urlscan.io logo urlscan.io
SecurityTrails logo

domclicksberbank.com Open in urlscan Pro
185.174.172.74  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.domclicksberbank.com/
Effective URL: https://domclicksberbank.com/
Submission: On October 04 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 22 IPs in 4 countries across 16 domains to perform 124 HTTP transactions. The main IP is 185.174.172.74, located in Amsterdam, Netherlands and belongs to ITLDC-NL, UA. The main domain is domclicksberbank.com.
TLS certificate: Issued by R3 on October 3rd 2021. Valid for: 3 months.
This is the only time domclicksberbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 26 185.174.172.74 21100 (ITLDC-NL)
1 142.250.74.200 15169 (GOOGLE)
2 216.58.212.138 15169 (GOOGLE)
5 104.16.85.20 13335 (CLOUDFLAR...)
2 142.250.181.234 15169 (GOOGLE)
11 172.217.23.98 15169 (GOOGLE)
29 5.63.158.127 197695 (AS-REG)
9 142.250.185.195 15169 (GOOGLE)
2 142.250.186.46 15169 (GOOGLE)
5 142.250.186.66 15169 (GOOGLE)
1 142.250.185.162 15169 (GOOGLE)
1 142.250.185.194 15169 (GOOGLE)
3 142.250.184.226 15169 (GOOGLE)
5 216.58.212.166 15169 (GOOGLE)
14 172.217.18.97 15169 (GOOGLE)
2 104.18.11.207 13335 (CLOUDFLAR...)
1 104.18.10.207 13335 (CLOUDFLAR...)
2 104.18.23.52 13335 (CLOUDFLAR...)
1 142.250.186.67 15169 (GOOGLE)
1 2 142.250.181.230 15169 (GOOGLE)
1 142.250.185.100 15169 (GOOGLE)
124 22
26    185.174.172.74 (Amsterdam, Netherlands)

ASN21100 (ITLDC-NL, UA)
PTR: 185.174.172.74.node31nl.hyperhost.ua
www.domclicksberbank.com
domclicksberbank.com
1    142.250.74.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f8.1e100.net
www.googletagmanager.com
2    216.58.212.138 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f10.1e100.net
fonts.googleapis.com
5    104.16.85.20 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    142.250.181.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
ajax.googleapis.com
11    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net
pagead2.googlesyndication.com
29    5.63.158.127 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: bazzarobot.ru
bazzaro.ru
9    142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
fonts.gstatic.com
2    142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net
www.google-analytics.com
5    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
googleads.g.doubleclick.net
1    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
partner.googleadservices.com
1    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
adservice.google.com
3    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
googleads4.g.doubleclick.net
www.googletagservices.com
5    216.58.212.166 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net
s0.2mdn.net
14    172.217.18.97 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f97.1e100.net
tpc.googlesyndication.com
2    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    104.18.23.52 (None, )

ASN13335 (CLOUDFLARENET, US)
pro.fontawesome.com
1    142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
www.gstatic.com
2    142.250.181.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f6.1e100.net
ad.doubleclick.net
1    142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net
www.google.com
Domain Requested by
29 bazzaro.ru domclicksberbank.com
bazzaro.ru
25 domclicksberbank.com domclicksberbank.com
14 tpc.googlesyndication.com domclicksberbank.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
s0.2mdn.net
pagead2.googlesyndication.com
11 pagead2.googlesyndication.com domclicksberbank.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
googleads.g.doubleclick.net
9 fonts.gstatic.com fonts.googleapis.com
5 s0.2mdn.net domclicksberbank.com
s0.2mdn.net
5 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
5 cdn.jsdelivr.net domclicksberbank.com
cdn.jsdelivr.net
bazzaro.ru
2 ad.doubleclick.net 1 redirects googleads.g.doubleclick.net
2 pro.fontawesome.com bazzaro.ru
pro.fontawesome.com
2 stackpath.bootstrapcdn.com bazzaro.ru
2 www.googletagservices.com googleads.g.doubleclick.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 ajax.googleapis.com domclicksberbank.com
bazzaro.ru
2 fonts.googleapis.com domclicksberbank.com
googleads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 www.gstatic.com googleads.g.doubleclick.net
1 maxcdn.bootstrapcdn.com bazzaro.ru
1 googleads4.g.doubleclick.net domclicksberbank.com
1 adservice.google.com pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.googletagmanager.com domclicksberbank.com
1 www.domclicksberbank.com 1 redirects
0 api.sypexgeo.net Failed bazzaro.ru
124 24

This site contains links to these domains. Also see Links.

Domain
domclick.ru
play.google.com
itunes.apple.com
Subject Issuer Validity Valid
domclicksberbank.com
R3		 2021-10-03 -
2022-01-01		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
bazzaro.ru
R3		 2021-08-29 -
2021-11-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-13 -
2021-12-14		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 13 frames:

Primary Page: https://domclicksberbank.com/
Frame ID: F17B6EAC4B21B7712A7F75A1624F1500
Requests: 74 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/zrt_lookup.html
Frame ID: 622CE78BAC6114D70D9A1A5022D437A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Frame ID: 95E3189E04BA32845A81B49DBE49F809
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Frame ID: E4004828E0AC3BF7E2FC67FE29555053
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&adk=1812271804&adf=3025194257&lmt=1633306486&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdomclicksberbank.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486161&bpp=1&bdt=359&idt=98&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165%2C660x165&nras=1&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=104
Frame ID: 52E12825C3D0800046ABFDCF93A5D36E
Requests: 1 HTTP requests in this frame

Frame: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Frame ID: BED7AAA89B5055DB90AB7B6FA9070972
Requests: 11 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUvC_PEguT2qJtHZdOOiUB893qL6q_Cr-bujyVF6LN6GbaDPP5uUM6RewKESvMRxHN_SiSKHt7WefCpvkI7kIxjsAPP9H2cd38eEHzTEc-VqjC9YrKapbr317LfLHhQCJ7_8h-d-VzQ6lwc9wQKabGCzqVeNctRFArl2ha1PzRs0EgKxWX4X74a7zT9RBSffsRhE7r5xUcj6gGjhM_ev8pSh8nm4RUD0gu-wUhJvxa-gTGbZiLLZ2_LPbUrpCZsCgZcPLirw3ElmbdL3m1VEErJp9toxGtC9yQLgsW6-Ls48sCkHI7UI0MQDQCj-35ouDwER5SVJhl1uc9Pu-EQXSDUB39nS2WevQqb3SOjE6w8jUq7VaYwQ6iugHgmfe5vpapyapdP3D7vbIeUCwQDcT1hq3LZqw-5Q6LKQFoWm7opJxqMdU5bA4kromqwZztJn_UhM8hhMXSujmjL3xc2tl9nAbG68PoBvkL-F3dLuYXJe03d2KcWUqZ_MV9ABTZk1rBEQ_glUk2A5LbibFU1aLp7QAzaMnW_Ik_iairj-yDkbQAbqHsmGy5ASBTCfyQpTOzWU8bypTgstHVeKc-OkMl5m4ypNojTI6JrmdvoKFBhJhMbFZJUTiSpZWoj2uq_R8LgCJo2jMmCwsr0WAhM7gYWoYX9k7_5nv82NLXnYqazDQeILVMkmJq3QouIDE1id81CPkkEpB2BbbefMtnZtvET7aOesQVwXuf3KM7io0klZNkvx1UelOG5z3nBCaMMlGXWR3lHxeIGYtYciOwwDTTvqFEYNTaY0L9Ynbo2z8qPsj9HCHM9HaC2HnCNivvv6yqR8tzZjZiKKkubTAS4QVYZY3LHFRJtn9S05nvJP3HxSjWFVHc8cyIKYqrFiOul-bpQyLoIfI4B7IVdhHnayz-Y7lPIFpKPpbwfmMo1bdKNhd8BS4eDdllNjM9EzZ1SqAfUU24q6CuV8FpYpI2IFyFD6u02Q&sig=Cg0ArKJSzGXWf7WibzUXEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Frame ID: 4A8BD4E30534CF1A4C235328345CE968
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 94A5CAD5A1FB8F4C0C5121A0E18F7C2D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Frame ID: D15541A7D38B5CB3660B4443FE0132B3
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Frame ID: 9F55687E8EFA3B846692DB72DD67E08C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Frame ID: 0B486C4217D8F23CF900936E7D5A9019
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 42B24DAD2E87D1E62FF64DDD1FEEE568
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9D8C98EC00A3E820A280390A47BD6594
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ДомКлик вход в личный кабинет

