prev_fmts=710x178&nras=1&correlator=3351506828697&frm=20&pv=1&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=398

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2d687217fadfec4734a492a74be62ee53b5a538a7c0ca8fdedc3b3c6341bc42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 39495
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 15:47:01 GMT
expires: Sun, 23 Jul 2023 15:47:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
77 KB 309ms
108ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XR25G8TDFM&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

41f9aca596f32a079981c9bd6e8b148666c75438488d60bce83cbf9b59ed0f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame C075 3 KB
1 KB 150ms
29ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame C075 20 KB
9 KB 143ms
23ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C075 0
0 142ms
40ms Image
text/html 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTSAjRUUHiBFcZ9Gfsx9rTC1w9NxdBCQLA17i_BrSw6QxX1zBTHatphPylCEMQdZ58JSqZ_HBZAnkOGpQ84skXWxFNTLA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2004 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C075 179 KB
57 KB 163ms
59ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 9C18 108 KB
40 KB 145ms
58ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=ZL1LdQACpZAE0aGKAAKnoe4wjXxZ1pjEmWb5Cw&u=%7CwA%2BmiyMqVBb9vL3O9A9cozJdmgEWD5DWNb0mPQ1z22k%3D%7C&c1=SMhbYeryLxkG14NwFf2jh1KVMrwDvmO-dbHERHVj9MQgFtTN83TUdVFZz6mvMC78rklu3251mk0mb-RBzl6Q31aohG_DEjutoXymwHZ91Z7Dc748EU96e8cCXwGxXyB5_dhOEg1aQCGLn6HMN8kYuxmq0Ndjr_pkr-lVQJZNsoZlxBr7_QwAgSZL8UhWHaCogbeOP14PXmSsDlUXbOpqr3QWg0szsv_LeHpifnYBK-OsoniL3p4p1UJluB2aJ2m2yntCF3SwNfVPL2m88yOq3WY3ypgSMDtmlVj_dzW6it6MzkS0UBKMqKeUmqrizh_fsVEP-FSNZzQoviaGyxyuwZYnoBMhV-iHkWME2fsX2qm7msLRNHDaOEd_v8NvFcvnWXVFw8BpIf_qfhhe_T7YU2iF-EMeqsw0ds6s8UtiIsQyQrZ5gJE-O8PlpC-ISW_aMXaVobKCc95sgx9Q_MD4EgV9YsHNIDk5Eb9JykkYs-aRnXnNIbeG8Bmv_r-JBF__GiXgt0d8f2KwlWssYx56yK-rTqKWi2P1wcLa1XGlaBdwzskvyvT9DnlHPqY6yhj7N52ZKwqoxUX48UcK9v9-9MuPHyVTkDscT35W1g_GYfeh9ffMULKvzA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8GYndUu9ZJDLCorDxtYPoc-K0A2cge-wXNKWqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItMTYxODU5MjIwNTA4Mzc4MMgBCagDAcgDAqoEmwJP0GqCwEe6WqcZ2EytUu18DhJvqOSTE8Qes61f68juP6wjE-NhBpnehtEim5YNv5IrUXtba567LGt0EmVQAOaxxq2JipXVKZpdwMJ2Vt-ASoe3LULq8hmJvXmmiq4R3DH6bunWYoIQ--UGyZHoc_l4kLoYl0JqQlvySgLjSQ-6THdZpjjusobhhXmZ2DT4Jf21FFhtUB_bwA-MoT9zxB4gj4_peD16ZKEFb_TmeWFFElPH8ICFfXler8Tx_TO9uJPsni2TMKa2ABbc-790kwepImpa1v0F6e9OGzceU2yMUgwGUHfPHD93UnOhY1eCKG26WCAlWm8eT2GAVgZ6GhHWCeDvymwKfoRiKzaxFdPUJpNOQWvvfnAeXym_gAbJx_363fjukhegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0qBGcXrp3ASEA6kZw9E_LGTALnkQ%26client%3Dca-pub-1618592205083780%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

021f81e33df0b5f169865ecfce210dca013af2e27dd74867d3f93ea99215fbc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 15:47:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=Pt5UZoct6OH0QOhtsC-a5cEkWVcVGYNPU7Qzuxlh5NPDnUKnAMCSiLb4dbHR4FTtneu1lfNx3ir6bDnFjauFm0rK7z_j_4Zh4s3IDwimmOz-iKwV0PfZpiW_R48cmGQ1NOlvdKVi8YVH8v0tyzNftggCPYtb-_zfFJgmDQ8b1-W5H0WQJliiuuAAoXpK1Lde60OiUlK_IDcbWEdqBuBxfgpduzjIErwSMJJMkg1nQobt06FtKtZBOrVtR4LaX7-8l7qfIg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 11951200
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4C9D 1 KB
643 B 28ms
26ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24669
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 08:55:52 GMT
etag: 48472445140208031
expires: Mon, 24 Jul 2023 08:55:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 4C9D
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEDtpf9uTxjZUbAPYmirL_BU&google_cver=1&google_push=AaAOQGHyLqMjOFW-XqBf5jV0I4ZfHI1EOoKe0ZFdjm23sxmRH3PXqFkz1MuxbAJ4e2CaF6tFY2bjFAviJZvt5Wak_1db15AtXWrrvgY
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

43 B
398 B

95ms
49ms

Image
image/gif

2620:112:f002:bbbb::21
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334
Protocol: H2
Server: 2620:112:f002:bbbb::21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4C9D
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESELJ5kAafMvJjwLhZawzaJ1M&google_cver=1&google_push=AaAOQGHqGVRiFzUsjE6koh---r0dZjKlWi-Cp5CH6mlzSugX1bmiGqH-dMXdtikwTDIf4Fa_8siTQxg28V-fWVDwvXmavdHMpI1TjS4
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkIzMzQ5NjM0NEY5MjA5RA==

170 B
232 B

45ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkIzMzQ5NjM0NEY5MjA5RA==

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkIzMzQ5NjM0NEY5MjA5RA==
date: Sun, 23 Jul 2023 15:47:01 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H/1.1 200
200 asr
aid.send.microad.jp/g/ Frame 4C9D 43 B
641 B 641ms
172ms Image
image/gif 202.233.84.1
MICROAD MicroAd

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aid.send.microad.jp/g/asr?google_gid=CAESEIaYqyGwZ9MojQk-g4iooZw&google_cver=1&google_push=AaAOQGEXB8NTccK11_4q0jLg5KQCtYqGmVEsJ0xwiEWL9hmI_kApe5TEJR1jutzElsvzwRVipt7Jnu9eNYMZs3PszS3vIrf55a_1iw

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

202.233.84.1 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),

Reverse DNS

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date: Sun, 23 Jul 2023 15:47:02 GMT
Strict-Transport-Security: max-age=3600
Server: Apache
P3P: policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Connection: close
Access-Control-Allow-Headers: origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4C9D
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEHRSOtNvfCnVVepGYCMblfg&google_cver=1&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-ux...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-u...

170 B
188 B

46ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-uxXYBx9bLPAXVGOMQA

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEz5FY24wASvUhREIaghOYFfB1dbGIH7kOBpXctzt8EnkBbE93suJ41Ow0PLgerGLn_PVvkytA-53da-uxXYBx9bLPAXVGOMQA
Date: Sun, 23 Jul 2023 15:47:01 GMT
Connection: keep-alive
Content-Length: 245
Content-Type: text/html; charset=utf-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4C9D
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFp13cPoy9V1cHRHjtrbQ2M&google_cver=1&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65SG...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABiYNup0Sqe-Qdqk4PkHbZUgCaHcMziQvToA&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65...

170 B
329 B

51ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABiYNup0Sqe-Qdqk4PkHbZUgCaHcMziQvToA&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65SGozB68IicqZLGr5tyuw

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABiYNup0Sqe-Qdqk4PkHbZUgCaHcMziQvToA&google_push=AaAOQGFDf2VJv4dD6nVvbBbr9bm8xX4K_8GZFOHki_rptKsZ4ncQk-Bo3iO6sDQQ3g_NT49boCMyFath65SGozB68IicqZLGr5tyuw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4C9D
Redirect Chain

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEJZ8fKERy00Bse9uudfhrck&google_cver=1&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExb...
https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESEJZ8fKERy00Bse9uudfhrck%26google_cver%3D1%26google_push%3DAaAOQGEUhwnQb1bbAZS-7s...
https://rtb2-useast.e-volution.ai/sync?adkuid=A7423259293904304121&exchange=193&google_gid=CAESEJZ8fKERy00Bse9uudfhrck&google_cver=1&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDw...
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYEx...

170 B
188 B

55ms
54ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5

Requested by

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEUhwnQb1bbAZS-7sAqlJU0s7I0QTVo0zFiTdCqXwfWzEDwyfnAHKGTCO9IylnN2GYPi4CeYExbj9su7oAmInnXDjZ8kciHJDO5
Date: Sun, 23 Jul 2023 15:47:02 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 4C9D
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEAHgBEPa7WhnemWLdqeQPnY?ext-param=AaAOQGEJ7fmu9yMljUQ7XPONYAjTXwYa-Rs_UoUHdf1TUqp4ds3UEyKwUkyXQI30YiN14TzSiA_L-XqMsRtD2PsEuRxVn-WfrwwGjD4H&partner-tag=yandex_...
https://an.yandex.ru/mapuid/google/CAESEAHgBEPa7WhnemWLdqeQPnY?redir-setuniq=1&ext-param=AaAOQGEJ7fmu9yMljUQ7XPONYAjTXwYa-Rs_UoUHdf1TUqp4ds3UEyKwUkyXQI30YiN14TzSiA_L-XqMsRtD2PsEuRxVn-WfrwwGjD4H&par...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEAHgBEPa7WhnemWLdqeQPnY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
78 B

772ms
771ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 07 Jul 2024 15:47:03 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4C9D 0
139 B 137ms
39ms Image
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I-mJ-ChxqSC_s9VgNTZLvzMUQHhJ7YscZQzIvLnpUXireNuUvqfvq7Stizal_XNsBT1DmGkO8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame C075 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af0d78cf0adffce717ddc17cf4c4b6fb92320ec7d490cbb9c6d1c39ee4cc5364

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 39ms
38ms Ping
text/plain 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-XR25G8TDFM&gtm=45je37j0&_p=1607610873&ul=en-us&sr=1600x1200&cid=79069004.1690127221&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&ngs=1&_s=1&dl=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&dt=%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&sid=1690127221&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XR25G8TDFM&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:824::200e Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9C18 2 KB
1 KB 365ms
44ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZL1LdQACpZAE0aGKAAKnoe4wjXxZ1pjEmWb5Cw&u=%7CwA%2BmiyMqVBb9vL3O9A9cozJdmgEWD5DWNb0mPQ1z22k%3D%7C&c1=SMhbYeryLxkG14NwFf2jh1KVMrwDvmO-dbHERHVj9MQgFtTN83TUdVFZz6mvMC78rklu3251mk0mb-RBzl6Q31aohG_DEjutoXymwHZ91Z7Dc748EU96e8cCXwGxXyB5_dhOEg1aQCGLn6HMN8kYuxmq0Ndjr_pkr-lVQJZNsoZlxBr7_QwAgSZL8UhWHaCogbeOP14PXmSsDlUXbOpqr3QWg0szsv_LeHpifnYBK-OsoniL3p4p1UJluB2aJ2m2yntCF3SwNfVPL2m88yOq3WY3ypgSMDtmlVj_dzW6it6MzkS0UBKMqKeUmqrizh_fsVEP-FSNZzQoviaGyxyuwZYnoBMhV-iHkWME2fsX2qm7msLRNHDaOEd_v8NvFcvnWXVFw8BpIf_qfhhe_T7YU2iF-EMeqsw0ds6s8UtiIsQyQrZ5gJE-O8PlpC-ISW_aMXaVobKCc95sgx9Q_MD4EgV9YsHNIDk5Eb9JykkYs-aRnXnNIbeG8Bmv_r-JBF__GiXgt0d8f2KwlWssYx56yK-rTqKWi2P1wcLa1XGlaBdwzskvyvT9DnlHPqY6yhj7N52ZKwqoxUX48UcK9v9-9MuPHyVTkDscT35W1g_GYfeh9ffMULKvzA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8GYndUu9ZJDLCorDxtYPoc-K0A2cge-wXNKWqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItMTYxODU5MjIwNTA4Mzc4MMgBCagDAcgDAqoEmwJP0GqCwEe6WqcZ2EytUu18DhJvqOSTE8Qes61f68juP6wjE-NhBpnehtEim5YNv5IrUXtba567LGt0EmVQAOaxxq2JipXVKZpdwMJ2Vt-ASoe3LULq8hmJvXmmiq4R3DH6bunWYoIQ--UGyZHoc_l4kLoYl0JqQlvySgLjSQ-6THdZpjjusobhhXmZ2DT4Jf21FFhtUB_bwA-MoT9zxB4gj4_peD16ZKEFb_TmeWFFElPH8ICFfXler8Tx_TO9uJPsni2TMKa2ABbc-790kwepImpa1v0F6e9OGzceU2yMUgwGUHfPHD93UnOhY1eCKG26WCAlWm8eT2GAVgZ6GhHWCeDvymwKfoRiKzaxFdPUJpNOQWvvfnAeXym_gAbJx_363fjukhegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0qBGcXrp3ASEA6kZw9E_LGTALnkQ%26client%3Dca-pub-1618592205083780%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 9C18 2 KB
1 KB 356ms
42ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9C18 308 B
636 B 310ms
40ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9C18 293 B
621 B 305ms
35ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 9C18 43 B
348 B 321ms
47ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=UQL0UaGCShzmOLQz9Dw8IboXfVQ46ZyCJ8-z0-BzlsHc_sUIDk1EDjCmYDdMj22Iq23K5awCUaxHgx3O2WI88sWIrLv1CTNni07Pp_EQv8mK3fDs1c8potMqve5E8VerhDEgiPwO1Ul6gyPnjyb9otVlik28fJY7RUriIQMHjvdxuAWJMaE4ZI7VcxEPkpLaa6KsnH62KnLJ_k9v8AcnalkBIbdU0QdIYo67QSBf5IUOH4u-SooUPNkGSET_DvU9xTJe2SLQLwUxR-nvvRNn3T1NSNV5EtqSextm9vALEk3p4TYGtFfDtvEJAjozBniODFGaDUCi_zBuTB3nj-TE6Yr1yv0EUfJ7rHgQupOqQ_5ks2UZAS5ihnnYCkpgrzapvqhIW_2Gvox1IXjJRccfm3ZELN52LGv0uUc2KC_EFjP9RLeb

