citycard.ru Open in urlscan Pro
5.8.181.26 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.telekom-rt.online/
Effective URL:
https://citycard.ru/telecom/310.5657/rostelekom
Submission: On December 25 via api (December 25th 2019, 5:40:51 am UTC) from DE

Summary HTTP 74 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 13 IPs in 5 countries across 14 domains to perform 74 HTTP transactions. The main IP is 5.8.181.26, located in Russian Federation and belongs to CROC_INC, RU. The main domain is citycard.ru.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on January 22nd 2018. Valid for: 3 years.

This is the only time citycard.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	87.236.16.109 87.236.16.109	198610 (BEGET-AS) (BEGET-AS)
44	5.8.181.26 5.8.181.26	51219 (CROC_INC) (CROC_INC)
1	217.73.63.221 217.73.63.221	51219 (CROC_INC) (CROC_INC)
1	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81e::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
9	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 5	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
4	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	87.240.190.78 87.240.190.78	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	217.20.152.207 217.20.152.207	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
74	13

1 87.236.16.109 (Russian Federation) 1 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.rayman.beget.com

www.telekom-rt.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 5.8.181.26 (Russian Federation)

ASN51219 (CROC_INC, RU)
PTR: c2-5-8-181-26.elastic.cloud.croc.ru

citycard.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.73.63.221 (Russian Federation)

ASN51219 (CROC_INC, RU)
PTR: storage.cloud.croc.ru

storage.cloud.croc.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.72.113 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

p3.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.190.78 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv78-190-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.20.152.207 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip207.152.odnoklassniki.ru

connect.ok.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	citycard.ru citycard.ru	870 KB
9	google-analytics.com www.google-analytics.com	19 KB
5	yandex.ru 1 redirects mc.yandex.ru	43 KB
4	google.com www.google.com	688 B
1	ok.ru connect.ok.ru	1 KB
1	facebook.com graph.facebook.com	535 B
1	vk.com vk.com	321 B
1	gstatic.com www.gstatic.com	91 KB
1	doubleclick.net stats.g.doubleclick.net	124 B
1	googletagmanager.com www.googletagmanager.com	27 KB
1	zdassets.com p3.zdassets.com	5 KB
1	croc.ru storage.cloud.croc.ru	5 KB
1	telekom-rt.online 1 redirects www.telekom-rt.online	130 B
0	google.de Failed www.google.de Failed
74	14

	Domain	Requested by
44	citycard.ru	citycard.ru
9	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com citycard.ru
5	mc.yandex.ru	1 redirects citycard.ru
4	www.google.com	citycard.ru www.gstatic.com
1	connect.ok.ru	citycard.ru
1	graph.facebook.com	citycard.ru
1	vk.com	citycard.ru
1	www.gstatic.com	www.google.com
1	stats.g.doubleclick.net	citycard.ru
1	www.googletagmanager.com	citycard.ru
1	p3.zdassets.com	citycard.ru
1	storage.cloud.croc.ru	citycard.ru
1	www.telekom-rt.online	1 redirects
0	www.google.de Failed	citycard.ru
74	14

This site contains links to these domains. Also see Links.

Domain
www.qualys.com
www.moneta.ru
support.citycard.ru
vk.com
www.facebook.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
citycard.ru COMODO RSA Domain Validation Secure Server CA	`2018-01-22` - `2021-02-18`	3 years	crt.sh
*.cloud.croc.ru Thawte RSA CA 2018	`2018-12-10` - `2020-12-09`	2 years	crt.sh
*.zdassets.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-25` - `2021-05-31`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2019-09-23` - `2020-09-22`	a year	crt.sh
www.google.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
vk.com Sectigo ECC Extended Validation Secure Server CA	`2019-07-11` - `2020-07-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-12-06` - `2020-03-05`	3 months	crt.sh
*.ok.ru GeoTrust RSA CA 2018	`2019-08-07` - `2021-03-21`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://citycard.ru/telecom/310.5657/rostelekom
Frame ID: 546128C309D1D7B4EC7DE7E07010CF55
Requests: 73 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&co=aHR0cHM6Ly9jaXR5Y2FyZC5ydTo0NDM.&hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=jdduu3451hdt
Frame ID: 2DB68A06C01F430517551114E63438FF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&cb=4ewqv6dcuagf
Frame ID: 364696079CB8719F4F3B692E105DB35F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.telekom-rt.online/ HTTP 301
https://citycard.ru/telecom/310.5657/rostelekom Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /mc\.yandex\.ru\/metrika\/watch\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