Page URL History Show full URLs

  1. https://www.domclicksberbank.com/ HTTP 301
    https://domclicksberbank.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • fingerprint(\d)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

124
Requests

99 %
HTTPS

0 %
IPv6

16
Domains

24
Subdomains

22
IPs

4
Countries

1879 kB
Transfer

3713 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.domclicksberbank.com/ HTTP 301
    https://domclicksberbank.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_pre=CPvG1Oe8r_MCFVWYdwod3YkBvw;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

124 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
domclicksberbank.com/
Redirect Chain
  • https://www.domclicksberbank.com/
  • https://domclicksberbank.com/
50 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 / PHP/7.3.29
Resource Hash
2a0e1d014a89ba07573468edf51c26a04a1f6b9c6347718f3be5d2816af12829
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:method
GET
:authority
domclicksberbank.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx/1.20.1
date
Mon, 04 Oct 2021 00:14:45 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.29
x-pingback
https://domclicksberbank.com/xmlrpc.php
link
<https://domclicksberbank.com/wp-json/>; rel="https://api.w.org/", <https://domclicksberbank.com/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json", <https://domclicksberbank.com/>; rel=shortlink
set-cookie
domclicksberbank-com=type4; expires=Tue, 04-Oct-2022 06:03:31 GMT; Max-Age=31556926; path=/
strict-transport-security
max-age=31536000;
content-encoding
gzip

Redirect headers

server
nginx/1.20.1
date
Mon, 04 Oct 2021 00:14:45 GMT
content-type
text/html; charset=UTF-8
content-length
0
x-powered-by
PHP/7.3.29
x-pingback
https://domclicksberbank.com/xmlrpc.php
x-redirect-by
WordPress
set-cookie
domclicksberbank-com=type4; expires=Tue, 04-Oct-2022 06:03:31 GMT; Max-Age=31556926; path=/
location
https://domclicksberbank.com/
strict-transport-security
max-age=31536000;
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150238532-2
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
819f3743fab5d34f03a2ce23474ba89c0ff7aa8a22c53ece088e54f7bedd0aa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38905
x-xss-protection
0
expires
Mon, 04 Oct 2021 00:14:45 GMT
css
fonts.googleapis.com/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.138 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f10.1e100.net
Software
ESF /
Resource Hash
eafe160c631fe12e8295a70b1f984d23fe9a988f47c3768683927c69554e6b0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:14:45 GMT
server
ESF
date
Mon, 04 Oct 2021 00:14:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Mon, 04 Oct 2021 00:14:45 GMT
style.css
domclicksberbank.com/wp-content/themes/S0587/ 		67 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/themes/S0587/style.css
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
7e7465522a8ffd4f77f9995c8f89b72eba8ebb9a06741777f62593bd5d9aa713
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/themes/S0587/style.css
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-10d35"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
domclicksberbank.com/wp-includes/css/dist/block-library/ 		79 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 08:14:57 GMT
server
nginx/1.20.1
etag
W/"61123581-13abe"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
wpmfc-cab-public.css
domclicksberbank.com/wp-content/plugins/wpmfc-cab/public/css/ 		996 B
637 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/wpmfc-cab/public/css/wpmfc-cab-public.css?ver=1.0.0
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
6f52e612d885bbfb5d970865db6b8ae5c5c01ccf0cf262d8f5648104c7790fe3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/wpmfc-cab/public/css/wpmfc-cab-public.css?ver=1.0.0
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-3e4"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
fancybox.css
domclicksberbank.com/wp-content/plugins/fancybox-for-wordpress/fancybox/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/fancybox-for-wordpress/fancybox/fancybox.css?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
b1730289ee994a39aaff1b676f8b5895396e6f4abf56e909c4f0fd5b5140a2f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/fancybox-for-wordpress/fancybox/fancybox.css?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-1a43"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
font-awesome.min.css
cdn.jsdelivr.net/fontawesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/fontawesome/4.7.0/css/font-awesome.min.css?ver=4.7.0
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1806726
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19151-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"7918-USx9eQM+MCipvmG1QM8aaHDIlvg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
698a36408ffb4dd6-FRA
general_foundicons.css
domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/ 		3 KB
953 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/general_foundicons.css?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
23cd1a1f5a25a43d06063f6b12c5c364fe94bca0cf2261ade2a84d064d8b6be2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/general_foundicons.css?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-d41"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
social_foundicons.css
domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/ 		2 KB
856 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/social_foundicons.css?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
cf7199ce1394d349212173ef3e0b404d98d03949f1391dc3dc97b03ea415696b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/social_foundicons.css?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-9c7"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
otw_shortcode.css
domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/ 		63 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/otw_shortcode.css?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
74f8c5b45107d800cb37a7a1c857c8d55a17cf92a2deddd3adc78fcec24c5a4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/buttons-shortcode-and-widget//include/otw_components/otw_shortcode/css/otw_shortcode.css?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-fc7c"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
append_link.js
domclicksberbank.com/wp-content/plugins/append-link-on-copy/js/ 		1 KB
801 B 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/append-link-on-copy/js/append_link.js?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
c53f6d53cf07309e139b53452a38c4fcbc9420cdf57be69390ae56239c475fa1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/append-link-on-copy/js/append_link.js?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-4ad"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 13:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
383906
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33434
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Thu, 29 Sep 2022 13:36:19 GMT
jquery-migrate.min.js
domclicksberbank.com/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Wed, 19 May 2021 11:12:10 GMT
server
nginx/1.20.1
etag
W/"60a4f28a-2bd8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
wpmfc-cab-public.js
domclicksberbank.com/wp-content/plugins/wpmfc-cab/public/js/ 		838 B
723 B 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/wpmfc-cab/public/js/wpmfc-cab-public.js?ver=1.0.0
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/wpmfc-cab/public/js/wpmfc-cab-public.js?ver=1.0.0
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-346"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.fancybox.js
domclicksberbank.com/wp-content/plugins/fancybox-for-wordpress/fancybox/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.8
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
a95b8245eac029e48d83ca01f79dc362c3ab820fd87f3793a95776a18ce30878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.8
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-3ff5"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		143 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e164a68111abdcba0b2ba6f044e531b79d896ec28ee1baf96432aa99d82e38fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50852
x-xss-protection
0
server
cafe
etag
11958147690405162439
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 04 Oct 2021 00:14:45 GMT
jquery.bxslider.min.js
domclicksberbank.com/wp-content/themes/S0587/js/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/themes/S0587/js/jquery.bxslider.min.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
7731d577c5dfa5f38e9bf82dedae51174c9ddd4d3d4668eea9d1e51d6ce13d66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/themes/S0587/js/jquery.bxslider.min.js
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-5bf7"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
scripts.js
domclicksberbank.com/wp-content/themes/S0587/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/themes/S0587/js/scripts.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
7759d787323b780f4e67c416f8b796f67e4b67b7089b9a1d46f03d9e820c9a60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/themes/S0587/js/scripts.js
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-215d"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
site-logo.png
domclicksberbank.com/wp-content/uploads/2018/02/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/2018/02/site-logo.png
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
49ec942e7c32092c29f19e4c147f0665c3b2d6bf38170460686916c034ebd4b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/2018/02/site-logo.png
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-a45"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
2629
expires
Thu, 31 Dec 2037 23:55:55 GMT
ipoteka-1.jpg
domclicksberbank.com/wp-content/uploads/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/ipoteka-1.jpg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
da26635ccf84d6b4d8e5eeb47d055c31b661092e4c6c2a3e2db9b8c39d03e9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/ipoteka-1.jpg
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-581f"
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
22559
expires
Thu, 31 Dec 2037 23:55:55 GMT
ipoteka-2.jpg
domclicksberbank.com/wp-content/uploads/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/ipoteka-2.jpg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
6a81446c7f1e10ed630bd5f70b08723e66f5b073e6b14cd61868fa05e0492ed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/ipoteka-2.jpg
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-83a3"
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
33699
expires
Thu, 31 Dec 2037 23:55:55 GMT
ipoteka-3.jpg
domclicksberbank.com/wp-content/uploads/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/ipoteka-3.jpg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
056c8f1585c0f27d46a6b6b1cc6673f44478345a0752e8e7a68b238dc3a1b42a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/ipoteka-3.jpg
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-3b0c"
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
15116
expires
Thu, 31 Dec 2037 23:55:55 GMT
0882a8.js
bazzaro.ru/form/form/key/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/form/form/key/0882a8.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
95ca1b389822fdfd215870407e281b590777c7b2a7265b5226ce3bbf01e59044

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Server
nginx/1.10.3 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
init
bazzaro.ru/widget/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widget/init?token=0882a8
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9b23db8337c1afba4042c7527a499863f454f3709916c3abb7c65d373af04245