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2569201
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 906c3b67d31bb71b1927.js Show response
yastatic.net/partner-code-bundles/811262/ 9 KB
4 KB 101ms
100ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/906c3b67d31bb71b1927.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

1e2ac6f9a72032fd1d20e9edb74a8e7362119620364823014ac430dcd0f18825

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 3557
last-modified: Fri, 21 Jul 2023 12:47:14 GMT
server: nginx/1.17.9
etag: "c1e6b8b79ac59bf5520aaab779170b9f"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:22:24 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9C18 12 KB
6 KB 210ms
54ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/ 154 KB
52 KB 52ms
51ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/reactive_library_fy2021.js?bust=31076272

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba3fe57d4c6db83ac847ed57653f1867fbc81c14ae09bf3c4a21fd72058d2a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53530
x-xss-protection: 0
server: cafe
etag: 6068765988559616987
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 9C18 27 KB
28 KB 165ms
66ms Image
image/png 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?h=352&m=0&partner=52383&q=80&r=0&u=http%3A%2F%2Fstatic.va.us.criteo.net%2Fdesign%2Fdt%2F52383%2F4774029%2Fd776ec11ea57494ba0020202cc6e56d5_black_logo_600.png&v=3&w=284&s=HBfvElW0S6jGqeYZrlSX19Qx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

50e4c20b2a1596f5618dbccb3ad11d4f42f18066d9f89bfe7cb6b6b633a1afcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
content-length: 28037
expires: Sat, 01 Jun 2024 17:02:46 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 9C18 0
128 B 145ms
45ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=Pt5UZoct6OH0QOhtsC-a5cEkWVcVGYNPU7Qzuxlh5NPDnUKnAMCSiLb4dbHR4FTtneu1lfNx3ir6bDnFjauFm0rK7z_j_4Zh4s3IDwimmOz-iKwV0PfZpiW_R48cmGQ1NOlvdKVi8YVH8v0tyzNftggCPYtb-_zfFJgmDQ8b1-W5H0WQJliiuuAAoXpK1Lde60OiUlK_IDcbWEdqBuBxfgpduzjIErwSMJJMkg1nQobt06FtKtZBOrVtR4LaX7-8l7qfIg&sds=2&rev=87574&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 23 Jul 2023 15:47:01 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9C18 2 KB
1 KB 121ms
34ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9C18 2 KB
1 KB 31ms
31ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:02 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 46ms
44ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/ Frame 426B 10 KB
4 KB 32ms
27ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 76422
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 18:33:20 GMT
etag: 12368291122986407432
expires: Sat, 05 Aug 2023 18:33:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/ Frame CA7B 10 KB
4 KB 27ms
26ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 76422
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 18:33:20 GMT
etag: 12368291122986407432
expires: Sat, 05 Aug 2023 18:33:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/ Frame 3EA4 10 KB
4 KB 26ms
25ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307190101/show_ads_impl_fy2021.js?bust=31076272

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 76422
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 18:33:20 GMT
etag: 12368291122986407432
expires: Sat, 05 Aug 2023 18:33:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 426B 4 KB
1 KB 131ms
43ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:41:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 426B 1 KB
515 B 131ms
44ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Secular+One&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6cafba2d8fd7a8d76f356f7f298fc1cf743ca78f9f17f997e9000ba587cc748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 15:33:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 426B 2 KB
659 B 131ms
45ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:58:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 426B 3 KB
1 KB 53ms
40ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 426B 20 KB
8 KB 40ms
27ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 426B 0
0 59ms
49ms Image
text/html 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQBj_DQTWcyUFiwELfG_94YVSDpG-dkh7oEmBAk21A0JDabB0PH1aPM2WZxWNTk-Muhj_DZdum6ZmnCKVa-OaibdGj5sQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2004 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 426B 179 KB
56 KB 65ms
55ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame CA7B 4 KB
745 B 121ms
47ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:46:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame CA7B 1 KB
514 B 131ms
58ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Secular+One&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6cafba2d8fd7a8d76f356f7f298fc1cf743ca78f9f17f997e9000ba587cc748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:45:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame CA7B 2 KB
659 B 113ms
50ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:43:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame CA7B 3 KB
1 KB 38ms
31ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame CA7B 20 KB
8 KB 36ms
29ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CA7B 0
0 48ms
42ms Image
text/html 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOW9XiVMtR3dbhXn0vXwY-ZXNXfjUWLdRSezRrERtMnlAoIFZF2FcbsotSfKopEC9AfX_4j64ph0IwTgC-0h3jzNzCEg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2004 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA7B 179 KB
56 KB 75ms
69ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3EA4 4 KB
744 B 99ms
49ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:23:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3EA4 1 KB
515 B 96ms
48ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Secular+One&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6cafba2d8fd7a8d76f356f7f298fc1cf743ca78f9f17f997e9000ba587cc748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:46:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 3EA4 2 KB
659 B 120ms
72ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 23 Jul 2023 14:47:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 3EA4 3 KB
1 KB 55ms
17ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 3EA4 20 KB
8 KB 63ms
24ms Script
text/javascript 2607:f8b0:4006:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 17:22:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 17:22:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3EA4 0
0 78ms
41ms Image
text/html 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTlcQXJ8l3j2psOJ_wDpDlrZuH0bv9f9xcnFDruQuJZLS-ucYl9TbKXwW5PPr8ZiYU1RqEY5illTS7k3h8STBcCkDP0hQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2004 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3EA4 179 KB
56 KB 85ms
50ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jul 2023 15:47:02 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C075 0
19 B 72ms
51ms Image
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CkX8CdUu9ZJDLCorDxtYPoc-K0A2cge-wXNKWqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItMTYxODU5MjIwNTA4Mzc4MMgBCagDAcgDAqoEmAJP0GqCwEe6WqcZ2EytUu18DhJvqOSTE8Qes61f68juP6wjE-NhBpnehtEim5YNv5IrUXtba567LGt0EmVQAOaxxq2JipXVKZpdwMJ2Vt-ASoe3LULq8hmJvXmmiq4R3DH6bunWYoIQ--UGyZHoc_l4kLoYl0JqQlvySgLjSQ-6THdZpjjusobhhXmZ2DT4Jf21FFhtUB_bwA-MoT9zxB4gj4_peD16ZKEFb_TmeWFFElPH8ICFfXler8Tx_TO9uJPsni2TMKa2ABbc-790kwepImpa1v0F6e9OGzceU2yMUgwGUHfPHD93UnOhY1eCKG26WCBnWE-M5JMJVsXzd509c2ksfVAid6p6761Cb1odmI1iWcI573DdgAbJx_363fjukhegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTE2MTg1OTIyMDUwODM3ODAYAA&sigh=PakmXcu5s_A&uach_m=[UACH]&cid=CAQSKQBpAlJWNorI_TZ_5DRy5iyvAMIVNehhHNc1xzWCNNbWB86jnbPFJQstGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Jul 2023 15:47:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.va.us.criteo.com/google/auction/ Frame C075 0
126 B 126ms
29ms Image
text/plain 2620:100:a001::3
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.va.us.criteo.com/google/auction/notify?profile=14&payload=kOSJF836RMYFsgHiIp0XAgAAAIHwBbb3yQw3EHRLvWTuzmRriKfVD_saAAASAAAKCkFRVUJDZ0VCQ2c&wp=ZL1LdQACpZAE0aGKAAKnoe4wjXxZ1pjEmWb5Cw&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::3 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:01 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 335939
server: Kestrel
content-length: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0E31 1 KB
643 B 30ms
26ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 08:55:52 GMT
etag: 48472445140208031
expires: Mon, 24 Jul 2023 08:55:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 426B 0
19 B 67ms
65ms Image
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPW97dUu9ZM2ZEb3GxtYPmrqdkAKLv4iuZvG66fX_DsCNtwEQASAAYMnujovApIwQggEXY2EtcHViLTE2MTg1OTIyMDUwODM3ODDIAQmoAwHIAwKqBJQCT9C7qkQ-nzK6rdR4H9pApYYZxbR-yLqypdBMRZyb2WCMIoknVcVbbVN8pa1jUj6cCIiKQOmz7blBhQc7jsYKpNb-aZ4YVVgUhRJ9H-n1eOvcsXxMesFLB7sfrGvmWNcMPJa8IEH-NTQXcBMAJq-Y4LFZUjJodmsXJf_eFW5f6XaT1jNKsGCbHxdZpzANGRYt-u4iEdXIlvl53HRtAnyTBJzYt0y1m7ZXBnBprppdTwpu6CSDgpWDsATPHFjLN4-iAHYzX7oSY7JG2YgdolfSlBkf8uVMMwqx9ezWFaNMzMuseijR2AnLFc8P1ZLrPhwuozXItul0LvwXDKz_9rkIaZlggZlxOdTkiKLLDUiTecVWglZrgAa55qfO6MSgzo0BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0xNjE4NTkyMjA1MDgzNzgwGAA&sigh=MF9kEgLRiQE&uach_m=[UACH]&cid=CAQSPABpAlJWBKZJuDxev7q8nYQAxL3W0y8uigoVoaX6HkdsQHiJK6w9a2EYqKBcB5C0MrP5nSwzigjsepRl3RgB&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Jul 2023 15:47:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 rtimp
g.bidbrain.app/ Frame 426B 0
1 KB 167ms
81ms Image
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.bidbrain.app/rtimp?sid=2a12c8c0-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=imp&p=ZL1LdQAETM0E0aM9AAddGvqiY8rzk6tl4oQ4Iw&im=eEj-Ir9UjZAtZiVGZ3xkTcsErM2Ubwz3iwEkv2m_UHsMFKBKFSs7wbN-SImyFTCTiwYHRRMvNMyb5hGDRxMQS3XGkPtwWjQAXV1CUoYHgvFC2zzMYrOz89ljRRXl_nVOoatHx1igN1enoocN2ThhMH4QYAiABpY9dB2iJzJSut7OE0pKbFOToDYRwmjJTylYuld9L9muvM_1OEI6EpS89dHDNstisRB4s_KyF6tRVN03TJwRKmPJ29fMW-zBgH2jLccMhi46ni_lxbTKa27KZkEhsiuvw9xx-HCgE2l4_htxWC0EDmK3djq1iHYeIAmNjn-PRErIjJCLJ9jbKlyIhuZcqkRjPRnoBw85vvjxvzqUx4qhOMJ_qzy0juy8FhKuUlWJINKWJYnPGoTC_CgZAw&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVmdikRM%2FiZy7DVegiaYujgtX7kOUt9BIHxwpP3VAiBj4kBQu5wFnnY9eDL4zGiGVt3E%2BrPKiA%2B7nwAuN%2BM7jo044m%2Fp7rF04D291%2B5ImF0DH1GeuW2DsccuwYVokpBtvKes5v41XsSWhy4Jog%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f450a490f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame 426B 0
0 155ms
69ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.30226382531344975
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtTM5woHNA8HsXrmCrjpSHyWtTmE57WL9VxZ7H56ZClTSmQWs2yscHm2nRA553MUkK1r%2B6EKue%2B4DJAVIGF1IzrPN0%2BhSeBXAJiRgSrOqFw%2F4slsZm204MJ0P6atR8pgKlMdWFP6BmaO3a%2BDPA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f450e1cc343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
DATA 200
OK truncated
/ Frame 426B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1539b006efe1556d3ba63635d3e714e8481103c8029d6adbb192ec686cb3c05

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 426B 15 KB
16 KB 102ms
33ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 02:02:51 GMT
x-content-type-options: nosniff
age: 135851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 02:02:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 426B 15 KB
16 KB 103ms
34ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 05:55:38 GMT
x-content-type-options: nosniff
age: 121884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 05:55:38 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5178 1 KB
643 B 28ms
26ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 08:55:52 GMT
etag: 48472445140208031
expires: Mon, 24 Jul 2023 08:55:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A527 1 KB
643 B 49ms
38ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 23 Jul 2023 08:55:52 GMT
etag: 48472445140208031
expires: Mon, 24 Jul 2023 08:55:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0E31
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1&google_push=AaAOQGGbf6hRy9fRXFOaRtjhbIEP_YKR5V1A5S3jR0I-fjo98y872aiEsuW_ZFsl6CQF1mkbF3qvGB6KXS9Zcgx5mr3-JOQtjOyQ5AE
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

43 B
398 B

49ms
48ms

Image
image/gif

2620:112:f002:bbbb::21
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Server: 2620:112:f002:bbbb::21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0E31
Redirect Chain

https://px.owneriq.net/ecmg?google_gid=CAESEDMf5S-77Cz8f1jxEmFHzFg&google_cver=1&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg
https://px.owneriq.net/ecc?redir=https%3a%2f%2fcm.g.doubleclick.net%2fpixel%3fgoogle_nid%3downeriq1%26google_sc%26google_push%3dAaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xY...
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg&google_cver=1&go...

170 B
188 B

59ms
43ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg&google_cver=1&google_gid=CAESEDMf5S-77Cz8f1jxEmFHzFg&google_hm=UTc0MzQxMzYyMjE3MTQ1NzIwNzM=

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Jul 2023 15:47:03 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.3.33
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AaAOQGFRJs_aPT_Sukn4C5aXUT1KN8XKnlk1MAEcUUYu3tqLXhVyyzomK3TY9mrb8l5xYJV4JpKwUiGvVBlk8WT3sBoaeFgOAw9pAgg&google_cver=1&google_gid=CAESEDMf5S-77Cz8f1jxEmFHzFg&google_hm=UTc0MzQxMzYyMjE3MTQ1NzIwNzM=
Content-Type: text/html
Cache-Control: max-age=52483
Connection: keep-alive
Content-Length: 154

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0E31
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_push=AaAOQGFjBu4vCMdlWJjbU7UGZUEd56T3OIVXUN-qFW7cxCWLcOPCLelMB8...