74
Requests

93 %
HTTPS

54 %
IPv6

14
Domains

14
Subdomains

13
IPs

5
Countries

1061 kB
Transfer

3316 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.qualys.com/
Title: Qualys;

Search URL Search Domain Scan URL

URL: https://www.moneta.ru/info/d/ru/public/users/nko/nkolimits.pdf
Title: https://www.moneta.ru/info/d/ru/public/users/nko/nkolimits.pdf

Search URL Search Domain Scan URL

URL: https://support.citycard.ru/hc/ru
Title: База знаний

Search URL Search Domain Scan URL

URL: https://support.citycard.ru/hc/ru/sections/203011865-%D0%A7%D0%B0%D1%81%D1%82%D0%BE-%D0%B7%D0%B0%D0%B4%D0%B0%D0%B2%D0%B0%D0%B5%D0%BC%D1%8B%D0%B5-%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B
Title: Часто задаваемые вопросы

Search URL Search Domain Scan URL

URL: https://vk.com/citycardru
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citycardru
Title:

Search URL Search Domain Scan URL

URL: https://www.moneta.ru/info/d/ru/public/users/nko.htm
Title: НКО "МОНЕТА"

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/ru/app/citycard-%D0%BE%D0%BF%D0%BB%D0%B0%D1%82%D0%B0-%D0%B6%D0%BA%D1%85/id1369116048?mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=ru.citycard
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.telekom-rt.online/ HTTP 301
https://citycard.ru/telecom/310.5657/rostelekom Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&uid=5e02f650fafaf4d7058b45f5&gjid=1445052320&_gid=1218973364.1577252434&_u=aGDAgMAjAAAAAC~&z=1011893206 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&_v=j79&z=1011893206

Request Chain 57

https://mc.yandex.ru/watch/36127890?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20191225064033%3Aet%3A1577252434%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A840863296%3Ahid%3A1035033881%3Ads%3A0%2C131%2C247%2C84%2C225%2C0%2C0%2C927%2C13%2C%2C%2C%2C1544%3Afp%3A1367%3Awn%3A4971%3Ahl%3A2%3Agdpr%3A14%3Av%3A1784%3Ast%3A1577252434%3Au%3A1577252434568349091%3At%3A%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD HTTP 302
https://mc.yandex.ru/watch/36127890/1?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20191225064033%3Aet%3A1577252434%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A840863296%3Ahid%3A1035033881%3Ads%3A0%2C131%2C247%2C84%2C225%2C0%2C0%2C927%2C13%2C%2C%2C%2C1544%3Afp%3A1367%3Awn%3A4971%3Ahl%3A2%3Agdpr%3A14%3Av%3A1784%3Ast%3A1577252434%3Au%3A1577252434568349091%3At%3A%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD

Request Chain 72

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Time&ea=Time&el=Time&ev=0&_u=aGDAAMAjAAAAAC~&jid=1850180450&gjid=900034606&cid=477643109.1577252444&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1129232801.1577252444&_r=1&gtm=2wgc61K3PHNLX&z=1934020794 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&uid=5e02f650fafaf4d7058b45f5&_gid=1129232801.1577252444&gjid=900034606&_v=j79&z=1934020794 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&_v=j79&z=1934020794