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Server
nginx/1.10.3 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
front.min.js
domclicksberbank.com/wp-content/plugins/table-of-contents-plus/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/plugins/table-of-contents-plus/front.min.js?ver=1509
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/plugins/table-of-contents-plus/front.min.js?ver=1509
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
W/"604f35cc-17cb"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
domclicksberbank.com/wp-includes/js/ 		1 KB
1009 B 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Thu, 15 Apr 2021 10:51:46 GMT
server
nginx/1.20.1
etag
W/"60781ac2-592"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
content.js
domclicksberbank.com/wp-content/dhr/ 		753 B
534 B 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-content/dhr/content.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
f66014b31a4c97feeaff3ef85f679190e0e59a9f3832645058cdd1694a09e8cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/dhr/content.js
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
W/"604f35cb-2f1"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-emoji-release.min.js
domclicksberbank.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://domclicksberbank.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
pragma
no-cache
cookie
domclicksberbank-com=type4
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
content-encoding
gzip
last-modified
Tue, 10 Aug 2021 08:14:57 GMT
server
nginx/1.20.1
etag
W/"61123581-4705"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
strict-transport-security
max-age=31536000;
expires
Thu, 31 Dec 2037 23:55:55 GMT
fontawesome-webfont.woff2
cdn.jsdelivr.net/fontawesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/fontawesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/fontawesome/4.7.0/css/font-awesome.min.css?ver=4.7.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cdn.jsdelivr.net/fontawesome/4.7.0/css/font-awesome.min.css?ver=4.7.0
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:45 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
2104204
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
x-served-by
cache-fra19175-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"12d68-1vSMun0Hb7by/Wupk6dbncHsvww"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
cf-ray
698a3640e86b2c52-FRA
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:31:40 GMT
x-content-type-options
nosniff
age
373385
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:31:40 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:38:41 GMT
x-content-type-options
nosniff
age
372964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:38:41 GMT
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
2d2ad11e3c1a0fd81bb085050d4b3170beab2964b5b848a5309a6343322e3898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:39:18 GMT
x-content-type-options
nosniff
age
372927
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9776
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:26 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:39:18 GMT
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:40:33 GMT
x-content-type-options
nosniff
age
372852
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9544
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:33 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:40:33 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:27:37 GMT
x-content-type-options
nosniff
age
542828
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Sep 2022 17:27:37 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,500,700,700i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://domclicksberbank.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:31:43 GMT
x-content-type-options
nosniff
age
373382
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:31:43 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150238532-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
819
date
Mon, 04 Oct 2021 00:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 04 Oct 2021 02:01:06 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=776948016&t=pageview&_s=1&dl=https%3A%2F%2Fdomclicksberbank.com%2F&ul=en-us&de=UTF-8&dt=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=171242230&gjid=1125145550&cid=1647336924.1633306486&tid=UA-150238532-2&_gid=1535818029.1633306486&_r=1&gtm=2ou9r0&z=1270436803
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://domclicksberbank.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Oct 2021 00:14:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://domclicksberbank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/ Frame 622C 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210928/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210928/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 03 Oct 2021 23:27:01 GMT
expires
Sun, 17 Oct 2021 23:27:01 GMT
content-type
text/html; charset=UTF-8
etag
297313706323796346
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4617
x-xss-protection
0
age
2865
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/ 		257 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
94cfe0e7f05a53a4381439225e7467af76d1b3e3c7969c04f2fd0756e4b69209
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97122
x-xss-protection
0
server
cafe
etag
2748859267989515757
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 04 Oct 2021 00:14:46 GMT
bq_bg.png
domclicksberbank.com/wp-content/themes/S0587/images/ 		335 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/themes/S0587/images/bq_bg.png
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/wp-content/themes/S0587/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
0bc619aa30ee39097eff199ba49793cae7d05322e95bc5c811701f50cfb53b32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/themes/S0587/images/bq_bg.png
pragma
no-cache
cookie
domclicksberbank-com=type4; _ga=GA1.2.1647336924.1633306486; _gid=GA1.2.1535818029.1633306486; _gat_gtag_UA_150238532_2=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/wp-content/themes/S0587/style.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/wp-content/themes/S0587/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
last-modified
Mon, 15 Mar 2021 10:24:12 GMT
server
nginx/1.20.1
etag
"604f35cc-14f"
strict-transport-security
max-age=31536000;
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
335
expires
Thu, 31 Dec 2037 23:55:55 GMT
1-1.jpg
domclicksberbank.com/wp-content/uploads/2017/10/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/2017/10/1-1.jpg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
36c9b913f2fbba21f1d918543c385e64db02c0112f9b4a88f63c06f4728dddd3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/2017/10/1-1.jpg
pragma
no-cache
cookie
domclicksberbank-com=type4; _ga=GA1.2.1647336924.1633306486; _gid=GA1.2.1535818029.1633306486; _gat_gtag_UA_150238532_2=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-647b"
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
25723
expires
Thu, 31 Dec 2037 23:55:55 GMT
2-1.jpg
domclicksberbank.com/wp-content/uploads/2017/10/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://domclicksberbank.com/wp-content/uploads/2017/10/2-1.jpg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.174.172.74 Amsterdam, Netherlands, ASN21100 (ITLDC-NL, UA),
Reverse DNS
185.174.172.74.node31nl.hyperhost.ua
Software
nginx/1.20.1 /
Resource Hash
55f980f6d19e5c691082b789983f150b9a7a15b22600ab289651359b7f5a5c88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

:path
/wp-content/uploads/2017/10/2-1.jpg
pragma
no-cache
cookie
domclicksberbank-com=type4; _ga=GA1.2.1647336924.1633306486; _gid=GA1.2.1535818029.1633306486; _gat_gtag_UA_150238532_2=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
domclicksberbank.com
referer
https://domclicksberbank.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
last-modified
Mon, 15 Mar 2021 10:24:11 GMT
server
nginx/1.20.1
etag
"604f35cb-826f"
strict-transport-security
max-age=31536000;
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
33391
expires
Thu, 31 Dec 2037 23:55:55 GMT
Helpers.min.js
bazzaro.ru/widgets/js/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/Helpers.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/form/form/key/0882a8.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
42b7611d9a0f99eb75d10672ab064917381e247a0b3d2ba1e5d9e1ef351bdf96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-1503"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5379
Expires
Wed, 03 Nov 2021 00:14:46 GMT
widget.contactform.core.js
bazzaro.ru/widgets/js/ 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/widget.contactform.core.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/form/form/key/0882a8.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
852d0bb5e257a8f01099685bb80d4acb97546f7066a0cc9691c75fb8f2d6ffee

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Sun, 15 Aug 2021 20:48:38 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"61197da6-2fff"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12287
Expires
Wed, 03 Nov 2021 00:14:46 GMT
widget.universal.core.js
bazzaro.ru/widgets/js/ 		71 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/widget.universal.core.js?v=1.2
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widget/init?token=0882a8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ff914bafa643c129574a183ef94c65bee5ba650338f466414177ec842ad2f3d4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Sun, 15 Aug 2021 20:48:38 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"61197da6-11af4"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
72436
Expires
Wed, 03 Nov 2021 00:14:46 GMT
fingerprint2.min.js
bazzaro.ru/widgets/js/ 		29 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/fingerprint2.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/Helpers.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-72e4"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29412
Expires
Wed, 03 Nov 2021 00:14:46 GMT
cookie.js
partner.googleadservices.com/gampad/ 		210 B
664 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=domclicksberbank.com&callback=_gfp_s_&client=ca-pub-4993255470358537
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
dfcfa890ac409226c3ed9ab890a61a67ba0fa0ea3c813d99647377a38f8aa066
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
198
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=domclicksberbank.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 95E3 		88 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
1b9b4014b6a77a04b9389439461c13cd82817dfb47ed8fc414b5bfe99dc34cbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 04 Oct 2021 00:14:46 GMT
server
cafe
content-length
29495
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 04-Oct-2021 00:29:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 04 Oct 2021 00:14:46 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame E400 		68 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
97cfc9897c8223bab2a72f698f76520cd7b6318fd1328e563538fcad06948fec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 04 Oct 2021 00:14:46 GMT
server
cafe
content-length
27798
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 04-Oct-2021 00:29:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 04 Oct 2021 00:14:46 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 52E1 		0
19 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&adk=1812271804&adf=3025194257&lmt=1633306486&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdomclicksberbank.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486161&bpp=1&bdt=359&idt=98&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165%2C660x165&nras=1&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=104
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-4993255470358537&output=html&adk=1812271804&adf=3025194257&lmt=1633306486&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdomclicksberbank.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486161&bpp=1&bdt=359&idt=98&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165%2C660x165&nras=1&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=104
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 04 Oct 2021 00:14:46 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 04-Oct-2021 00:29:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 04 Oct 2021 00:14:46 GMT
cache-control
private
ContactForm.php
bazzaro.ru/widgets/source/form/ Frame BED7 		46 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/widget.contactform.core.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
42c661052744044b71654ca24615b1acaa21ae55812c7f2846626726d370c4ac