170 B
188 B

42ms
41ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_push=AaAOQGFjBu4vCMdlWJjbU7UGZUEd56T3OIVXUN-qFW7cxCWLcOPCLelMB80ZwJvYNn7dNOcqYn_o34XqDotiDuFgmSBxFR-J69524A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-yyz4566-YYZ
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1690127223.615417,VS0,VE21
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_push=AaAOQGFjBu4vCMdlWJjbU7UGZUEd56T3OIVXUN-qFW7cxCWLcOPCLelMB80ZwJvYNn7dNOcqYn_o34XqDotiDuFgmSBxFR-J69524A
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0E31
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDA7peJqlaE6H7NUDLC8-gw&google_cver=1&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDe...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDA7peJqlaE6H7NUDLC8-gw&google_cver=1&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU&google_hm=R7p3-0zaSOCDwsaU3PSo...

170 B
188 B

48ms
46ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU&google_hm=R7p3-0zaSOCDwsaU3PSo_A==

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU&google_hm=R7p3-0zaSOCDwsaU3PSo_A==
Date: Sun, 23 Jul 2023 15:47:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0E31
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEDr29_TynIRab5IGU-GL15k&google_cver=1&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEDr29_TynIRab5IGU-GL15k&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w&google_hm=TU8tc3RTQjhOUEJpM...

170 B
188 B

45ms
43ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w&google_hm=TU8tc3RTQjhOUEJpMlg3eXpUOTI=

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 23 Jul 2023 15:47:02 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AaAOQGGwtS8FZHTX_C8b2CuZgLtw8EcEPOrIw6fRb62YTraPTMvAktErJSZ8JcUa9PkbASaB0pSj89DhFBgV6zlsBkSlZXhKETQ6j8w&google_hm=TU8tc3RTQjhOUEJpMlg3eXpUOTI=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 239
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0E31
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJFrtuV6PkEXgz-igKONEy0&google_cver=1&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_Lt...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_L...

170 B
188 B

44ms
42ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_LtBRJnA4WLIKa82yuE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGGmsDAMJ7Qh14ERSg2joOsvH5p7AO8aE_VgKQGj6ZoHqoiKwLT1TSX9vth0nb3KAndzskGXG2Kb5dJm_LtBRJnA4WLIKa82yuE
Date: Sun, 23 Jul 2023 15:47:02 GMT
Connection: keep-alive
Content-Length: 245
Content-Type: text/html; charset=utf-8

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 0E31
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGHs_ukJbmYDhuVXrgl14tQgeIq4Gm-6KBGrj67rdh40oM8PRdFyHlGMY7lKNjqarIWvBB-pzHImgANGNB6gjcxifM5S4WVIOkS_&partner-tag=yandex_...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
144 B

376ms
371ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 07 Jul 2024 15:47:02 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0E31 0
12 B 56ms
47ms Image
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Li62sDa59G_2_J5YjAziZQ3X1K3elNK5kVfTBtQpNTnDThMPAhoNDOVo3CwF2rg2mvHGpECg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 rtimp
g.bidbrain.app/ Frame 426B 0
482 B 78ms
76ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12c8c0-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=vw_51&p=ZL1LdQAETM0E0aM9AAddGvqiY8rzk6tl4oQ4Iw&r=116622682&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIqyd7A2ku5fSv2%2FL36jZBglcPKIF6E1xUHe5dwzIsHA%2Fz%2FM2thMC98XxJYytJCCgqr8TRtZ6r1QbZVK2jBcXvM1mLSiFmBzifje3QvvIltg%2BdfxNrCg1LtEWVCXVoBkvRkvedJd81CWth6r1g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f455a830f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame 426B 0
0 69ms
67ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.5430476893895324
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e9X%2Fh6A2xOmhyZljAefWEh%2Bzee2%2FJWOhdENbAFaZIMdCe%2BaIrtLnMxUusDaN4LO38O1xOtDWo9LxOdqsvBKc%2BV3eivT28q9UlPsCW7ujymILTVYWoYYlQKvJ%2BYLhUko0%2BfOt7Usp5FYIpu6fTA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f45ceb8c343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame CA7B 0
0 66ms
65ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.10369256428389484
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UyNIjqn7cqMlN8uP8ppLQQFyG8IobSXIbTUdDgdi7ja4iuR9FQIcpgqt3tlbxfWOpBORUXK6YJqjV4uFGnc9fy68tN1mVgfTrEXbyYmwtehvcpwd3ySbgOg8JRSAVcsevvkj5gQwcNYWArDfA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f45eec8c343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

POST
H2 204 rtimp
g.bidbrain.app/ Frame 426B 0
273 B 69ms
67ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12c8c0-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=load&p=ZL1LdQAETM0E0aM9AAddGvqiY8rzk6tl4oQ4Iw&r=116622682&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjJd2XQEBSL0bgrBgKFS%2BKvsV%2FWjd5Hfw8837tjxyG60fdXXu%2FCdGG72KPvaZGwiFJivnw4%2BFdPvSC3QENB5FiE8z0MWWmTWox1aVbnH7p0O3tJLHnFIN83xL4VEfrIQ0JqDWZTyF3zI9PVUZw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f45fb390f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame 3EA4 0
0 68ms
66ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.7889662887445035
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOAdIsXc6sLgsBWmy4CkT3jNbRukxJg%2BFk8tDHQsiZ50klB7ehhb%2FVLDCFcMYnXK1pSrWzFhkSpSbgK447yLSCbvLz4XugqFOJ3NBUmS%2BXxrYQsA9fWg%2FpoyiM4t7mz2iWugvmVVMMb%2BgJw1Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f460ed7c343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 5178
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1&google_push=AaAOQGGakyZYJd839vXrfvd9s3leFZsDBfb0p_d8A6pEDfZptb4sINSAYcL592PK44Hn_tPDI6fhMHVzEsi_NTXBCRsHcBb7ZEGsrg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMjg1MDc3MDIyMDcyODg2MA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1

43 B
398 B

51ms
51ms

Image
image/gif

2620:112:f002:bbbb::21
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Server: 2620:112:f002:bbbb::21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE_GxElOe90t516W4G0Mj9I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5178 35 B
464 B 281ms
82ms Image
image/gif 2600:1f1c:a99:832c:2412:5a3c:977a:e751
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJAKMoB-QItHi5KdnTrnXB8&google_cver=1&google_push=AaAOQGHy63I5d0DQYnDJ6dIRoakmprlzanMqRLsYbkPjPJmlkF1qbHqoxUaPOUNA4gh3Z9ZRgaHrCk6G8igtU-lzZ7WGv6BYTlb8Nw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f1c:a99:832c:2412:5a3c:977a:e751 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5178
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKtBUe9Bztcvy4xch2yr62Q&google_cver=1&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPz...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WI3uzYdSTXioER0lMHunsg2&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPzP-Tr6wtUcbpEqT4

170 B
188 B

47ms
46ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WI3uzYdSTXioER0lMHunsg2&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPzP-Tr6wtUcbpEqT4

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WI3uzYdSTXioER0lMHunsg2&google_push=AaAOQGEpn2B6Q_URLMRt3ldeT8b5Q6PU8t_ZKhnYzvwRpLehehzjFpVsqSQEiPI_tuBnBZDk9YylHNwL4KPPGhPzP-Tr6wtUcbpEqT4
x-host: tde-deliveryengine-production-75c9d7b6d6-9vzgg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5178
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJjJKSizRmJPupiqYTP2hEA&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyP...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyPc3unmfys&google_hm=MTA1OTQ3ODg0OTk...

170 B
188 B

44ms
44ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyPc3unmfys&google_hm=MTA1OTQ3ODg0OTk2NTI1NTY5ODY

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AaAOQGH-RE0D0hSTZ-u8HQHGcSOfDi5ZTNFqlPkU1T3HsLLcU3PN0ZKRPpB5VP-p0MzuqkqR11Am_yvzQVM6XTht5u7sAyPc3unmfys&google_hm=MTA1OTQ3ODg0OTk2NTI1NTY5ODY
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5178
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJFrtuV6PkEXgz-igKONEy0&google_cver=1&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw-...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw...

170 B
188 B

46ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw-2xjeqt2J0J75nSw

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZGHPi6SLXD9Csh2xxgNtGmAJ-Ss&google_push=AaAOQGEsSmtiCnHbml-6MHfOZkkmeo9lb13GVoRYa8bzNlYebknAzBW4fwZuTZmcDi3UFx2p7EUg0ryDpCbAbw-2xjeqt2J0J75nSw
Date: Sun, 23 Jul 2023 15:47:02 GMT
Connection: keep-alive
Content-Length: 244
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5178
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEABED8TFRROQfy9cK1QKtM4&google_cver=1&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey90...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey906XEZCru-IFypyWlsDFOcSRfAExJIbYBY48crQFQ9jM9_84V&google_hm=QlMuNTBiZS0wNz...

170 B
188 B

51ms
46ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey906XEZCru-IFypyWlsDFOcSRfAExJIbYBY48crQFQ9jM9_84V&google_hm=QlMuNTBiZS0wNzc4LTQwOWUtOTA2Zg==

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AaAOQGHT3kNgqTSB0a0VEDbN7q1T9WIBXfeySIdi140I4ga6uyOk8ey906XEZCru-IFypyWlsDFOcSRfAExJIbYBY48crQFQ9jM9_84V&google_hm=QlMuNTBiZS0wNzc4LTQwOWUtOTA2Zg==
Date: Sun, 23 Jul 2023 15:47:02 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 5178
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGHEI3du49kRqFqndLQaAEQmlpCZqD95rCeLQk1-M2c-BaPehRGY2Mh1WOmDipkLd4-RnvJDYBAcCFJM9AU23IfyzLFQ-jQWH054&partner-tag=yandex_...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
128 B

436ms
435ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 07 Jul 2024 15:47:03 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5178 0
12 B 52ms
47ms Image
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JOGfcr93OrTxe9n6SxEla4IqvNUl9-leCVWaOEzuPkUtPILdzck5_Gnq07H5Kkqw7h7sQbbHM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 rtimp
g.bidbrain.app/ Frame CA7B 0
415 B 76ms
67ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e079-2970-11ee-a9c7-f672ecd7f1ba&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=load&p=ZL1LdQAETM4E0aM9AAddGk9yOoR0DwbwTQ6XkQ&r=1651719083&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AjBrmtTlpBuS5rs91OETuVCeulx4bvTW6qS8mLO%2FEiTq1vpBPU1ESspv3p3uS%2FxQAWbuR0XccB6db%2BhJTc6xAVPcCjbX9RaBfPBz1ADRziEsRetCeH%2B0hMNxyIhyEM%2F4TNuopd41laxqUzsig%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f460b570f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
DATA 200
OK truncated
/ Frame CA7B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72fbfa69ab959bc203d5c33af74509e9381492a869d272ee05a2dd0f0d6b78b5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame CA7B 15 KB
15 KB 31ms
24ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 02:02:51 GMT
x-content-type-options: nosniff
age: 135851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 02:02:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame CA7B 15 KB
16 KB 35ms
28ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 05:55:38 GMT
x-content-type-options: nosniff
age: 121884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 05:55:38 GMT

POST
H2 204 rtimp
g.bidbrain.app/ Frame CA7B 0
270 B 68ms
67ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e079-2970-11ee-a9c7-f672ecd7f1ba&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=vw_100&p=ZL1LdQAETM4E0aM9AAddGk9yOoR0DwbwTQ6XkQ&r=1651719083&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npgT18qYFfeMOROEyrUPicNfF1TdzWntqRID8glzCDrtRX5dcl3HsP4wr5Mn2xc6nuYVTPBhZThbFYktfal1gvaj%2BeqxmoeTBCvaQ%2B4iMt1SjuPd4GVOgW8M3oyHOxB94GGOoN3qZWFcfJc%2FZg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f461b5e0f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CA7B 0
19 B 51ms
49ms Image
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CwZErdUu9ZM6ZEb3GxtYPmrqdkAKLv4iuZvG66fX_DsCNtwEQASAAYMnujovApIwQggEXY2EtcHViLTE2MTg1OTIyMDUwODM3ODDIAQmoAwHIAwKqBJICT9ANuujBWKjePGeoHufX1IFPshHXplEcgoexnThxura6Pt5kq9Cwqp83khfLwNgag6Lpps_PPXDJAjU2u0u25CP0Q1SN0B8mwttCcL_tls6OVRHh5JaNmMvTteoxYg5ta76-ZkIj_KnIcZ62N1c-mC5RHwRvAyDkN0MH47kdupP57kPVcx0ZyA-AtKW6d4OiwKo2PrpOxn88mwCrQVvfT_8__UlXcu9f-C9fvTVEWo3PiJpEmkHK-EyXKqNHhXxfZfd_nofEZQA8teiBExGTvYvXmSJl1h-3wzt3QRnmVwxcYoUiJzVDGuC57dHU99MIEQMvis9euIO693X1fYvuSFZt50k13ezdAsnzw8sOs9Yrw4AGueanzujEoM6NAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMTYxODU5MjIwNTA4Mzc4MBgA&sigh=CxAiDL_juto&uach_m=[UACH]&cid=CAQSPABpAlJWBKZJuDxev7q8nYQAxL3W0y8uigoVoaX6HkdsQHiJK6w9a2EYqKBcB5C0MrP5nSwzigjsepRl3RgB&cbvp=2&vis=1

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Jul 2023 15:47:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 rtimp
g.bidbrain.app/ Frame CA7B 0
617 B 81ms
79ms Image
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e079-2970-11ee-a9c7-f672ecd7f1ba&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=imp&p=ZL1LdQAETM4E0aM9AAddGk9yOoR0DwbwTQ6XkQ&im=Pm_loZlH48DYEdgBOxZgoonY1EdJ535LS7Sd-m3c_RP6q4bYA0SSN4z8RnXS9Y5krBnk3sayIBDDs42gSHQdGGoaXihRsLqNipMr9COlMVFC0EptuMKmcrNSKoHfPMbvlyRZj2bAsVUIMEgeunIUIzDIbZZmJbhKY9wPYvLlYaL61qI2MAQGsAHd5C4ltEGC3o8G-BIhbYzoqmkRbphmYpRVpO-1ZtvsgkNe1DEvJ61bM42CwZL85MtDgf3onSA3ho_SHunHRZfxPjQYdikRxapDW7DszsQ33tBg7wGgTGfqEp6-68v4EUiFfDTBDEGN5k_HFn94AuhFJSCHJhQ6_AeZIdWobGLQCS506c2Hz7P8JrAA3t4XqSwKPD27ZGv94ptTo3uAktdchyuc3PSF9A&cbvp=2
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JzL2Amf2sfgB7%2BbX7mTWnEzXI1klsQgYRH943%2F94t4lEv9SnyGbXTdPfc24BRotm6VkBYn2UqmiH43FxCcv4NOycuCgNpYYqGpuYeyuyC2me3EqGr%2BYo7kBm8VCpxdAKG8pU8Kgl2xVXd6%2BLRg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f462b6c0f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A527
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEKQZYryG6e7w3kfEnTCnW0I&google_cver=1&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGON...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGONeCJ10WiKbqxxVzHk

170 B
188 B

48ms
47ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGONeCJ10WiKbqxxVzHk

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 23 Jul 2023 15:47:02 GMT
Server: MT3 1031 59fd23a master iad iad-pixel-x9 config_version:"1969"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGECxhosk2Jqx7FEFb4fQ3Uey7BinFoQ49sqK3exJzXg5Ryqf9dOmVNnkmrdu-gqL_hzXU-0rluggorVvGONeCJ10WiKbqxxVzHk
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 23 Jul 2023 15:47:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A527
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkwxTGRnQURCYnhRTGdBXw==&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGHUbkJ_h4eNtep4kv8KIxj9SWMdtY...

170 B
188 B

47ms
47ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkwxTGRnQURCYnhRTGdBXw==&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGHUbkJ_h4eNtep4kv8KIxj9SWMdtYRVM2nXDH5CFyy21BozanyYRXYtPVesdyvUVqRmL9rZFEdiK1PcEydokNVg2oQiqHUebmY

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-yyz4566-YYZ
pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1690127223.750759,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WkwxTGRnQURCYnhRTGdBXw==&google_gid=CAESEE7RUWUcfHSCGRCNrUXAQE4&google_cver=1&google_push=AaAOQGHUbkJ_h4eNtep4kv8KIxj9SWMdtYRVM2nXDH5CFyy21BozanyYRXYtPVesdyvUVqRmL9rZFEdiK1PcEydokNVg2oQiqHUebmY
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 CookieSyncAdX
rtb.adentifi.com/ Frame A527 0
35 B 133ms
39ms Image
text/plain 3.215.246.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncAdX?google_gid=CAESEAXPClJf7-7Hu0Smc5WcNWM&google_cver=1&google_push=AaAOQGEAQgppVw2lyrHVxhpDI_cDHO6dj6Js6hFyLih2AKCleh0noncM__wuUOaTEaLXt-ymKmF1BvUp6KfIIFZLZcnCynRAX-B4SVzX
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.246.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-246-119.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A527
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGysj7cIKv7frvsKXneJi1E&google_cver=1&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nN...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEGysj7cIKv7frvsKXneJi1E&google_cver=1&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYH...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODY2OTY4NjEzNTA5MjEwMzc4OQ&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0...

170 B
188 B

45ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODY2OTY4NjEzNTA5MjEwMzc4OQ&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nNWyGITat60GUUX6rgxPVaHRev

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODY2OTY4NjEzNTA5MjEwMzc4OQ&google_push=AaAOQGGFeKZapZz-9JPtI_10TJ5qzvMCrVp9AuJ97dRKi0Z6aUxDjIAnJmhTHP7TPV3xWLzTLYHPq0nNWyGITat60GUUX6rgxPVaHRev
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A527
Redirect Chain

https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEABYZTwSAJI8TWvEN3zM1cs&google_cver=1&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUTd...
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUT...

170 B
188 B

48ms
45ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUTdsXEDtrp75AF2AFYYSTDR79abaw

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTc0MjMyNTkyOTM5MDQzMDQxMjE&google_push=AaAOQGEAsSzzn4K1MTZjcLFqpEiUsH6g_f-5x27k2Y8jTogXmwVwufS4sKGri0C5G3XZt1G4sGYrWUTdsXEDtrp75AF2AFYYSTDR79abaw
Date: Sun, 23 Jul 2023 15:47:02 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A527
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEGnkSNMlRIbmPgWwKMpsHeQ&google_cver=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr...
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEGnkSNMlRIbmPgWwKMpsHeQ&google_cver=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9...
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=6uKnUqulQK60Igv4EjU7yw==&no_redirect=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5E...

170 B
188 B

55ms
54ms

Image
image/png

142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=6uKnUqulQK60Igv4EjU7yw==&no_redirect=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr9xuBrpznAxYC40E_tZG0RLnOjPdBdQ

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=6uKnUqulQK60Igv4EjU7yw==&no_redirect=1&google_push=AaAOQGFGgJvbX_U9KC-TGNzr00e7ogsKRxjgxihNbsS7HDQpNqyY5EUU6ZBU9By1IMpmU9LZr5Rr9xuBrpznAxYC40E_tZG0RLnOjPdBdQ
date: Sun, 23 Jul 2023 15:47:03 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame A527
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEDBSnjFCzB2PUElAEZS3BeQ?ext-param=AaAOQGEvLKhaMuI1T5zylDf9jfg-k8BeA7xhcPJB3A0BU8xBEk40r8EVrYoNguTAqfFM2M-BKqpWmATgj6T7hrVJKRpI6NFik4jaHhtO5A&partner-tag=yande...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEDBSnjFCzB2PUElAEZS3BeQ&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
78 B

776ms
776ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 07 Jul 2024 15:47:03 GMT

Redirect headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A527 0
12 B 47ms
40ms Image
text/html 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LCucWOv9QmgFtvynGYXbW8RweGylrPzGpP9rjpdC8P7TZaaHpucFNnP_IWD7yabDEehJHXRCID

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 rtimp
g.bidbrain.app/ Frame 3EA4 0
524 B 74ms
70ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e0a2-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=load&p=ZL1LdQAETM8E0aM9AAddGki43KOrSXV08iofqA&r=2025542237&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJLnsxtZmvtEh1ZrlyqddVQGxZs%2FKFd%2B4OGu2J8yZNc1nFHNfXyh5QlilkhDVbRbf1KayTJkZYHEUY9i9wdxaSNLKKpSgPlcO2bvBjyB7v3Db1yVGgqnUfDFacMSilzXPw3m05GayWr5i2920Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f463b790f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
DATA 200
OK truncated
/ Frame 3EA4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 000af5717d638f7e622038611e0b30af7e657a56b2c3815d380abe67a7b207f2

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3EA4 15 KB
16 KB 26ms
24ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 05:55:38 GMT
x-content-type-options: nosniff
age: 121884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 05:55:38 GMT

POST
H2 204 rtimp
g.bidbrain.app/ Frame 3EA4 0
378 B 82ms
68ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e0a2-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=vw_100&p=ZL1LdQAETM8E0aM9AAddGki43KOrSXV08iofqA&r=2025542237&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCJi38sDASMeCcvSSF3cj69uOqyxRm4qOSR0B3aOKGQDn5LI6pfcVUqeUzGfjEcmKRXIN6yLYwvMGlscNQmJQVi6iwTKp%2FZlC0rmTs4orMIBlALnK7Jm9%2BGhIOC7G7jbmxl66d5c6I%2FdafK7fg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f465b9b0f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3EA4 0
19 B 66ms
55ms Image
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cc3-wdUu9ZM-ZEb3GxtYPmrqdkAKLv4iuZvG66fX_DsCNtwEQASAAYMnujovApIwQggEXY2EtcHViLTE2MTg1OTIyMDUwODM3ODDIAQmoAwHIAwKqBJMCT9CTjLN9zlCYFkYeaw8Nh1YCnGEftObXjPniB5T2fFkaInYhl2sdeXQLFBKcZq8Vd_snvP0suoHPgUyx-76ODTxghyH4j0Q5-ldj-8S9MDsHcu1RO_ansON5xxRB0vCTqOAkECB_KbJ2VqpE6z_cEdnLSsIiF9zsffaHM8F2d0SDiIQw4lozRB5-zZAKLpzP0CVqTsi4Ig6MGen9JhaTqbjy7HczgEmlTUIm3U_XTiP6gscKSFhtHkUVb-wLyDc8J2vQ-7p0PztyCbAI57m8bz8qod05vHClA6FEDBnsZAIDl5iAvaA7p5ZjQEI_nrsz9DEVSu-vyTpT74LK6rQVUIGzCl1oCXhAfX42DVne6qmK74aABrnmp87oxKDOjQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTE2MTg1OTIyMDUwODM3ODAYAA&sigh=Oh-b8-_zU4s&uach_m=[UACH]&cid=CAQSPABpAlJWBKZJuDxev7q8nYQAxL3W0y8uigoVoaX6HkdsQHiJK6w9a2EYqKBcB5C0MrP5nSwzigjsepRl3RgB&cbvp=2&vis=1

Requested by

Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 23 Jul 2023 15:47:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 rtimp
g.bidbrain.app/ Frame 3EA4 0
270 B 84ms
71ms Image
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e0a2-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=imp&p=ZL1LdQAETM8E0aM9AAddGki43KOrSXV08iofqA&im=w0yKY0AYp0OdZBk24yFoG2idCigVaYbMYid1Vr-ApMWur0vJWaI0PFdMH-e2aSY4BzsubA6Ow9wKmvmU1xM7wo4oYOkkTe1TxesvwV1Q8hWKjtO84DyMUD12F3qNG97ewCCiphT4MdcpAqkwRSpBqWaYPXJY7sfc_Q9557xJx7KtKgkwaeD9MhhXyxK85npeao_Mw2x6pbBWc-bbeXaDHFqv5qu8vmHc4myuuehDIBTB98X55uSDpHqBhoVNkXlzL-XkJETUsLyeco8FcONSwN32Mik98CBcewX1npr8a-2nboyLGqadh9ZVYQe5yDIj1OCEHlEWbJZ8GS_wDZgm6VqvMVPem26plznKL2jvK_v3w53dGWKnE96Z3E53JApY1WD-nOJ29xSRSpdqsj-qew&cbvp=2
Requested by: Host: pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
URL: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8cbVdZt9ca3Ujzj%2BxfJ4ysYDeZlgYDtaQyNl6XYTlg3IPXFPfErrrk82TiomxdMAlqP04gm4RnOF%2BVnWZVNSERhCENcIOXqWBLYxMDYAKM2u2jbMg630kmm5nZHtaUpOrpqeOSllFiGPdGuuw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f466ba30f78-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame 426B 0
0 68ms
68ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.12498186230852837
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UGKddeLdpTgZe5%2Bx0KL%2FK3MAMJYkogvY%2F0S55kPE4nMm8Z1to%2FfridcDg4M%2BhuwHGLAcDj0vGUlP2C%2BSzRXHsV55YplNwMkdnBO3Vxogr4k%2BEjeRbLiYg0Us6%2FuUxmygnbJZq9126j3XS5Tr%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f469f62c343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H2 204 ev
g.bidbrain.app/rt/ Frame CA7B 0
0 73ms
72ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.040530578519154314
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APksdsomoUTTnUUXPBZq8rkRh8meNA66PmaRvUxgv43DdJUvkABYJpwFaOTiX%2BO3tqXujimGLulM0SABhTFnVjNhA5m%2B%2FwAFYL0W3zZLJCReiI3JOP9J9sXXBISQ9fMtw44ZcIJlKxiuqMhn3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f46bf77c343-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame 3EA4 0
0 71ms
70ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.9394319692628423
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sN75HAm%2FcAPKiu%2BqncYp1gDa0WXZEqCktLLRHpgShne7%2FJt2%2FoThWR%2FOSJszdXT8TcoIkYLmpjcTX6eIWwyVOCHuW74f62veQmtgE9ealueggXjwjsAPWIvQRlKBPW7weo5hZ%2BuNPWuUj4er%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f46c8ba43ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame 426B 0
0 69ms
69ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.5462973262793693
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqU3rdprErtY17wxQj8Gn7o5ffstPOJ11DE3sZk2tzwsEkXL%2BdHVorHjjIiGt2m2kBdzCq5CnxxSoq6%2BF09%2BP51j3uALysrvBUw41Ah2Mpy7qoM8RRJUjgLIsFbABfN5Eg97TL4V5Z5ija0AgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f47191643ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame CA7B 0
0 66ms
65ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.1728357752209857
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ttj3TV9DEqK13Zy7sa7U%2FYcgf%2FD5Ba0ewqoN19ULLKiGtjDSGL23QeygrGVs%2BrKtXP0l%2B4EmtrsVl3ent27fjuksokXeP%2F7zArPY%2FkUbAyv5XWJsPqT7HSY%2Fgi7qTs%2BNu3p%2B2l7ZMhW9dwKTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f47291f43ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame 3EA4 0
0 71ms
70ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.06271766106172705
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aOGQNHnAmb%2FjXEe3XbrkaAZsTInVrz3hqm93yOyg48HVhYm15lkmobl1y5UZnw2d1C7MgyWNy0ZVOtJpHvrOOmpyR4cp8GnCY3wShBeggTsjXjnh%2FkxsVABErRJ3LmCD%2BO2BFpOm5w%2BOlAr7Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f47594843ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