Request headers

Host
bazzaro.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://domclicksberbank.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

Server
nginx/1.10.3 (Ubuntu)
Date
Mon, 04 Oct 2021 00:14:46 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
view
googleads4.g.doubleclick.net/pcs/ Frame 4A8B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUvC_PEguT2qJtHZdOOiUB893qL6q_Cr-bujyVF6LN6GbaDPP5uUM6RewKESvMRxHN_SiSKHt7WefCpvkI7kIxjsAPP9H2cd38eEHzTEc-VqjC9YrKapbr317LfLHhQCJ7_8h-d-VzQ6lwc9wQKabGCzqVeNctRFArl2ha1PzRs0EgKxWX4X74a7zT9RBSffsRhE7r5xUcj6gGjhM_ev8pSh8nm4RUD0gu-wUhJvxa-gTGbZiLLZ2_LPbUrpCZsCgZcPLirw3ElmbdL3m1VEErJp9toxGtC9yQLgsW6-Ls48sCkHI7UI0MQDQCj-35ouDwER5SVJhl1uc9Pu-EQXSDUB39nS2WevQqb3SOjE6w8jUq7VaYwQ6iugHgmfe5vpapyapdP3D7vbIeUCwQDcT1hq3LZqw-5Q6LKQFoWm7opJxqMdU5bA4kromqwZztJn_UhM8hhMXSujmjL3xc2tl9nAbG68PoBvkL-F3dLuYXJe03d2KcWUqZ_MV9ABTZk1rBEQ_glUk2A5LbibFU1aLp7QAzaMnW_Ik_iairj-yDkbQAbqHsmGy5ASBTCfyQpTOzWU8bypTgstHVeKc-OkMl5m4ypNojTI6JrmdvoKFBhJhMbFZJUTiSpZWoj2uq_R8LgCJo2jMmCwsr0WAhM7gYWoYX9k7_5nv82NLXnYqazDQeILVMkmJq3QouIDE1id81CPkkEpB2BbbefMtnZtvET7aOesQVwXuf3KM7io0klZNkvx1UelOG5z3nBCaMMlGXWR3lHxeIGYtYciOwwDTTvqFEYNTaY0L9Ynbo2z8qPsj9HCHM9HaC2HnCNivvv6yqR8tzZjZiKKkubTAS4QVYZY3LHFRJtn9S05nvJP3HxSjWFVHc8cyIKYqrFiOul-bpQyLoIfI4B7IVdhHnayz-Y7lPIFpKPpbwfmMo1bdKNhd8BS4eDdllNjM9EzZ1SqAfUU24q6CuV8FpYpI2IFyFD6u02Q&sig=Cg0ArKJSzGXWf7WibzUXEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Mon, 04 Oct 2021 00:14:46 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Mon, 04 Oct 2021 00:14:46 GMT
html_inpage_rendering_lib_200_273.js
s0.2mdn.net/879366/ Frame 4A8B 		169 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
sffe /
Resource Hash
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 11:42:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
45112
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59842
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 20:54:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Oct 2021 11:42:54 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4A8B 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 11:59:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
216890
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 01 Oct 2022 11:59:56 GMT
m_js_controller_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 4A8B 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/m_js_controller_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
1149b4e0fd05ae859746ff5efb3ba8c59a82ec0414e60db64178bee9efde7b52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 21:29:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9894
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12762
x-xss-protection
0
server
cafe
etag
4480342589260282775
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 21:29:52 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 4A8B 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 23:57:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1036
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1358
x-xss-protection
0
server
cafe
etag
15351394696698642166
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 23:57:30 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4A8B 		122 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
server
sffe
etag
"1633087504575570"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Mon, 04 Oct 2021 00:14:46 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 4A8B 		14 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 23:49:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1538
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6194
x-xss-protection
0
server
cafe
etag
2541472377268313288
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 23:49:08 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame 4A8B 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=5340031871&adk=1712380252&adf=1753669107&pi=t.ma~as.5340031871&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486131&bpp=2&bdt=328&idt=114&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&prev_fmts=660x165&correlator=1638273889897&frm=20&pv=1&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=3507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=JBexQMIKg5&p=https%3A//domclicksberbank.com&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:11:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7607
x-xss-protection
0
server
cafe
etag
5036643633216217121
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Oct 2021 00:11:55 GMT
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ Frame BED7 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617
age
16852739
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
83aeb3344168e43783be27f1e929c66d
cf-ray
698a364598914ab0-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame BED7 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bazzaro.ru/
Origin
https://bazzaro.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617, 617
age
14125706
cdn-cachedat
2021-04-23 12:06:55
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
006be4f015ac0c02c96f67d10968147b
cf-ray
698a36459de416ee-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
all.css
pro.fontawesome.com/releases/v5.10.0/css/ Frame BED7 		153 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://bazzaro.ru/
Origin
https://bazzaro.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
age
8323914
x-amz-request-id
TR5KXZ1J94YJ8JJC
x-amz-id-2
57bZSdMasVrSzbqBu3pOSulJAWh0c2ORNZqwxNMK/8qRjpM7OPegGDo219SivAJV8O7c7LSwBMU=
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
server
cloudflare
etag
W/"aa1272633e7e552395d147a499bad186"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
698a364598674a56-FRA
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ Frame BED7 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 19:29:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
535493
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Tue, 27 Sep 2022 19:29:53 GMT
jquery.mask.min.js
cdn.jsdelivr.net/npm/jquery-mask-plugin@1.14.16/dist/ Frame BED7 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery-mask-plugin@1.14.16/dist/jquery.mask.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2104075
x-jsd-version
1.14.16
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19166-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"2087-+5g67NOUDo67/l50yAmc7pIjyVc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
698a36458a1e4ed3-FRA
bootstrap.bundle.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ Frame BED7 		79 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 718, 718
age
14540964
cdn-cachedat
2021-04-18 03:26:15
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
590d8e201344e1a705fb7f8874a0bf0f
cf-ray
698a364598924ab0-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
sha256.js
cdn.jsdelivr.net/npm/jssha@2.3.1/src/ Frame BED7 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jssha@2.3.1/src/sha256.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
372baf2dfb2f7c27c4f9c795ebf5b5f47faa569dccf1cf45cc0823ef6096dfdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2104186
x-jsd-version
2.3.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19177-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"24a9-Sd4ZZoiImSjoTi8w+EebRmGOCbU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
698a36457a1c4ed3-FRA
Helpers.min.js
bazzaro.ru/widgets/js/ Frame BED7 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/Helpers.min.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
42b7611d9a0f99eb75d10672ab064917381e247a0b3d2ba1e5d9e1ef351bdf96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-1503"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5379
Expires
Wed, 03 Nov 2021 00:14:46 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 94A5 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Fri, 01 Oct 2021 11:59:56 GMT
expires
Sat, 01 Oct 2022 11:59:56 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
216890
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fa-solid-900.woff2
pro.fontawesome.com/releases/v5.10.0/webfonts/ Frame BED7 		120 KB
120 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/webfonts/fa-solid-900.woff2
Requested by
Host: pro.fontawesome.com
URL: https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d27aa8bf9677cf4ef12acd7b37afc20f1f661d7c163b929ae9caf103b01fce37

Request headers

Referer
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Origin
https://bazzaro.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
age
8323912
cf-ray
698a3645f8ad4a56-FRA
content-length
123004
x-amz-id-2
4IrUFltuwNNQjom/cW0jbC7Do1O2M2xE76m6lzoMm98YEKZ7IXBV5pL2mIEZv9ZAlj4V65Eyndk=
last-modified
Mon, 28 Jun 2021 16:56:06 GMT
server
cloudflare
etag
"88fd444847dc842d15e229df26571b03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
NX7G7K7GRVVE3ZHG
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
1.png
bazzaro.ru/consultant/images/people/ Frame BED7 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/consultant/images/people/1.png
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4c869e1a8d703de9ebc3e6210ad7f8dd1a96f5ecb67a0a241ba869e82829f855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bazzaro.ru/widgets/source/form/ContactForm.php?fingerprint=7d1d884980fef4efed2ca3eb8edec3c0&name=&phone=&color=%236aa84f&header1=%D0%90%D0%BD%D0%B4%D1%80%D0%B5%D0%B9%20%D0%9F%D0%B5%D1%82%D1%80%D0%BE%D0%B2&header2=%D0%AE%D1%80%D0%B8%D1%81%D1%82-%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82&topic=%D0%94%D0%BE%D0%BC%D0%9A%D0%BB%D0%B8%D0%BA%20%D0%B2%D1%85%D0%BE%D0%B4%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82&key=0882a8&host=https%3A%2F%2Fbazzaro.ru&photo=%2Fconsultant%2Fimages%2Fpeople%2F1.png&title=%D0%97%D0%B0%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D1%8E%D1%80%D0%B8%D1%81%D1%82%D1%83%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&referer=https%3A%2F%2Fdomclicksberbank.com%2F&demo=false&from=false&mobile=0&widget=3&v=1.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:46 GMT
Last-Modified
Thu, 16 May 2019 13:58:45 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5cdd6c95-3c6a"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15466
Expires
Wed, 03 Nov 2021 00:14:46 GMT
truncated
/ Frame 4A8B 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de1d39faded96cb8edee2539de45b3637c45bad94644b94913e1914200e56184

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/ Frame D155 		11 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
sffe /
Resource Hash
9cb79e5b8b8f712dcae87b1cc259648c8b42a3f7c3b43d8e30b00b9db118dd33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
content-length
2975
date
Mon, 04 Oct 2021 00:14:46 GMT
expires
Tue, 05 Oct 2021 00:14:46 GMT
cache-control
public, max-age=86400
last-modified
Wed, 07 Apr 2021 18:37:48 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 95E3 		4 KB
619 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.138 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f10.1e100.net
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 03 Oct 2021 23:15:36 GMT
server
ESF
date
Mon, 04 Oct 2021 00:14:46 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Mon, 04 Oct 2021 00:14:46 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 95E3 		1 KB
879 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:12:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
121
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
852
x-xss-protection
0
server
cafe
etag
14170629819630813772
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Oct 2021 00:12:45 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame 95E3 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:11:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7607
x-xss-protection
0
server
cafe
etag
5036643633216217121
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Oct 2021 00:11:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 95E3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 23:57:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1036
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1358
x-xss-protection
0
server
cafe
etag
15351394696698642166
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 23:57:30 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 95E3 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
server
sffe
etag
"1633087504575570"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Mon, 04 Oct 2021 00:14:46 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 95E3 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
cafe /
Resource Hash
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 23:49:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1538
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6194
x-xss-protection
0
server
cafe
etag
2541472377268313288
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Oct 2021 23:49:08 GMT
a05f1579543550f3e279366fb116adbd.js
www.gstatic.com/mysidia/ Frame 95E3 		27 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/a05f1579543550f3e279366fb116adbd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
sffe /
Resource Hash
6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 17:50:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23027
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11147
x-xss-protection
0
last-modified
Tue, 28 Sep 2021 01:21:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="mysidia"
expires
Sat, 01 Jan 2022 17:50:59 GMT
B24712180.284297937;dc_pre=CPvG1Oe8r_MCFVWYdwod3YkBvw;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/ Frame 95E3
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;...
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_pre=CPvG1Oe8r_MCFVWYdwod3YkBvw;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_chil...
42 B
63 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_pre=CPvG1Oe8r_MCFVWYdwod3YkBvw;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Oct 2021 00:14:46 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Oct 2021 00:14:46 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B24712180.284297937;dc_pre=CPvG1Oe8r_MCFVWYdwod3YkBvw;dc_trk_aid=477953435;dc_trk_cid=138850023;ord=20671030;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 95E3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CFcfhdkdaYc2nEZeU7_UPp_um2A2qiOumY6m1kf-6DYXdo6fZAhABIK2v40hgycapi8Ck2A-gAaSH-IMDyAEGqAMByAPLBKoEyQFP0HB1mU7YvpCujZNBoIm17tYesyfdJATVyc3ybL4GeOERnid0o0RdaBGvrQmNYXZH09tztDGxSTeUIkP01Mgw3xR93IGa3xEzqOuO-lqNQ5SnNJ1byHIQkXoaX8WOcfzEhqcO_B-0TNeqeJGtkrqQBOenQP0JTL32RPrYRomQFxGFfqm23kistKb9TJa6hXMyz_eTziiq2QTY8pCkiJyTfhwtQB1gIodpMlhUAKv11vSrWlXnzRK0o4C_pL7M-y9dQBctveNeOMHABN6BsqmTA5IFBAgEGAGSBQQIBRgEoAY3gAfE-Id8qAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAfIHBBDy1DXSCAcIgGEQARhfgAoByAsB2BMNiBQD0BUBmBYBgBcBshccChoIABIUcHViLTQ5OTMyNTU0NzAzNTg1MzcYAA&sigh=ep0g1iNRAPw&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Mon, 04 Oct 2021 00:14:46 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
pagead2.googlesyndication.com/bg/ Frame 94A5 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 20:20:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
14067
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13343
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 10:18:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Mon, 03 Oct 2022 20:20:19 GMT
Enabler_01_245.js
s0.2mdn.net/879366/ Frame D155 		110 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
sffe /
Resource Hash
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 06:38:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
63387
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38568
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:54 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Oct 2021 06:38:19 GMT
spokeo_logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/ Frame D155 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/spokeo_logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
sffe /
Resource Hash
b0e78b1a206c2df3d2cc6ad444a9e5c67a2f325f2602d9e2beec7270fed00de9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 05:25:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Apr 2021 18:37:48 GMT
server
sffe
age
67739
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2133
x-xss-protection
0
expires
Mon, 04 Oct 2021 05:25:47 GMT
MuseoSans_700.woff2
s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/ Frame D155 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/MuseoSans_700.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f166.1e100.net
Software
sffe /
Resource Hash
1717c223ecf044a0ac6a67c5b3d1e8e61abf6b71508bf322bb41c3fc4e0055ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/ads/richmedia/studio/pv2/61759332/20210407113748313/Banner_Dark_970x250/index.html?e=69&leftOffset=0&topOffset=0&c=9BTujMUtKc&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 05:25:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Apr 2021 18:37:48 GMT
server
sffe
age
67739
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18168
x-xss-protection
0
expires
Mon, 04 Oct 2021 05:25:47 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame D155 		6 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
0eb479fa1ee0a54dc2902e9d8f57eb28b67d5fc6cc4e43bd7cce742b0b4ffabd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4342
x-xss-protection
0
downsize_200k_v1
tpc.googlesyndication.com/simgad/9420354329090741528/ Frame 95E3 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9420354329090741528/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
06f72cca401ae3e1275fb7e0dcff6e8f029ba86c18fff2b0d0a3e77192a5ffdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:47 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14011
x-xss-protection
0
last-modified
Wed, 17 Feb 2021 23:04:05 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 04 Oct 2022 00:14:47 GMT
truncated
/ Frame 95E3 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5530b65a517dc27a3ec0d8f034668c1a91567215ade8c17eb4919875ac6523ad