POST
H3 204 rtimp
g.bidbrain.app/ Frame 426B 0
964 B 75ms
74ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12c8c0-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=ev_prf&p=ZL1LdQAETM0E0aM9AAddGvqiY8rzk6tl4oQ4Iw&r=116622682&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1&ps=%5B%22197.20%22%2C%22135.90%22%2C%2273.40%22%2C%2273.40%22%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GtiJPBCEHb1A2wgIv9JzEYqNoUBUxoln7%2FgJ9ILu8MePwMihZp6EspVoPRlT72%2FWDwBA51YbEEoHDdr31jxnf6Q%2BVgjhsoD09ztIIYz5LdT5lMLX%2FGfiWmd1d%2BN562OXYT9wKpKZZHGhJUgxyg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f4789058c2a-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame CA7B 0
0 70ms
69ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.7827364123654348
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S1o3BTJ0I7%2BOHaQXtoEic3z0zrNdFu3zDeqnZI%2Bq6mrJZ9LLu1Uuib4M3PfpMBO8HGXAmRT4v9Gg%2F2d4dkzcbY8xVscsIZkF7wJt7BHSHS6qhZRSPcpAkbgSr2fGygWMp8g%2F4bl9j2xC%2FToLfg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f47896f43ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 204 ev
g.bidbrain.app/rt/ Frame 3EA4 0
0 89ms
88ms Fetch 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rt/ev?ka=0.9066909590843046
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxFcn6y2ydf4rYd3lmChlVSIv%2Bwp%2F7R%2BYs2DP47QhYPWf4nMjnaEf4oL5POvIyiTLXqBKMA0zBQrR8b%2FVnMY1iuuLJjIHEoPQ43fF37c8j%2B08Pd1Hx9m3hxHn39%2Fmo%2BEwzuZ37gaCnNVxZk77Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f47c9ae43ab-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

POST
H3 204 rtimp
g.bidbrain.app/ Frame CA7B 0
927 B 73ms
73ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e079-2970-11ee-a9c7-f672ecd7f1ba&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=ev_prf&p=ZL1LdQAETM4E0aM9AAddGk9yOoR0DwbwTQ6XkQ&r=1651719083&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1&ps=%5B%22123.60%22%2C%2277.40%22%2C%2268.20%22%2C%2272.10%22%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2EYuLMjx%2BTl33hCAw10NTYZQTljQl0rtWeRZOahUt9y%2BbKmBTFwOW20AoYpJ%2BHarluUJ4jJoHMhBjJXrNhz0A4MmECcuUk7ET18m%2FsRXGHntcR33xYrAuEw%2BKO4d63Z7RjRDo0ZnFAiW7zG2w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f4809908c2a-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

POST
H3 204 rtimp
g.bidbrain.app/ Frame 3EA4 0
928 B 79ms
76ms Ping
text/plain 2606:4700:3034::6815:53c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp?sid=2a12e0a2-2970-11ee-9525-22b383453e36&d=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&cr=ext_gen2_v10_start_prot7__3&gid=CAESEPRPSsFMW7_121EMom8TkXU&a=ev_prf&p=ZL1LdQAETM8E0aM9AAddGki43KOrSXV08iofqA&r=2025542237&ow=1600&oh=1200&tzof=0&tz=Etc/Unknown&pxr=1&ps=%5B%22126.00%22%2C%2288.40%22%2C%2273.90%22%2C%2294.10%22%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:53c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP4xAuR4KiUwRDSwhwI5qJxVQVAZTbc6VPNearLGifCSYRg6Xm4vU1wGNIUnovww5kRY30pvjaVM%2B%2B6lbaanC5CpMf6rdDSvLV2GKBPNUVIkRFQRTbJf38oEoH%2FbQUIb3iFe%2BZneHrd5Ae%2FASw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7eb50f487a058c2a-EWR
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 426B 42 B
64 B 97ms
45ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnv9hAmOSwTC04uYq4gHFjZTP1GbJLMdaYF89HV_24r9eWJn49jGsPg9zAdsKi1C3oeVAQ7PXQHeSHPcGoBE-u9LRA&sig=Cg0ArKJSzJEa1jVuEkmjEAE&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=183,837,1002,1070,1070&tos=183,654,165,68,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690127222109&rpt=326&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CA7B 42 B
64 B 50ms
48ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss038dKY4xk0jJuTcJwUO7RELHV6-ClkslVbnBaCQLDSdyQKjbWaUgfoywvH421EZXqiFph6LXrCcoiWMmZhSN3la9Y&sig=Cg0ArKJSzKZP9nGTIuhSEAE&id=lidar2&mcvt=1000&p=0,0,600,200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690127222154&rpt=418&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3EA4 42 B
64 B 48ms
47ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3ByiE0NyTOxKJkvO-g0JG_xmtx6azlBlh4rRwVAuXnK_DQTidQTx4JlGQFABefQP0tujACqIw5YDecDHxmMOaHtpp&sig=Cg0ArKJSzEFoogW3Q8moEAE&id=lidar2&mcvt=1000&p=0,0,600,200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690127222161&rpt=477&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getcookie Show response
matchid.adfox.yandex.ru/ 87 B
309 B 1873ms
159ms XHR
application/json 2a02:6b8::16b
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://matchid.adfox.yandex.ru/getcookie

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/header-bidding.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:6b8::16b Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

9544b85c98dac024283da83aec5d6a8b164ae7f6bfeca6e7d77a1e994f1a57f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
date: Sun, 23 Jul 2023 15:47:06 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
timing-allow-origin: *
content-length: 87
content-type: application/json

GET
H2 200 e76fe8226b615546d098.js Show response
yastatic.net/partner-code-bundles/811262/ 30 KB
9 KB 101ms
100ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/811262/e76fe8226b615546d098.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/header-bidding.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

2c30928825264af3ce25cd2cfa08e921439b52efcc30a328e94b4e84064bd6fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
Origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 15:47:04 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8616
last-modified: Fri, 21 Jul 2023 12:47:15 GMT
server: nginx/1.17.9
etag: "b87d61b180274a86374839d6a37215bc"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 22 Jul 2053 22:18:12 GMT

POST adjson
ads.betweendigital.com/ 0
0

POST /
ad.mail.ru/hbid_yandex/ 0
0

GET
H2 200 v2 Show response
an.yandex.ru/adfox/264109/getBulk/ 210 B
406 B 190ms
188ms XHR
application/json 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/adfox/264109/getBulk/v2?pr=2072589700&pr1=119482085&dl=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&prr=&extid_loader=&extid_tag_loader=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&date=2023-07-23T15%3A47%3A04.733%2B00%3A00&pd=23&pw=0&pv=15&pdw=1600&pdh=1200&ylv=0.811262&ybv=0.811262&ytt=139637976989701&is-turbo=0&skip-token=&ad-session-id=8913641690127220599&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22supportHDRBrightness%22%3Afalse%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1015%2C%22top%22%3A107%2C%22req_no%22%3A1%2C%22ad_no%22%3A0%7D&enable-flat-highlight=1&pcode-version=811262&p1=cmaok&p2=gxvo&slotNumber=2&bids=W3siYmlkZGVyTmFtZSI6ImJldHdlZW5kaWdpdGFsIiwiY2FtcGFpZ25faWQiOjgxMjk1NywicmVzcG9uc2VfdGltZSI6NTA0LCJlcnJvciI6eyJjb2RlIjozfSwicGxhY2VtZW50X2lkIjoiMzk0NTIxOCJ9LHsiYmlkZGVyTmFtZSI6Im15dGFyZ2V0IiwiY2FtcGFpZ25faWQiOjEwMzI3OTUsInJlc3BvbnNlX3RpbWUiOjUwNSwiZXJyb3IiOnsiY29kZSI6M30sInBsYWNlbWVudF9pZCI6IjgxNjAxNiJ9XQ%3D%3D&utf8=%E2%9C%93&pcode-test-ids=810507%2C0%2C9%3B810244%2C0%2C34%3B802252%2C0%2C59%3B806791%2C0%2C58%3B802634%2C0%2C95%3B803000%2C0%2C48%3B808036%2C0%2C3%3B805962%2C0%2C31%3B801975%2C0%2C88%3B798891%2C0%2C60%3B803896%2C0%2C13%3B802014%2C0%2C75%3B805227%2C0%2C3%3B805235%2C0%2C5%3B800948%2C0%2C61%3B808198%2C0%2C36%3B811262%2C0%2C95%3B681843%2C0%2C78&pcode-flags-map=eJy1WNty2zYQ%2FRc9Ry7vF7%2BBBEih4kUFQDlKxoNRY9VVx5eO7aSpM%2F73LgBaEmUFci71g0xS2sMFdvfsWXwZzRGXfNKeSYRlhTJSyaJlkjYyQ01D2Oj0%2FZfRp%2BXVx9XodCRYR0ZvRg%2Br%2Bwd6AfdR5PtBPHo6f7OFmbEWd7ngsm3kDHWcWBFiNw18g0AalFVEkryttyAV5UI5M6eYtOoCvs1aiVg9gF19%2FnsPNfRDjYop17B52zVCMoIpI7mCRLOZ3TPPCQJvszZYiKy7SlDWVhWgNUJdECbPkMgnBEtBayLbouBE2HF9z4n39kxQAS6iBsusxQsViRliqCYC8DEpELx3gFmgig9BgziItqCMCLZQAWiIOGvZVBLGWnso4zAK4nSD0AeD5wg%2BKzqFy47NyQIQz8AlTsvGDhc5sR%2B%2FgPsRjKptSllUqFR71lVYQgSrheRTOjObP0dVdyTb4ihOog0ixC2fQtIv2k5IXrXwQd8RiEHXYMQo4UfAEjdwh%2B6RtzPjIiRwTjin8Ay%2BFPJtXdnBEt8N4teDyWwBm4olX0A5%2FHxohLGsqXmeVy2H%2FM4YyqfHtuS7VpG3mMiOVa%2FGVtFWIZsxoqtxW5eGJvrvB3CuA38DvNRPY%2BcIXtYVBdQgqWdiAWVQ033Qb0aczxDFP9%2FDooPr70VtFFX%2FZE%2B%2FgvlD8TmM%2Bf%2FtwPdGX%2BV%2ByVAmK9KUYjIwgq6S7JolTuLEwbYdCE2Uc8I4bYf0CL9Lw3Bg6zp%2B7GvbBTQP8layTuK2RrSxdcfQiT0%2FOmgmoV0KRjOruec6UdCbK0tjIlF1hhbcagmtPjWMOdNFD22Uk0bYbULPcQatvG%2FhOWdWw9SNE%2BOmjqiRM7JraEGBzmgDzbVAObFjJF7fq1XPYqRghE%2BA10qa2%2BwiN%2FH7LYIlFpTViukYELZKVJBXkGsZxVYI2GXPHawbJAhDJexX37hUxvOcEdJIzmd2f1I36P1BkNht0%2FuCCiUxaKHEBiwLYWJ3Kk7SyIgEpYcK6JENhh5s7CF99kWV3T6b6obL9ZYMFZ4dJQ2ceINSEdBLgGBVhFGUBJHZzp1tKxkwHCiRqWjtfidR4Pq7%2B6cFlTybAMgOXgMSQge87JhqmZ1SnDmhc%2Fu2xq4TxEauMiZNpomONX148opCtMWEtV05sfdIF5DM%2Flbo3UJHVOpS2zX7Mvpj9fDhz3p5d7m%2BGZ26ofNmdH37%2B%2FpqxT8sr9Y3l6NT72mAGkIZaFReIybkbx3piG7sWYWUggIG2H3B%2B9H1cn11cvcRfPt3eXOx%2BgzXv6yvl5er%2B8Gjy%2BW1fnLxuLoxP19%2BWj%2Fcmsvrk52bi5t1%2F1QhbxDgwd3y8er28c%2F%2B68c78%2F%2Fj3fLkZvXP%2FYsf%2FLW8vV5r0%2FPDS2yQgHjJmrBSfWKKpECllddA0nt9cumyIBB7RlAugMKPGIa%2BY2YMGBuepT6If3h109UZsTJcHLp%2B33H0oKWHGrCEXpaR3FTknHIK3HEEJnZM9gGNgPSrFcGVmnIoLtCB8BJceCj2orFLCm8cBDkaZxnOxjhHnp8khEQhHu5vEoZp3xyHk9xO9Yi2yyemhpTkVOuAdshUDf0KhH%2BkhqBEobOqN6jW6ylGAIrFgItqa3HHSRy40SHf9GwGs1aVqSyfwQc8Ecov2lBxYKh6gRwEoTtE3lmvpkBaSsQh%2BFxToRUtdSFdjuyhwswF0rPkZqDvp1V7Kh5A38GtaDkRwEGkfq2PwGTPUx9klVb84AcIG2u7j1Ngau8AQF%2BWr4JIwx7CqAxBuKCYv2iSn5b3D0MpFnvhs7CBzBM0N7WcVS3EH1rF2YQKcqAe2JiOvSB1QdyNXYDcvff27v29%2B0Dfo7EXglCNPbA%2FH%2FiURu52Yn3Wq6KFojDFAdkIAkPt7qRrQBQgOhwHw6H4Bc0YOtsRDQmh5C3%2FFkT%2Fa4AIczyd75EWfO8FwZ6F16sR2kB6IchZk3MEsUGSOif%2BYC88L%2FR2z4pUq9yU5RER8eHhahjs6FmLqpqZYAYTrkryBmZUu6EX%2Bcb71x1VqeoGVptQbC2dxPEdZ48iRYkkq2cDpafP2HaoyCSn0XN2fHhDdBRfiw0zg6hfvRKxj8cOjjnfGQalf90rMRvSMVRJWkM3PBKRMI28rR5UB2oEBih1ZAE0aASZ%2FaVu2usvzck7ZtIoHkGP9NA0Sfps0gHqmroDpthf%2FZH4gzjeOKGpVgM807jd2HNck5RMZOawE5SjgJXwWctUKaOmPJJ%2FoddLoFwdaUqOCmKEvc4Ja%2FdQxv2Bq3mT5ux%2B5FIMUyFB7DF00r59G82ljzjNm%2B12iZsmW7J%2FyT6uF3lD9tFPns6f%2FgNrw7OU&use-server-side-rendering=1&pcode-icookie=ke%2FWdq1tz0LHrWI5mK03WsVwRpwA2pvrOhfRVgMgstu7NS6mRsJv03s3wQWeOJG4I2u2a7%2BSVX9UO7ZSecLvxnLvZTE%3D&top-ancestor=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&top-ancestor-undetermined=0&grab-orig-len=2956&grab=eyJncmFiX3ZlcnNpb24iOjIsIm9sZF9ncmFiX3NpemUiOjE2MH0KEqW0kCS570EYqJOKlf4khQfue69rtITXr0u_BPzztZmTPmvXt4vhyKaB-YnTxBHcj2zFMdpCS2-aLFkKX34BfSKAK2amrV2hSTylevHVL6ej0ZiYmEBiYmIGs0HQKQfGSEY8lEP2gDBHMjvVUHTKTjLUXduJ5kOUDcVQD9QhmwNrpA8B5eS79qHHs66nLc9pzEYWVgM1fNeA8OCrOvFI54sWagHfOXC6bqQPJ3-uoV7Db6sa6vmQXmT6YMcredwrT0648YTPMsA-pHgOlO2J0cD_zoqu-W7a7znQjtXpwOqaa6TuJAfzDO9a2Ncf-yvTDLRnXada8UN-BTpoM3Nhd9CWFb3dkVmyorQjRGYdntbHYS6zapoqcwnHS1_qrQaLMbPkJu-05qasNGVwvAP_-yg60XOcTqf7ARSY8YdTHNPEi780x9LSksvOiYhSPl-C8AuLB-p8qMoXS8U6B-TNJub3e-Hyh4S-JTyrY-TYc-3CFB0tfP4vAbrtmRwVPxB1J_vCE1avR5wZNCU0GLmBXh9giRqpdLALOGigUr6ihan46vU06rDl9NDsDnoLzGktKr0ejtfGFpU6bWwwDJXRKwopy422yiAmlVW2ohSTNeQwxOStZVG8NHURyhcWffbyhcXuqAKSbIXFROO1Awx-gHuWo0yX2-3wVF_PCUNeCMEf5El313VixAqAtMn-S-61n-oeaIJY0PbL81_9_0QMj_jfIR6YiBWEG1KiRIiHuhDO2DRY6GgveXpjZbIPiJ34X3JPjjsZ6xX3R9Z08trhWfFCSdhenm_FByCBN2dgoM0L-tLg5QvFYjKVhpcoKwMsC3R-Is2VxSQC7a4m1KZJMTD8BwOdJBnM6XKvXUKeQ5KGJHFuCRJiV8ihLc8CHEryJxFtLk3UAcGFRYBgBktWmq-YRqOh2JOK6GEAJflro8_gqf30EifpCNiJPxEW5h-53vgDiAH4wAMjMHEfL4I08AYkYfD2L7Byg1mIofqnXivtfeEgIEcV-tywRBwpkq-n3dBI65JAvLMsnjjNHxGRdvE_9rhEmxhzfaYXP0djobjY4-gB2NKQg8DAYM1hLomNRFZ8xDK0FPEl7UERT9Sz3OwVb2nLTFNcbGspgncJ575TIp6_zZeXbwkLKeLw_5o-NnTYhuyeMFT1_Hceb7LDH9KB3nzRc_vl632iPaz8L5QOVAFVLxYpxkb6KqsQjyFOWBbDBwprXlCbTT5xs6nPDBYTndf-TvVHeMWyMDnfGeITRPKNnIdPq_g-CplWT2iT7acYijlwFjfX-ejoYqyZ4dXMLEjj1QGAOAcB04OA3bD09PuAlIcjPND4z4PxpZOPlGvuM8B3KPcj_Md0oXxqsdpp_P2IYEmTcn0P2bNAd-Q7fuCac4-O0Pju5HTW55FxLgRAX2gRmtIAxCUn-lL2T4cowVvWq_9CGD6fOR918m07_mG-EL8T1O2i-UT4CELwahYn50U8fREwG5ceMf-oVZIzLHPLo4DeELcE9AgjymIPyqH2F5MEuwSXC9kaStGOxKy9NT3kqm_-3Uy1G17tgst5EE8fBOSGoXQxOcxFAaE9Xxpu-Y4UFYVwtwQOeFBABhEk4EHwd6zz8GsnJzLx8lg4zQ61lo6LSpqzCakWiyPiknC0NqBDnqEeuvV8fJkPPGMCW5Qljb9vuWo33JqZ4znxLmadgpr86OY5BO2-tLp0qnP0nwJWMU08lKByy53APd6P8cT00zjfQ44jDB5zqNne2WrK1nOMkk7qyzXCPbVzJ9nQQbGOzDkzZ2P29xLGmoWldjNxXsLTl4BbC_A5dLJz6NY8H0cGzDDOcIllE5DQvon96Mlk9aGpHwvnEQ9tpC8knuuHqwGkdZOJqXZxDJy8PBCEj5ekkW_3GBCXvOps9fIzoDZrveIj3K38E18RboA_Tcm6CLK5WK2yvSrEZv3ZOi8Ucd7EQ5f9LJ5oO_wm3Vj01Z83pF11goZ9NnSwmGjdGsLWu-EOtOO5uRRtST0Hfoh-7Dp_58DbWKM7LTL2BZmh8NmXmbFm5vjtvLwKbuS-JVwSfXA-16SX-qYC1XWys2jujthfSJPqGZPTVgK22kqisxP5c-jdtZuR8yyePgt7d4i6R1KisrWNYjQ6XNnZDGG3Vh5Y3BGZUFdt_ccheODJaj9UflTsQjrK4M5w58lBBJE_hTpcMPR7hDtU9DDZpC8Vk7AVuZUG2fW4saKzmKosN4hPhSOpW9u17XW00I4AS1bWLpFRtVNEnkVEnllEnklEnlF4_yw2lBZmeXC9lpXQsykKwxYNVI32AflWnm3_lrSZq3R8zT53Dtcp52pLd-WVzo-fqp30qdtESyU1kcrakurdb9JmePrOKew5AG0DqwOnrc6eU8WCrAZ9Dsjh2irUAr5z1CnW4i8Ph203OT-g69PvkrmTL2r0a5Y1D-fqWaIWWC19dN_iov3XmtJRdyUezZRePMrzSNxWYOpF4N0sVSvdbV2WMc6KyH5pjsM9a8t7vMtF7bNncxiFWZH8tUy2Jdgh51YsyjrWHcoWK2-OYtzx55HWrx7zZoWbvGNgKs3MVSt40cvq8BjtDlqnHeHXOg7PN76X4z_kQ3yjb3oDN_-zv1R6ub1Zzl67LXEUB430Ln0s64QHL9UTNRToqs0-IcrvfVH96f7SteXJI9V7cj1aFpLgjUUXMp3wktDSSHhTtFP8yy5FbYu02lZy1lNcBTuFTI_bEw4NoZE0_AaaGensiY4FSxPfimrH9u0Ft965ZN-ypQ3VTv33nB5oaKe6_m4YZ_eL1Cbtf2TbiipIwI_TJJqiLCU3e8nVdQqguKGqrtiwzFVytBmnvBWmaX0XLmQiepvFH1VTbL-UfW4ilRsAkhP48H_AKGI0O7pMiFoEvfv_OP_Zt_AA6A%3D%3D&tga-with-creatives=1