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D155 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Mon, 04 Oct 2021 00:14:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 95E3 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:27:37 GMT
x-content-type-options
nosniff
age
542830
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Sep 2022 17:27:37 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 95E3 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:38:41 GMT
x-content-type-options
nosniff
age
372966
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:38:41 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 95E3 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 16:31:43 GMT
x-content-type-options
nosniff
age
373384
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Sep 2022 16:31:43 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 94A5 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTkuQdkdaYbalEZuB7_UP14S1sAsAAAAAOAHgBAI&bg=!LC-lL2vNAAZE-GIIRPg7ACkAdvg8WsaDNin3SXrrLGOD8newvLu4KZ-QIAQAAfZr8r3OkgzejOwTbAIAAAB2UgAAACZoAQeZAyDLpdn7b7W4PLY_Io4B3q8-EOfuHooVCRFOhqPrTx8cMrZ0T03YlARejbVLftB2udYMmBKQ1WqvURdj2gOCq6jT2VkNmHErtdOshsUd2_KOo-0JXtrsNchv8N2y2RudEIRccuvXqKrHG-cRhHn5dC6b_b3hV2mT7juEEOy1rII82uu6WLPYiztQMmk2cvovBtObdP2B4yAv3Uj_eQkQXZp8QGzRaG779Q8Pb_VKe_4YiG9GGQlda4OPR5ZB4862yis3kqZNHYMZWoT6gTDtwUqCGlDZdkr38zlOLFB0hLOuoGIN9J398zigFlxBVp_Y85xuPGdLsIkanPGOV_O2_nfQitLOmrVCN4sBHPfCsOuXnc7eLqJc4FBVQj2avvW7AdkJWvEmkRgRaP2ZCaXDQyceQUuohLyFi599p_nV57LUfZ_8m0OyQeYlG7TyavjJ_bJ9iOTcN0jycL87pP5nftSL68d0G9nLY7QNrljZNphxcBaA7uCkp0ktRJE2RoK_e4dlCnPxTnkhgHorcN83fSc9ZqSjmGoSHWidBSzWgrMJATFcChKQWyfvAicqZZbjoxapkvvR543YkFL6Xqsxlgr1ahqGwCHOeR4D875cUlptBRBGOz0NXwbcycl6DWGMDjR67Xf-uGSeVbc4m1H3gUcp2bN3ovme6as6KmiRkp3DibSbgHwskwnsAAlSpW3Iqh1m9gwd5GJ7Pr4iKfx3aoZgtuVViVrHd9PANL1OM0oiA4Srysx30OFtZiIT4V7u5d1QArokQbtCmoak1o_yfRjjH-fMQOQlNN49M2lZ1nd41nHrTgCcr7xh-3SroGvlQ5uqKUMpPzK2KBbvct9mj75elxiF_jsHxGCo4GfBKQQRZg1DLs_SyWIzm4CAqIK_dE1A-S0nRZAPEaKpRUNgp1di6r5ohn940YvreftZcre75B0ZX194qu0aYk4IcSlRptcetTPtD_0b15R7E65nVgexH8El7Ddn4MXsjfYGvx_hMbcDc8mh-BV7Ot-x5e8MoyJswoADcbZS5dohKEM-Z2XlR3gWl8UybWWk-f9TyiuC8g
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Oct 2021 00:14:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
pagead2.googlesyndication.com/bg/ Frame 9F55 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 20:20:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
14068
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13343
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 10:18:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Mon, 03 Oct 2022 20:20:19 GMT
widget.webcall.core.js
bazzaro.ru/widgets/js/ 		63 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/widget.webcall.core.js?v=1.23
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/Helpers.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
51596bef36fe84ca7fd3419df68b12e8b37e2908472054e10fa55b0dfc8a86a8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Tue, 30 Mar 2021 08:22:03 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"6062dfab-fd52"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
64850
Expires
Wed, 03 Nov 2021 00:14:47 GMT
/
api.sypexgeo.net/json/ 		0
0
chatTmpl.template
bazzaro.ru/widgets/source/universal/ 		24 KB
25 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/universal/chatTmpl.template?v=1.23
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/widget.universal.core.js?v=1.2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
8cc96c29e54bbbb412bbde833e9b036af0baecf780b6383cb42951cc59b3d674

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Sun, 15 Aug 2021 20:48:38 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"61197da6-61e3"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25059
Expires
Wed, 03 Nov 2021 00:14:47 GMT
sha256.js
cdn.jsdelivr.net/npm/jssha@2.3.1/src/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jssha@2.3.1/src/sha256.js
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/Helpers.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
372baf2dfb2f7c27c4f9c795ebf5b5f47faa569dccf1cf45cc0823ef6096dfdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2104187
x-jsd-version
2.3.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19177-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"24a9-Sd4ZZoiImSjoTi8w+EebRmGOCbU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
698a3647ebdc4ed3-FRA
widget.popup.core.js
bazzaro.ru/widgets/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/js/widget.popup.core.js?v=1.23
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/Helpers.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
945cc871f3f57897b15bbb1e29674aeda58914d46ac2f8f11d7e2384831e39f1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Tue, 30 Mar 2021 08:22:03 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"6062dfab-26ad"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9901
Expires
Wed, 03 Nov 2021 00:14:47 GMT
notification.mp3
bazzaro.ru/widgets/source/universal/sounds/ 		4 KB
4 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/universal/sounds/notification.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f8c8cfbd54ff27e4f7857c5831bd4a04dc1255f391d848f2d471a3658594f470

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-107b"
Content-Type
audio/mpeg
Content-Range
bytes 0-4218/4219
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
4219
Expires
Wed, 03 Nov 2021 00:14:47 GMT
sent.mp3
bazzaro.ru/widgets/source/universal/sounds/ 		15 KB
16 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/universal/sounds/sent.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
45dcc5d459a09c55279864fda1fd4661c0b629bc37f938a8865de1c3369ffbc9

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-3d08"
Content-Type
audio/mpeg
Content-Range
bytes 0-15623/15624
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
15624
Expires
Wed, 03 Nov 2021 00:14:47 GMT
truncated
/ 		786 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63c7580272a4ea075959ae4d984281115c0c63c21a1b3950617e44788a772d47

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
pagead2.googlesyndication.com/bg/ Frame 0B48 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4993255470358537&output=html&h=165&slotname=3507117597&adk=2449509665&adf=2149330098&pi=t.ma~as.3507117597&w=660&fwrn=4&lmt=1633306486&rafmt=11&psa=0&format=660x165&url=https%3A%2F%2Fdomclicksberbank.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633306486119&bpp=11&bdt=317&idt=106&shv=r20210928&mjsv=m202109270101&ptt=9&saldr=aa&abxe=1&correlator=1638273889897&frm=20&pv=2&ga_vid=1647336924.1633306486&ga_sid=1633306486&ga_hid=776948016&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=300&ady=2357&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C182982300&oid=2&pvsid=2758018889469949&pem=302&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=ODlIsVW9X3&p=https%3A//domclicksberbank.com&dtd=121
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 20:20:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
14068
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13343
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 10:18:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Mon, 03 Oct 2022 20:20:19 GMT
1.png
bazzaro.ru/consultant/images/people/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/consultant/images/people/1.png
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4c869e1a8d703de9ebc3e6210ad7f8dd1a96f5ecb67a0a241ba869e82829f855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Thu, 16 May 2019 13:58:45 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5cdd6c95-3c6a"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15466
Expires
Wed, 03 Nov 2021 00:14:47 GMT
style.min.css
bazzaro.ru/widgets/source/universal/css/ 		20 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/universal/css/style.min.css?v=1.23
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a146ba46d84fcc80506c003d5dfd54150ba9f9d759a481ac7f98f1f6c3bef1ed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Sun, 15 Aug 2021 20:48:38 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"61197da6-5051"
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20561
Expires
Wed, 03 Nov 2021 00:14:47 GMT
close-icon.png
bazzaro.ru/widgets/source/universal/assets/ 		289 B
640 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/widgets/source/universal/assets/close-icon.png
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a64593d08f37933fe865ead3faf279423f21f5b29f0626dd1983292477777a2e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-121"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
289
Expires
Wed, 03 Nov 2021 00:14:47 GMT
logo-no-bg.svg
bazzaro.ru/widgets/source/universal/assets/ 		748 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/widgets/source/universal/assets/logo-no-bg.svg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
269932bf199b7d82936dd284b15a2eaca1fa13f4f788f99e110dced1e1919051

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-2ec"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
748
Expires
Wed, 03 Nov 2021 00:14:47 GMT
phone-icon.svg
bazzaro.ru/widgets/source/universal/assets/ 		374 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/widgets/source/universal/assets/phone-icon.svg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
cea32718c2e4c1e798aada41082d5cbecf4906e71a4eb0194c33d42d4a167ed5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-176"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
374
Expires
Wed, 03 Nov 2021 00:14:47 GMT
chat-icon.svg
bazzaro.ru/widgets/source/universal/assets/ 		862 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/widgets/source/universal/assets/chat-icon.svg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
534149f64a2c6a06336fdbed7148a2c6aa6e9e709d9f8538af9170a3686e31f9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-35e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
862
Expires
Wed, 03 Nov 2021 00:14:47 GMT
send-icon.svg
bazzaro.ru/widgets/source/universal/assets/ 		333 B
688 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/widgets/source/universal/assets/send-icon.svg
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
adf982c8ca898c3a7553b6cc4b1b56a51ba6f4a799acb8107d4e39526cd212af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-14d"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
333
Expires
Wed, 03 Nov 2021 00:14:47 GMT
style.min.css
bazzaro.ru/widgets/source/webcall/css/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/css/style.min.css?v=1.23
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/widget.webcall.core.js?v=1.23
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
5f57f4556b101ba3ccf89aac0de9be4fcd02662caadf0529c6ba4c158e373557

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5f9fd622-1bcc"
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7116
Expires
Wed, 03 Nov 2021 00:14:47 GMT
long_good.mp3
bazzaro.ru/widgets/source/webcall/sounds/ 		52 KB
52 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/sounds/long_good.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
bcfd44c7bb12e811768a54f323634a329216ee89d1507c7a312754fff349c641

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-d056"
Content-Type
audio/mpeg
Content-Range
bytes 0-53333/53334
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
53334
Expires
Wed, 03 Nov 2021 00:14:47 GMT
connecting.mp3
bazzaro.ru/widgets/source/webcall/sounds/ 		38 KB
38 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/sounds/connecting.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
5b9605fa8a206c2a6375a0e5e2fbe15d600ff08825c6f29651752ec911efdf92

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-9740"
Content-Type
audio/mpeg
Content-Range
bytes 0-38719/38720
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
38720
Expires
Wed, 03 Nov 2021 00:14:47 GMT
hangup.mp3
bazzaro.ru/widgets/source/webcall/sounds/ 		12 KB
13 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/sounds/hangup.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
436a7b49a04802600b393875b1ed81abfe08bc7bdb881872d5f46f5ce3aac3d0

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-317a"
Content-Type
audio/mpeg
Content-Range
bytes 0-12665/12666
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
12666
Expires
Wed, 03 Nov 2021 00:14:47 GMT
error.mp3
bazzaro.ru/widgets/source/webcall/sounds/ 		24 KB
24 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/sounds/error.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
3ff9204791b12c759cb281f03aca28bdaec09baa1ff26ffe43fc29b869f3559f

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-6002"
Content-Type
audio/mpeg
Content-Range
bytes 0-24577/24578
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
24578
Expires
Wed, 03 Nov 2021 00:14:47 GMT
autoanswer.mp3
bazzaro.ru/widgets/source/webcall/sounds/ 		63 KB
63 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/webcall/sounds/autoanswer.mp3
Requested by
Host: domclicksberbank.com
URL: https://domclicksberbank.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
c556e4d7c80ab1cd7924b06b6fe2402de4243d64027a750bc57cee1b7a098a5b

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:47 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-fa4a"
Content-Type
audio/mpeg
Content-Range
bytes 0-64073/64074
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
64074
Expires
Wed, 03 Nov 2021 00:14:47 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210928&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
5b1c381667a3a81d161b848d59b9fa36b85155984e64e93fe559eba1aef03384
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 04 Oct 2021 00:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8534
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109270101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 04 Oct 2021 00:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Mon, 04 Oct 2021 00:14:48 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 42B2 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f97.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sun, 03 Oct 2021 22:17:46 GMT
expires
Mon, 03 Oct 2022 22:17:46 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
7022
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 9D8C 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f4.1e100.net
Software
GSE /
Resource Hash
b6f10f0a42899b74e62d833a9037899380bbd000a2ad425977c4b8f0962fccd5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6AfFXIX7PcrraHMkxL3fww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://domclicksberbank.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Mon, 04 Oct 2021 00:14:48 GMT
date
Mon, 04 Oct 2021 00:14:48 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-6AfFXIX7PcrraHMkxL3fww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
pagead2.googlesyndication.com/bg/ Frame 42B2 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
sffe /
Resource Hash
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 20:20:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
14069
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13343
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 10:18:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Mon, 03 Oct 2022 20:20:19 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9D8C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210928&jk=2758018889469949&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210928&jk=2758018889469949&bg=!e3ileDzNAAZE-GIIRPg7ACkAdvg8WiH2_lojBbKKDNGtPZAnR9rAv529b6qiX54Hb4SurnTuBWLY-AIAAABTUgAAAAxoAQcKAFZO8J_LpJQ28R-Q0Sw5Gt6DvrjfNMMAWc_MRJKZnQZOswGbV_aSqgpYh6xLzHMAm26nXo1gyA0ks1qHTV91bCTriu3sDKYFzibEv7wgdwfcnQc32KDDnpkCygH-qxxDDltep67I0uFzNPVbrcbz_vAwNn4L3dGe4nODFenIWKTBpD9u1AAdenoCVglD6_ZmBNQY0Gt3CFqUtjXhb7n5W5iYhmY5TCWk3Dn5bTMObx-kIs1PLVF8eEq_QrxXzS4e0HkeY8tkCLowuQ3iY04NHsmoiTt_eGxBkaNyBvjhoo4dZSuZAGr06WhJJ-g8tCU4YJeP66bJB1iWrMAazEhkAge5_dlh6O_dH4Ok0Xqos2s9kb2xNZkeuQTZnhG6bOqbkSkvBD_TzkRmmG5bMHOoMj5ukwg6S3yR0p2JJLOcIe9fgnB-v8XoElBLVmbH0XBDNVbKIQZo_x61SJzPNCGStd_8_TIv9BhM0yn9gRNMIzM0gR9RsoN2Mt-lE9lKfGG6ujmaoHOqibvrlNZpXd3QlF2gaB47vgRXMLWI51n0t_t4HyuPvpXC-rdmUXhFD7nAx2M_hRZDWqolV0BAvX5vSaOhjUZY7j4GQBS4aBYN0Dmo742_OWgBA426SVqSGYHechYO1oVqPTl126MQNV2O3Eu2gDj5sX46gg3_r2IHiFbyG0ITgqCHGMAflIh3BDsWxFNPitx_dLk2ASzHm5dBQsLMTl9D36z8Azqx5HekXqHeR1EObWRI3Fj_oANZBzCF6hfJthBhSo-j7aLtzHhXpgezdsypBCjnOtqKboZBe5LS4KSuF08Uw2YluHvOWzPNab7SffKa0SI_3QeuSsYARcAsdMT529mugSO3Tb5cAzXjSMIYsbsP-RQenzPM4RjoHRQ5ApZ7MNHpj8UpM5oTsiV4cCVqSAvzVt4VgYVRGLGgF_owCqL5A6EU2RSaiM33c2yfVmrae34f3QC0HTodZVAputPcevS9z3z5dz1lqzy5ciV1fcXBBQPAbpa_PR-ZGvHzeI3whvsb4k8wqeyKg7INDI8p6nlfrrFrIvFxMvevhkzSkw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
1.png
bazzaro.ru/consultant/images/people/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bazzaro.ru/consultant/images/people/1.png
Requested by
Host: bazzaro.ru
URL: https://bazzaro.ru/widgets/js/widget.universal.core.js?v=1.2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4c869e1a8d703de9ebc3e6210ad7f8dd1a96f5ecb67a0a241ba869e82829f855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://domclicksberbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 04 Oct 2021 00:14:51 GMT
Last-Modified
Thu, 16 May 2019 13:58:45 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5cdd6c95-3c6a"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15466
Expires
Wed, 03 Nov 2021 00:14:51 GMT
notification.mp3
bazzaro.ru/widgets/source/universal/sounds/ 		4 KB
4 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://bazzaro.ru/widgets/source/universal/sounds/notification.mp3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.63.158.127 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
bazzarobot.ru
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f8c8cfbd54ff27e4f7857c5831bd4a04dc1255f391d848f2d471a3658594f470

Request headers

Referer
https://domclicksberbank.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 04 Oct 2021 00:14:51 GMT
Last-Modified
Mon, 02 Nov 2020 09:49:22 GMT
Server
nginx/1.10.3 (Ubuntu)
Access-Control-Allow-Origin
*
ETag
"5f9fd622-107b"
Content-Type
audio/mpeg
Content-Range
bytes 0-4218/4219
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
4219
Expires
Wed, 03 Nov 2021 00:14:51 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.sypexgeo.net
URL
http://api.sypexgeo.net/json/

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| onbeforexrselect boolean| originAgentCluster function| gtag object| dataLayer object| _wpemojiSettings object| append_link function| addLink function| $ function| jQuery object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| twemoji object| wp object| gaplugins object| gaGlobal object| gaData object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint function| bazzaroForm object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| tocplus object| jQuery1111027410283907394595 object| LVM function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages function| Fingerprint2 object| bazzaroOptions object| googletag boolean| bazzaroWidgetAfterLoaded function| jsSHA function| bzrTriggerCall function| bzrTriggerMessage function| bzrTriggerClose function| bzrTriggerWidget object| GoogleGcLKhOms object| google_image_requests

8 Cookies

Domain/Path Name / Value
www.domclicksberbank.com/ Name: domclicksberbank-com
Value: type4
domclicksberbank.com/ Name: domclicksberbank-com
Value: type4
.domclicksberbank.com/ Name: _ga
Value: GA1.2.1647336924.1633306486
.domclicksberbank.com/ Name: _gid
Value: GA1.2.1535818029.1633306486
.domclicksberbank.com/ Name: _gat_gtag_UA_150238532_2
Value: 1
.domclicksberbank.com/ Name: __gads
Value: ID=5461603de639b887-2287f77ae4ca0040:T=1633306486:RT=1633306486:S=ALNI_MaXHSoUMaBCq7RDR-xsFWKoJbAs3w
.doubleclick.net/ Name: IDE
Value: AHWqTUlURFqM6fjHysDcrdT2Vg3Syvl0sdNY8wdbr42btNKNnmIzcWzY-a0BKi9o2Tw
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