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

a3f59c229839c0fc7fd44c46df646699820dbe4d54e1366e4901828db647ef35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Sun, 23 Jul 2023 15:47:04 GMT
x-yandex-req-id: 1690127224822681-1599554513547144385800240-production-app-host-vla-pcode-40
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
content-type: application/json
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 23 Jul 2023 15:47:04 GMT

GET
H2 200 v2 Show response
an.yandex.ru/adfox/264109/getBulk/ 211 B
324 B 198ms
197ms XHR
application/json 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/adfox/264109/getBulk/v2?pr=2072589700&pr1=1880566514&dl=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&prr=&extid_loader=&extid_tag_loader=pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&date=2023-07-23T15%3A47%3A04.740%2B00%3A00&pd=23&pw=0&pv=15&pdw=1600&pdh=1200&ylv=0.811262&ybv=0.811262&ytt=139637977120773&is-turbo=0&skip-token=&ad-session-id=8913641690127220599&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22supportHDRBrightness%22%3Afalse%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1015%2C%22top%22%3A107%2C%22req_no%22%3A2%2C%22ad_no%22%3A0%7D&enable-flat-highlight=1&pcode-version=811262&p1=cmaon&p2=gxvp&slotNumber=5&bids=W3siYmlkZGVyTmFtZSI6ImJldHdlZW5kaWdpdGFsIiwiY2FtcGFpZ25faWQiOjgxMjk1NywicmVzcG9uc2VfdGltZSI6NTA0LCJlcnJvciI6eyJjb2RlIjozfSwicGxhY2VtZW50X2lkIjoiMzk0NTIxOSJ9LHsiYmlkZGVyTmFtZSI6Im15dGFyZ2V0IiwiY2FtcGFpZ25faWQiOjEwMzI3OTUsInJlc3BvbnNlX3RpbWUiOjUwNSwiZXJyb3IiOnsiY29kZSI6M30sInBsYWNlbWVudF9pZCI6IjgxNjAxOCJ9XQ%3D%3D&utf8=%E2%9C%93&pcode-test-ids=810507%2C0%2C9%3B810244%2C0%2C34%3B802252%2C0%2C59%3B806791%2C0%2C58%3B802634%2C0%2C95%3B803000%2C0%2C48%3B808036%2C0%2C3%3B805962%2C0%2C31%3B801975%2C0%2C88%3B798891%2C0%2C60%3B803896%2C0%2C13%3B802014%2C0%2C75%3B805227%2C0%2C3%3B805235%2C0%2C5%3B800948%2C0%2C61%3B808198%2C0%2C36%3B811262%2C0%2C95%3B681843%2C0%2C78&pcode-flags-map=eJy1WNty2zYQ%2FRc9Ry7vF7%2BBBEih4kUFQDlKxoNRY9VVx5eO7aSpM%2F73LgBaEmUFci71g0xS2sMFdvfsWXwZzRGXfNKeSYRlhTJSyaJlkjYyQ01D2Oj0%2FZfRp%2BXVx9XodCRYR0ZvRg%2Br%2Bwd6AfdR5PtBPHo6f7OFmbEWd7ngsm3kDHWcWBFiNw18g0AalFVEkryttyAV5UI5M6eYtOoCvs1aiVg9gF19%2FnsPNfRDjYop17B52zVCMoIpI7mCRLOZ3TPPCQJvszZYiKy7SlDWVhWgNUJdECbPkMgnBEtBayLbouBE2HF9z4n39kxQAS6iBsusxQsViRliqCYC8DEpELx3gFmgig9BgziItqCMCLZQAWiIOGvZVBLGWnso4zAK4nSD0AeD5wg%2BKzqFy47NyQIQz8AlTsvGDhc5sR%2B%2FgPsRjKptSllUqFR71lVYQgSrheRTOjObP0dVdyTb4ihOog0ixC2fQtIv2k5IXrXwQd8RiEHXYMQo4UfAEjdwh%2B6RtzPjIiRwTjin8Ay%2BFPJtXdnBEt8N4teDyWwBm4olX0A5%2FHxohLGsqXmeVy2H%2FM4YyqfHtuS7VpG3mMiOVa%2FGVtFWIZsxoqtxW5eGJvrvB3CuA38DvNRPY%2BcIXtYVBdQgqWdiAWVQ033Qb0aczxDFP9%2FDooPr70VtFFX%2FZE%2B%2FgvlD8TmM%2Bf%2FtwPdGX%2BV%2ByVAmK9KUYjIwgq6S7JolTuLEwbYdCE2Uc8I4bYf0CL9Lw3Bg6zp%2B7GvbBTQP8layTuK2RrSxdcfQiT0%2FOmgmoV0KRjOruec6UdCbK0tjIlF1hhbcagmtPjWMOdNFD22Uk0bYbULPcQatvG%2FhOWdWw9SNE%2BOmjqiRM7JraEGBzmgDzbVAObFjJF7fq1XPYqRghE%2BA10qa2%2BwiN%2FH7LYIlFpTViukYELZKVJBXkGsZxVYI2GXPHawbJAhDJexX37hUxvOcEdJIzmd2f1I36P1BkNht0%2FuCCiUxaKHEBiwLYWJ3Kk7SyIgEpYcK6JENhh5s7CF99kWV3T6b6obL9ZYMFZ4dJQ2ceINSEdBLgGBVhFGUBJHZzp1tKxkwHCiRqWjtfidR4Pq7%2B6cFlTybAMgOXgMSQge87JhqmZ1SnDmhc%2Fu2xq4TxEauMiZNpomONX148opCtMWEtV05sfdIF5DM%2Flbo3UJHVOpS2zX7Mvpj9fDhz3p5d7m%2BGZ26ofNmdH37%2B%2FpqxT8sr9Y3l6NT72mAGkIZaFReIybkbx3piG7sWYWUggIG2H3B%2B9H1cn11cvcRfPt3eXOx%2BgzXv6yvl5er%2B8Gjy%2BW1fnLxuLoxP19%2BWj%2Fcmsvrk52bi5t1%2F1QhbxDgwd3y8er28c%2F%2B68c78%2F%2Fj3fLkZvXP%2FYsf%2FLW8vV5r0%2FPDS2yQgHjJmrBSfWKKpECllddA0nt9cumyIBB7RlAugMKPGIa%2BY2YMGBuepT6If3h109UZsTJcHLp%2B33H0oKWHGrCEXpaR3FTknHIK3HEEJnZM9gGNgPSrFcGVmnIoLtCB8BJceCj2orFLCm8cBDkaZxnOxjhHnp8khEQhHu5vEoZp3xyHk9xO9Yi2yyemhpTkVOuAdshUDf0KhH%2BkhqBEobOqN6jW6ylGAIrFgItqa3HHSRy40SHf9GwGs1aVqSyfwQc8Ecov2lBxYKh6gRwEoTtE3lmvpkBaSsQh%2BFxToRUtdSFdjuyhwswF0rPkZqDvp1V7Kh5A38GtaDkRwEGkfq2PwGTPUx9klVb84AcIG2u7j1Ngau8AQF%2BWr4JIwx7CqAxBuKCYv2iSn5b3D0MpFnvhs7CBzBM0N7WcVS3EH1rF2YQKcqAe2JiOvSB1QdyNXYDcvff27v29%2B0Dfo7EXglCNPbA%2FH%2FiURu52Yn3Wq6KFojDFAdkIAkPt7qRrQBQgOhwHw6H4Bc0YOtsRDQmh5C3%2FFkT%2Fa4AIczyd75EWfO8FwZ6F16sR2kB6IchZk3MEsUGSOif%2BYC88L%2FR2z4pUq9yU5RER8eHhahjs6FmLqpqZYAYTrkryBmZUu6EX%2Bcb71x1VqeoGVptQbC2dxPEdZ48iRYkkq2cDpafP2HaoyCSn0XN2fHhDdBRfiw0zg6hfvRKxj8cOjjnfGQalf90rMRvSMVRJWkM3PBKRMI28rR5UB2oEBih1ZAE0aASZ%2FaVu2usvzck7ZtIoHkGP9NA0Sfps0gHqmroDpthf%2FZH4gzjeOKGpVgM807jd2HNck5RMZOawE5SjgJXwWctUKaOmPJJ%2FoddLoFwdaUqOCmKEvc4Ja%2FdQxv2Bq3mT5ux%2B5FIMUyFB7DF00r59G82ljzjNm%2B12iZsmW7J%2FyT6uF3lD9tFPns6f%2FgNrw7OU&use-server-side-rendering=1&pcode-icookie=ke%2FWdq1tz0LHrWI5mK03WsVwRpwA2pvrOhfRVgMgstu7NS6mRsJv03s3wQWeOJG4I2u2a7%2BSVX9UO7ZSecLvxnLvZTE%3D&top-ancestor=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&top-ancestor-undetermined=0&grab-orig-len=2956&grab=eyJncmFiX3ZlcnNpb24iOjIsIm9sZF9ncmFiX3NpemUiOjE2MH0KEqW0kCS570EYqJOKlf4khQfue69rtITXr0u_BPzztZmTPmvXt4vhyKaB-YnTxBHcj2zFMdpCS2-aLFkKX34BfSKAK2amrV2hSTylevHVL6ej0ZiYmEBiYmIGs0HQKQfGSEY8lEP2gDBHMjvVUHTKTjLUXduJ5kOUDcVQD9QhmwNrpA8B5eS79qHHs66nLc9pzEYWVgM1fNeA8OCrOvFI54sWagHfOXC6bqQPJ3-uoV7Db6sa6vmQXmT6YMcredwrT0648YTPMsA-pHgOlO2J0cD_zoqu-W7a7znQjtXpwOqaa6TuJAfzDO9a2Ncf-yvTDLRnXada8UN-BTpoM3Nhd9CWFb3dkVmyorQjRGYdntbHYS6zapoqcwnHS1_qrQaLMbPkJu-05qasNGVwvAP_-yg60XOcTqf7ARSY8YdTHNPEi780x9LSksvOiYhSPl-C8AuLB-p8qMoXS8U6B-TNJub3e-Hyh4S-JTyrY-TYc-3CFB0tfP4vAbrtmRwVPxB1J_vCE1avR5wZNCU0GLmBXh9giRqpdLALOGigUr6ihan46vU06rDl9NDsDnoLzGktKr0ejtfGFpU6bWwwDJXRKwopy422yiAmlVW2ohSTNeQwxOStZVG8NHURyhcWffbyhcXuqAKSbIXFROO1Awx-gHuWo0yX2-3wVF_PCUNeCMEf5El313VixAqAtMn-S-61n-oeaIJY0PbL81_9_0QMj_jfIR6YiBWEG1KiRIiHuhDO2DRY6GgveXpjZbIPiJ34X3JPjjsZ6xX3R9Z08trhWfFCSdhenm_FByCBN2dgoM0L-tLg5QvFYjKVhpcoKwMsC3R-Is2VxSQC7a4m1KZJMTD8BwOdJBnM6XKvXUKeQ5KGJHFuCRJiV8ihLc8CHEryJxFtLk3UAcGFRYBgBktWmq-YRqOh2JOK6GEAJflro8_gqf30EifpCNiJPxEW5h-53vgDiAH4wAMjMHEfL4I08AYkYfD2L7Byg1mIofqnXivtfeEgIEcV-tywRBwpkq-n3dBI65JAvLMsnjjNHxGRdvE_9rhEmxhzfaYXP0djobjY4-gB2NKQg8DAYM1hLomNRFZ8xDK0FPEl7UERT9Sz3OwVb2nLTFNcbGspgncJ575TIp6_zZeXbwkLKeLw_5o-NnTYhuyeMFT1_Hceb7LDH9KB3nzRc_vl632iPaz8L5QOVAFVLxYpxkb6KqsQjyFOWBbDBwprXlCbTT5xs6nPDBYTndf-TvVHeMWyMDnfGeITRPKNnIdPq_g-CplWT2iT7acYijlwFjfX-ejoYqyZ4dXMLEjj1QGAOAcB04OA3bD09PuAlIcjPND4z4PxpZOPlGvuM8B3KPcj_Md0oXxqsdpp_P2IYEmTcn0P2bNAd-Q7fuCac4-O0Pju5HTW55FxLgRAX2gRmtIAxCUn-lL2T4cowVvWq_9CGD6fOR918m07_mG-EL8T1O2i-UT4CELwahYn50U8fREwG5ceMf-oVZIzLHPLo4DeELcE9AgjymIPyqH2F5MEuwSXC9kaStGOxKy9NT3kqm_-3Uy1G17tgst5EE8fBOSGoXQxOcxFAaE9Xxpu-Y4UFYVwtwQOeFBABhEk4EHwd6zz8GsnJzLx8lg4zQ61lo6LSpqzCakWiyPiknC0NqBDnqEeuvV8fJkPPGMCW5Qljb9vuWo33JqZ4znxLmadgpr86OY5BO2-tLp0qnP0nwJWMU08lKByy53APd6P8cT00zjfQ44jDB5zqNne2WrK1nOMkk7qyzXCPbVzJ9nQQbGOzDkzZ2P29xLGmoWldjNxXsLTl4BbC_A5dLJz6NY8H0cGzDDOcIllE5DQvon96Mlk9aGpHwvnEQ9tpC8knuuHqwGkdZOJqXZxDJy8PBCEj5ekkW_3GBCXvOps9fIzoDZrveIj3K38E18RboA_Tcm6CLK5WK2yvSrEZv3ZOi8Ucd7EQ5f9LJ5oO_wm3Vj01Z83pF11goZ9NnSwmGjdGsLWu-EOtOO5uRRtST0Hfoh-7Dp_58DbWKM7LTL2BZmh8NmXmbFm5vjtvLwKbuS-JVwSfXA-16SX-qYC1XWys2jujthfSJPqGZPTVgK22kqisxP5c-jdtZuR8yyePgt7d4i6R1KisrWNYjQ6XNnZDGG3Vh5Y3BGZUFdt_ccheODJaj9UflTsQjrK4M5w58lBBJE_hTpcMPR7hDtU9DDZpC8Vk7AVuZUG2fW4saKzmKosN4hPhSOpW9u17XW00I4AS1bWLpFRtVNEnkVEnllEnklEnlF4_yw2lBZmeXC9lpXQsykKwxYNVI32AflWnm3_lrSZq3R8zT53Dtcp52pLd-WVzo-fqp30qdtESyU1kcrakurdb9JmePrOKew5AG0DqwOnrc6eU8WCrAZ9Dsjh2irUAr5z1CnW4i8Ph203OT-g69PvkrmTL2r0a5Y1D-fqWaIWWC19dN_iov3XmtJRdyUezZRePMrzSNxWYOpF4N0sVSvdbV2WMc6KyH5pjsM9a8t7vMtF7bNncxiFWZH8tUy2Jdgh51YsyjrWHcoWK2-OYtzx55HWrx7zZoWbvGNgKs3MVSt40cvq8BjtDlqnHeHXOg7PN76X4z_kQ3yjb3oDN_-zv1R6ub1Zzl67LXEUB430Ln0s64QHL9UTNRToqs0-IcrvfVH96f7SteXJI9V7cj1aFpLgjUUXMp3wktDSSHhTtFP8yy5FbYu02lZy1lNcBTuFTI_bEw4NoZE0_AaaGensiY4FSxPfimrH9u0Ft965ZN-ypQ3VTv33nB5oaKe6_m4YZ_eL1Cbtf2TbiipIwI_TJJqiLCU3e8nVdQqguKGqrtiwzFVytBmnvBWmaX0XLmQiepvFH1VTbL-UfW4ilRsAkhP48H_AKGI0O7pMiFoEvfv_OP_Zt_AA6A%3D%3D&tga-with-creatives=1

Requested by

Host: yastatic.net
URL: https://yastatic.net/pcode/adfox/loader.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

ee9c79d3a8b584d3d61a64b4f8a507316ee7cc60ecd545f7cb1a0fba6e519d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 23 Jul 2023 15:47:04 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Sun, 23 Jul 2023 15:47:04 GMT
x-yandex-req-id: 1690127224819981-311767743004398843700206-production-app-host-sas-pcode-541
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin: https://pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
content-type: application/json
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 23 Jul 2023 15:47:04 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 9C18 0
127 B 32ms
32ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 23 Jul 2023 15:47:08 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/adjson?t=adfox

Domain: ad.mail.ru
URL: https://ad.mail.ru/hbid_yandex/

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

56 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bookmp3.ru/	1970-01-20 22:14:23	Name: __ddg1_ Value: Aja6xsW7JggNRiucV92R
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/	1969-12-31 23:59:59	Name: _csrf-frontend Value: b4601ce19a7a73ead1d18558b8b5824cd3033eb3d1d7befa88dc5d28e7a42388a%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22e%F7%29%FA%88%26%0E%F7%CC%D3%21%B9s%10r%7D%CE3u%B1%7C%B5%CC%82%F6%05%1Au%CBu%A5u%22%3B%7D
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru/	1969-12-31 23:59:59	Name: b Value: b
.bookmp3.ru/	1970-01-20 23:04:47	Name: _ga Value: GA1.2.79069004.1690127221
.bookmp3.ru/	1970-01-20 13:30:13	Name: _gid Value: GA1.2.1244563249.1690127221
.bookmp3.ru/	1970-01-20 13:28:47	Name: _gat Value: 1
.yadro.ru/	1970-01-20 22:13:15	Name: FTID Value: 1alKjr3tr5ub1alKjr0029Eb
.yadro.ru/	1970-01-20 22:13:15	Name: VID Value: 1nUSDZ3J5cub1alKjr0029HG
.bookmp3.ru/	1970-01-20 22:50:23	Name: __gads Value: ID=790efece4307c05b-2291e59ae8e200a1:T=1690127221:RT=1690127221:S=ALNI_MY0bf2bVYF83j8__7b3mTw61l955g
.bookmp3.ru/	1970-01-20 22:50:23	Name: __gpi Value: UID=00000d0ee307a4b1:T=1690127221:RT=1690127221:S=ALNI_MaZ3DljB--T9cjOCv5HcFP0MNF7Jg
.hit.ua/	1970-01-20 23:04:47	Name: uid Value: 1680423410.1690127221.3487007403
.onetag-sys.com/	1970-01-20 22:58:33	Name: OTP Value: ovinaqeuUJb7DWJPUzcuvuF7pEMDl57rsze0zdbk0KY
.doubleclick.net/	1970-01-20 23:04:47	Name: IDE Value: AHWqTUn-q09QtRuseuHfrNT4i8EF0cYQ7o6hLJh89Rd3Yus4yBN8w5WhKbwYoSVbeoM
.bookmp3.ru/	1970-01-20 23:04:47	Name: _ga_XR25G8TDFM Value: GS1.2.1690127221.1.0.1690127221.0.0.0
fksnk.com/	1970-01-20 13:38:52	Name: AWSALBCORS Value: 04MS+dc7ta6XFIaahHUtXKhURgAXkbiJZr/kknxnqy3VLVekOqW7RPx9Icdf5+aoU/oXLUVfOOu9qWjJ9yqtRC/oiRYubEZ8XWp19dvxfjRX9+zQYlvA5euVtOZa
.fksnk.com/	1970-01-20 15:38:23	Name: f_001 Value: FB33496344F9209D
.fksnk.com/	1970-01-20 13:30:13	Name: g_001 Value: 1
sync.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id Value: s%3A0-6461cf8b-a48b-5c3f-42b2-1db1c6036d1a.uQzWR%2BoABMWQdMDpySXOKor0RPlCcOVUTa6FwZhY%2FJc
.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id Value: s%3A0-6461cf8b-a48b-5c3f-42b2-1db1c6036d1a.uQzWR%2BoABMWQdMDpySXOKor0RPlCcOVUTa6FwZhY%2FJc
sync.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id-v2 Value: s%3AZGHPi6SLXD9Csh2xxgNtGmAJ-Ss.rMTvsBWdwW5KYPPJaA59rwNPWSyRvBn1WEq3UhwAuIU
.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id-v2 Value: s%3AZGHPi6SLXD9Csh2xxgNtGmAJ-Ss.rMTvsBWdwW5KYPPJaA59rwNPWSyRvBn1WEq3UhwAuIU
sync.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id-v3 Value: s%3AAQAKIO8JsC74U43c63MZ0UfPCipRfbAlWjWgwheYwuS4Nq2BEHwYBCD1lvWlBjABOgR0TiW0QgQ7sMwX.fsFjnNn0dc6edSSIPBhshSPz0c3ndOOKramCyYYEADM
.srv.stackadapt.com/	1970-01-20 22:14:23	Name: sa-user-id-v3 Value: s%3AAQAKIO8JsC74U43c63MZ0UfPCipRfbAlWjWgwheYwuS4Nq2BEHwYBCD1lvWlBjABOgR0TiW0QgQ7sMwX.fsFjnNn0dc6edSSIPBhshSPz0c3ndOOKramCyYYEADM
.turn.com/	1970-01-20 17:47:59	Name: uid Value: 3712850770220728860
.adkernel.com/	1970-01-20 14:11:59	Name: ADKUID Value: A7423259293904304121
.e-volution.ai/	1970-01-20 13:48:56	Name: ADK_EX_193 Value: 1
.e-volution.ai/	1970-01-20 14:11:59	Name: ADKUID Value: A7423259293904304121
.send.microad.jp/	1970-01-20 15:38:23	Name: TR Value: c78a0a3514381cac67a5ad69861f9b123b123e0c43f3e05d
.everesttech.net/	1970-01-20 22:14:23	Name: everest_g_v2 Value: g_surferid~ZL1LdgADBbxQLgA_
.bidbrain.app/	1970-01-20 23:04:47	Name: uid_cross Value: 2ad0013e-2970-11ee-a569-e6179366c977
.yandex.ru/	1970-01-20 23:04:47	Name: yuidss Value: 6489229281690127221
.mathtag.com/	1970-01-20 22:54:42	Name: uuid Value: bf7d64bd-4b77-4300-9788-566141960479
.mathtag.com/	1970-01-20 14:11:59	Name: mt_mop Value: 4:1690127223
.zemanta.com/	1970-01-20 22:14:23	Name: zuid Value: MO-stSB8NPBi2X7yzT92
.mookie1.com/	1970-01-20 22:57:35	Name: id Value: 10594788499652556986
.mookie1.com/	1970-01-20 22:57:35	Name: mdata Value: 1\|10594788499652556986\|1690127222851
.mookie1.com/	1970-01-20 22:57:35	Name: ov Value: 2dcde8f5f1694edb0be386f5d6af2d3f
.bidswitch.net/	1970-01-20 22:14:23	Name: tuuid Value: 47ba77fb-4cda-48e0-83c2-c694dcf4a8fc
.bidswitch.net/	1970-01-20 22:14:23	Name: c Value: 1690127222
.bidswitch.net/	1970-01-20 22:14:23	Name: tuuid_lu Value: 1690127222
.owneriq.net/	1970-01-20 23:04:47	Name: si Value: Q7434136221714572073P
.owneriq.net/	1970-01-20 13:43:11	Name: p2 Value: gguuid
.owneriq.net/	1970-01-20 13:43:11	Name: gguuid Value: 1
.bidswitch.net/	1970-01-20 13:28:47	Name: google_push Value: AaAOQGHsYWkx7HkJN3MyPaRzNO7WiYa0AWXEVGWjOJL2ZzwSg0r7uBNM4pGBtGVl3UyVYzIE0sNS4c0kWOWVmv6MtBDeP4CvvxC5yfU
.travelaudience.com/	1970-01-20 23:00:28	Name: _tracker Value: %7B%22UUID%22%3A%22588DEECD-8752-4D78-A811-1D25307BA7B2%22%7D
.adform.net/	1970-01-20 14:13:25	Name: C Value: 1
.mfadsrvr.com/	1970-01-20 23:04:47	Name: tuuid Value: eae2a752-aba5-40ae-b422-0bf812353bcb
.mfadsrvr.com/	1970-01-20 23:04:47	Name: c Value: 1690127222
.quantserve.com/	1970-01-20 15:38:23	Name: d Value: EHUBCQHEKYEA
.quantserve.com/	1970-01-20 22:59:01	Name: mc Value: 64bd4b76-e8833-3623e-e85ec
.adform.net/	1970-01-20 14:55:11	Name: uid Value: 8669686135092103789
.mfadsrvr.com/	1970-01-20 23:04:47	Name: tuuid_lu Value: 1690127223
.mfadsrvr.com/	1970-01-20 23:04:47	Name: ssh Value: !google,1690127223
.yandex.ru/	1970-01-20 23:04:47	Name: i Value: hxNdoKw8JFjSbO18vC/fqS4kYxH9VgvlWhUHISxaWt3/xc9yXeMO2OqdNXuWJ1SC9S08yIn4BGzYbpNyljKyod2lxS0=
.bidbrain.app/	1970-01-20 13:28:54	Name: sid_cross Value: 2a12e0a2-2970-11ee-9525-22b383453e36
.yandex.ru/	1970-01-20 23:04:47	Name: yandexuid Value: 6489229281690127221

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/3/audiobook-znakhar-polskijj-jazyk.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/7/audiobook-chelovek-na-zemle.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/6/audiobook-dvojjnjashki.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/5/audiobook-zelenoglazaja.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/2/audiobook-tropinka-v-odin-sled.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/4/audiobook-poslednjaja-dver.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/9/audiobook-lermontov-odin-mezh-nebom-i-zemlejj.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/8/audiobook-chelovek-v-vozdukhe-2.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/0/audiobook-zvezdochka-svetlaja-zvezdochka-rannjaja-1.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/8/audiobook-staryjj-prestaryjj-sposob.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/4/9/audiobook-kosti-1.jpg Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/4/6/5/1/audiobook-nechestno.jpg Message: Failed to load resource: the server responded with a status of 502 ()
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=178&slotname=2609168587&adk=1374432671&adf=4036610663&pi=t.ma~as.2609168587&w=710&fwrn=4&lmt=1690127221&rafmt=11&format=710x178&url=https%3A%2F%2Fpay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690127220793&bpp=7&bdt=2140&idt=288&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&abxe=1&correlator=3351506828697&frm=20&pv=2&ga_vid=79069004.1690127221&ga_sid=1690127221&ga_hid=1607610873&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=295&ady=1653&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31076178%2C31076253%2C31076272%2C44788441%2C44796827&oid=2&pvsid=2375589004232872&tmod=1168576036&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=eSqxti5e1U&p=https%3A//pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru&dtd=334 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.mail.ru
ad.turn.com
ads.betweendigital.com
ads.travelaudience.com
ads.us.criteo.com
adservice.google.com
aid.send.microad.jp
an.yandex.ru
b1sync.zemanta.com
c.hit.ua
c1.adform.net
cat.va.us.criteo.com
ccdc9b7f82b4b8f60e62e802f53f0fdf.safeframe.googlesyndication.com
cm.g.doubleclick.net
cms.quantserve.com
counter.yadro.ru
csm.us.criteo.net
dsp.adkernel.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
g.bidbrain.app
googleads.g.doubleclick.net
im.bluevoox.com
imageproxy.us.criteo.net
matchid.adfox.yandex.ru
mc.yandex.ru
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru
px.owneriq.net
r.turn.com
rtb.adentifi.com
rtb.mfadsrvr.com
rtb.va.us.criteo.com
rtb2-useast.e-volution.ai
securepubads.g.doubleclick.net
static.criteo.net
sync-tm.everesttech.net
sync.mathtag.com
sync.srv.stackadapt.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
xp4stm90bvzr.frontroute.org
yandex.ru
yastatic.net
ad.mail.ru
ads.betweendigital.com
mc.yandex.ru
104.65.247.96
142.250.65.226
151.101.130.49
174.137.133.49
185.167.164.39
202.233.84.1
2600:1f1c:a99:832c:2412:5a3c:977a:e751
2606:4700:3034::6815:53c
2606:4700:3038::6815:e9e0
2607:f8b0:4006:80a::200a
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80d::2001
2607:f8b0:4006:80f::2002
2607:f8b0:4006:816::2002
2607:f8b0:4006:816::2008
2607:f8b0:4006:81c::2004
2607:f8b0:4006:81d::2001
2607:f8b0:4006:81f::2002
2607:f8b0:4006:81f::2003
2607:f8b0:4006:821::2002
2607:f8b0:4006:823::2002
2607:f8b0:4006:824::200e
2620:100:a001::16
2620:100:a001::24
2620:100:a001::3
2620:100:a001::4
2620:100:a001::9
2620:112:f002:bbbb::21
2a02:6b8:20::215
2a02:6b8::16b
2a02:6b8::90
2a02:6b8:a::a
3.215.246.119
35.190.0.66
35.190.90.30
35.207.24.140
35.211.178.172
45.147.197.153
51.222.239.232
52.1.202.173
52.45.175.185
52.54.23.208
64.74.236.95
74.119.119.147
74.121.140.211
77.88.55.60
88.212.201.204
89.184.81.35
000af5717d638f7e622038611e0b30af7e657a56b2c3815d380abe67a7b207f2
015cbb23fe64ff8f80ebf425fc0470508add4fd73d829b5857e2af5e011c2488
021f81e33df0b5f169865ecfce210dca013af2e27dd74867d3f93ea99215fbc6
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d
07d266f7989ef1aa720edf6ae227b42159c64c65d88590186a1a16971026d874
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
12d8aae0cf51d039bfbef1c8f7ec828851423f05c8f9e5d290b2c2e15cd9a8a6
13f5a94a9a48ad2d88290043b8529326e91b6bc2f08cf01ce2658e5fec6414ce
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1e2ac6f9a72032fd1d20e9edb74a8e7362119620364823014ac430dcd0f18825
1f0f1071ab7fcf6a87e947376a3d52b3cdbffe66c5a0acfc72a6e17fbd4a4eab
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c30928825264af3ce25cd2cfa08e921439b52efcc30a328e94b4e84064bd6fc
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
3be3f024c46ff93eb55bb00f599911ef69c7957b19c8c3df9aca743259f35ae3
3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee
41f9aca596f32a079981c9bd6e8b148666c75438488d60bce83cbf9b59ed0f9f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
475b5e40e4c41e722538f591ff5a9782f86bace4216a0da52b4fbaaf871e3769
47a37cabd33f930dd28119e3ba60cca269770f1b2a774a52bad0a75d8076cd8a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
509acd0a7a223475c8d8d3a41a9221985749279ff42da166a5974c643e068433
50e4c20b2a1596f5618dbccb3ad11d4f42f18066d9f89bfe7cb6b6b633a1afcb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a3ab3034d8f8e53865994d18730046a9453ed8e61d8f03843f3e51596eaff27
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72fbfa69ab959bc203d5c33af74509e9381492a869d272ee05a2dd0f0d6b78b5
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
87cbff2907addb1f3e879fb7781be8a5595479856c1c5965a99efb56afed6144
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
918d86b34426127afbbb1bf5164bc3aa6867a9b591f5cbf78b385abcad00d925
9544b85c98dac024283da83aec5d6a8b164ae7f6bfeca6e7d77a1e994f1a57f0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9db129aa3921147903ef714d1826cb9e5ee3dd8183fbe7b18579215096509e06
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3f59c229839c0fc7fd44c46df646699820dbe4d54e1366e4901828db647ef35
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a61735542ef93f832ab8321f9670a83ff11f58b5e122b2fb014199e32de05312
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a77253dbd514195ad72d61e790bac8c93e77ab51b4489020982dd39d60595a13
a8396e571ae530c2c35832b621c27614fcccc7b47f4e63a9d2e28b0ca8201b3a
a94755ecd90a113ceb5ffbb9a9834639bbf215711895074c4181eb309929ca25
af0d78cf0adffce717ddc17cf4c4b6fb92320ec7d490cbb9c6d1c39ee4cc5364
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1539b006efe1556d3ba63635d3e714e8481103c8029d6adbb192ec686cb3c05
b2d687217fadfec4734a492a74be62ee53b5a538a7c0ca8fdedc3b3c6341bc42
b38bb9174e4b7d8a2dcf5eb8cc14bf1a817b1cf9b4fe89be4cdca41d81a9fe4a
b9db30db84c353b393ebed43c0803e40d62453ec010584b9449a28f0348cd01b
ba3fe57d4c6db83ac847ed57653f1867fbc81c14ae09bf3c4a21fd72058d2a37
bc4540a14193a6537e0c03127bbf19848e6226bd437f2550d18f1f385c55eccb
c87b7f745cfb4a994801488584e6e0e78d6c4f0ad567e985a781fc0b86074724
ca45bad6468c27d6c1d3eb78e2e652313a31fd0af830051547ab6e5253d07597
d34194fe51ff39df244e84b34ff81e8481464d14fe3eefb20b62b63e7c2d923a
db0d17ee9c24794dc313d2588c0c19bccccb2f7439a0dcb6be8cc985df84baf3
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e15abeb092cdbdbf13387272ef594bdc55711678877bd4d70165479676545af6
e1895e29e4dfd0928386fb0b6be3a94ce6d554d52c589a4e68e768d0092c4fc5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cafba2d8fd7a8d76f356f7f298fc1cf743ca78f9f17f997e9000ba587cc748
ee9c79d3a8b584d3d61a64b4f8a507316ee7cc60ecd545f7cb1a0fba6e519d5b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f31b1043f1cc0f458e742251b52d80e5923ec214b6838c24adb575489c19f878
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f919c02713441d1502a5297ec6201783ecf8070a47d5df866a78ca2fb83bc865

pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru Open in urlscan Pro 45.147.197.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

176 Requests

82 %HTTPS

54 %IPv6

39 Domains

52 Subdomains

35 IPs

7 Countries

1635 kBTransfer

5252 kBSize

56 Cookies

11 Outgoing links

Redirected requests

176 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pay.sberbank.pay.qbdkzlgnrid7p9h.ljudi-i-neljudi-1.bookmp3.ru Open in urlscan Pro
45.147.197.153 Public Scan

Screenshot
Live screenshot

Full Image

176
Requests

82 %
HTTPS

54 %
IPv6

39
Domains

52
Subdomains

35
IPs

7
Countries

1635 kB
Transfer

5252 kB
Size

56
Cookies

176 HTTP transactions
4 data transactions