1 Console Messages

Source Level URL
Text
security error URL: https://bazzaro.ru/widgets/js/widget.universal.core.js?v=1.2(Line 1305)
Message:
Mixed Content: The page at 'https://domclicksberbank.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.sypexgeo.net/json/'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
ajax.googleapis.com
api.sypexgeo.net
bazzaro.ru
cdn.jsdelivr.net
domclicksberbank.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
partner.googleadservices.com
pro.fontawesome.com
s0.2mdn.net
stackpath.bootstrapcdn.com
tpc.googlesyndication.com
www.domclicksberbank.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
api.sypexgeo.net
104.16.85.20
104.18.10.207
104.18.11.207
104.18.23.52
142.250.181.230
142.250.181.234
142.250.184.226
142.250.185.100
142.250.185.162
142.250.185.194
142.250.185.195
142.250.186.46
142.250.186.66
142.250.186.67
142.250.74.200
172.217.18.97
172.217.23.98
185.174.172.74
216.58.212.138
216.58.212.166
5.63.158.127
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
053508cc4ed1acf7db8ed96deca42ffebfa1669c5cecd62f4415b926d07b5aaa
056c8f1585c0f27d46a6b6b1cc6673f44478345a0752e8e7a68b238dc3a1b42a
06f72cca401ae3e1275fb7e0dcff6e8f029ba86c18fff2b0d0a3e77192a5ffdf
0bc619aa30ee39097eff199ba49793cae7d05322e95bc5c811701f50cfb53b32
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0eb479fa1ee0a54dc2902e9d8f57eb28b67d5fc6cc4e43bd7cce742b0b4ffabd
1149b4e0fd05ae859746ff5efb3ba8c59a82ec0414e60db64178bee9efde7b52
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1717c223ecf044a0ac6a67c5b3d1e8e61abf6b71508bf322bb41c3fc4e0055ee
1b9b4014b6a77a04b9389439461c13cd82817dfb47ed8fc414b5bfe99dc34cbf
23cd1a1f5a25a43d06063f6b12c5c364fe94bca0cf2261ade2a84d064d8b6be2
269932bf199b7d82936dd284b15a2eaca1fa13f4f788f99e110dced1e1919051
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
2a0e1d014a89ba07573468edf51c26a04a1f6b9c6347718f3be5d2816af12829
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d2ad11e3c1a0fd81bb085050d4b3170beab2964b5b848a5309a6343322e3898
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
36c9b913f2fbba21f1d918543c385e64db02c0112f9b4a88f63c06f4728dddd3
372baf2dfb2f7c27c4f9c795ebf5b5f47faa569dccf1cf45cc0823ef6096dfdc
3ff9204791b12c759cb281f03aca28bdaec09baa1ff26ffe43fc29b869f3559f
42b7611d9a0f99eb75d10672ab064917381e247a0b3d2ba1e5d9e1ef351bdf96
42c661052744044b71654ca24615b1acaa21ae55812c7f2846626726d370c4ac
436a7b49a04802600b393875b1ed81abfe08bc7bdb881872d5f46f5ce3aac3d0
45dcc5d459a09c55279864fda1fd4661c0b629bc37f938a8865de1c3369ffbc9
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
49ec942e7c32092c29f19e4c147f0665c3b2d6bf38170460686916c034ebd4b8
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19
4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f
4c869e1a8d703de9ebc3e6210ad7f8dd1a96f5ecb67a0a241ba869e82829f855
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51596bef36fe84ca7fd3419df68b12e8b37e2908472054e10fa55b0dfc8a86a8
534149f64a2c6a06336fdbed7148a2c6aa6e9e709d9f8538af9170a3686e31f9
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5530b65a517dc27a3ec0d8f034668c1a91567215ade8c17eb4919875ac6523ad
55f980f6d19e5c691082b789983f150b9a7a15b22600ab289651359b7f5a5c88
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5b1c381667a3a81d161b848d59b9fa36b85155984e64e93fe559eba1aef03384
5b9605fa8a206c2a6375a0e5e2fbe15d600ff08825c6f29651752ec911efdf92
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5f57f4556b101ba3ccf89aac0de9be4fcd02662caadf0529c6ba4c158e373557
63c7580272a4ea075959ae4d984281115c0c63c21a1b3950617e44788a772d47
6a81446c7f1e10ed630bd5f70b08723e66f5b073e6b14cd61868fa05e0492ed5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820
6f52e612d885bbfb5d970865db6b8ae5c5c01ccf0cf262d8f5648104c7790fe3
74f8c5b45107d800cb37a7a1c857c8d55a17cf92a2deddd3adc78fcec24c5a4c
7731d577c5dfa5f38e9bf82dedae51174c9ddd4d3d4668eea9d1e51d6ce13d66
7759d787323b780f4e67c416f8b796f67e4b67b7089b9a1d46f03d9e820c9a60
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7e7465522a8ffd4f77f9995c8f89b72eba8ebb9a06741777f62593bd5d9aa713
819f3743fab5d34f03a2ce23474ba89c0ff7aa8a22c53ece088e54f7bedd0aa8
852d0bb5e257a8f01099685bb80d4acb97546f7066a0cc9691c75fb8f2d6ffee
867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f
8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6
8cc96c29e54bbbb412bbde833e9b036af0baecf780b6383cb42951cc59b3d674
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
945cc871f3f57897b15bbb1e29674aeda58914d46ac2f8f11d7e2384831e39f1
94cfe0e7f05a53a4381439225e7467af76d1b3e3c7969c04f2fd0756e4b69209
95ca1b389822fdfd215870407e281b590777c7b2a7265b5226ce3bbf01e59044
97cfc9897c8223bab2a72f698f76520cd7b6318fd1328e563538fcad06948fec
9b23db8337c1afba4042c7527a499863f454f3709916c3abb7c65d373af04245
9cb79e5b8b8f712dcae87b1cc259648c8b42a3f7c3b43d8e30b00b9db118dd33
a146ba46d84fcc80506c003d5dfd54150ba9f9d759a481ac7f98f1f6c3bef1ed
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a64593d08f37933fe865ead3faf279423f21f5b29f0626dd1983292477777a2e
a95b8245eac029e48d83ca01f79dc362c3ab820fd87f3793a95776a18ce30878
adf982c8ca898c3a7553b6cc4b1b56a51ba6f4a799acb8107d4e39526cd212af
b0e78b1a206c2df3d2cc6ad444a9e5c67a2f325f2602d9e2beec7270fed00de9
b1730289ee994a39aaff1b676f8b5895396e6f4abf56e909c4f0fd5b5140a2f1
b6f10f0a42899b74e62d833a9037899380bbd000a2ad425977c4b8f0962fccd5
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bcfd44c7bb12e811768a54f323634a329216ee89d1507c7a312754fff349c641
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c53f6d53cf07309e139b53452a38c4fcbc9420cdf57be69390ae56239c475fa1
c556e4d7c80ab1cd7924b06b6fe2402de4243d64027a750bc57cee1b7a098a5b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cea32718c2e4c1e798aada41082d5cbecf4906e71a4eb0194c33d42d4a167ed5
cf7199ce1394d349212173ef3e0b404d98d03949f1391dc3dc97b03ea415696b
d27aa8bf9677cf4ef12acd7b37afc20f1f661d7c163b929ae9caf103b01fce37
da26635ccf84d6b4d8e5eeb47d055c31b661092e4c6c2a3e2db9b8c39d03e9d6
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
de1d39faded96cb8edee2539de45b3637c45bad94644b94913e1914200e56184
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfcfa890ac409226c3ed9ab890a61a67ba0fa0ea3c813d99647377a38f8aa066
e164a68111abdcba0b2ba6f044e531b79d896ec28ee1baf96432aa99d82e38fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eafe160c631fe12e8295a70b1f984d23fe9a988f47c3768683927c69554e6b0e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f66014b31a4c97feeaff3ef85f679190e0e59a9f3832645058cdd1694a09e8cb
f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8c8cfbd54ff27e4f7857c5831bd4a04dc1255f391d848f2d471a3658594f470
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff914bafa643c129574a183ef94c65bee5ba650338f466414177ec842ad2f3d4