74 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set rostelekom Show response
citycard.ru/telecom/310.5657/
Redirect Chain

https://www.telekom-rt.online/
https://citycard.ru/telecom/310.5657/rostelekom

350 KB
79 KB

379ms
247ms

Document
text/html

5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

42d07aab90c9a6240489d2346152e0357c13249d5643fbcf685485c742f62020

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Host: citycard.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Server: nginx
Date: Wed, 25 Dec 2019 05:40:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: citycard=ogefh11h3cv7qs7jk02l10d641; path=/; domain=.citycard.ru; secure; HttpOnly zdexid=visitor_319992e688e545feb1865ae73165474a%40citycard.ru; expires=Wed, 27-Sep-1972 00:00:00 GMT; Max-Age=-1490852432; path=/; domain=citycard.ru; secure; httponly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Referrer-Policy: same-origin
Content-Encoding: gzip
X-Frame-Options: sameorigin always
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;

Redirect headers

status: 301
server: nginx-reuseport/1.13.4
date: Wed, 25 Dec 2019 05:40:32 GMT
content-type: text/html
content-length: 0
x-powered-by: PHP/5.6.38
location: https://citycard.ru/telecom/310.5657/rostelekom

GET
H/1.1 200
OK smartbanner.min.css
citycard.ru/js/plugins/smartbanner/ 5 KB
3 KB 69ms
66ms Stylesheet
text/css 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/js/plugins/smartbanner/smartbanner.min.css

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b8a6ee58fd51009c9f2a7ecde3d76d7fb46c829f733cfe0b825649ffee738a91

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:32 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96c-1439"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK smartbanner.min.js Show response
citycard.ru/assets/ 12 KB
5 KB 298ms
161ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/smartbanner.min.js?v-764732d136d54357dbf7dcc866377ddd

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

35ef6bbabd1627b84c060d4694c1da3e2f1ca3e07569292ea23d79235ca146b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:11 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9cf-312f"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK main.css
citycard.ru/assets/common/ 362 KB
64 KB 144ms
75ms Stylesheet
text/css 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/common/main.css?v-0a87bbf38615074fd0577ac23a441a7e

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

deb78f8c8b0a48de5086f8d4b2baa743368b524805638a0edfc160663deb360e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:10 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9ce-5a8b6"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK raven.min.js Show response
citycard.ru/assets/ 27 KB
12 KB 251ms
115ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b2da9350a14c90632d18d6332c4417e8caa84641749a20652150933da8582e1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:11 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9cf-6dac"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK libs.js Show response
citycard.ru/assets/common/ 1 MB
300 KB 404ms
266ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/common/libs.js?v-21adc234f450f6bd006bcb2a4243a53d

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

0655888d039f9e353205cac5caa5e624b891c9e06353eeb95f37f237d6e91eb7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:13 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9d1-119d65"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK plugins.js Show response
citycard.ru/assets/common/ 301 KB
89 KB 461ms
321ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/common/plugins.js?v-48696582b963c517893c121574d77ccb

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

f06c2665e8de01e4c2b5d186519feeba7c993818677ab924d0962238476ee42c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:13 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9d1-4b203"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK app.js Show response
citycard.ru/assets/common/ 283 KB
66 KB 456ms
304ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/common/app.js?v-d6e2c76d889351c1f554f4045ee8349b

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

f0487c65e5941d1f0bb54eadb5133144d3559aa7a44df04e8efe93ccba75a464

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:13 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9d1-46a4a"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK index.css
citycard.ru/assets/ 212 B
2 KB 195ms
67ms Stylesheet
text/css 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/index.css?v-f427532453fca0e26191b98bf3de81bc

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

12d3630d828041c7c1a17f38a18d22e03a219af5107c3d2d15eacbf2aaa56f04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:42:51 GMT
Server: nginx
ETag: "5e01f9bb-d4"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: text/css
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 212
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 310_5657
storage.cloud.croc.ru/citycard-static/provider-logo/ 5 KB
5 KB 265ms
69ms Image
binary/octet-stream 217.73.63.221
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.cloud.croc.ru/citycard-static/provider-logo/310_5657
Requested by: Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.73.63.221 , Russian Federation, ASN51219 (CROC_INC, RU),
Reverse DNS: storage.cloud.croc.ru
Software: /
Resource Hash: c0773d0b1e094e970eb4aaccc36c2f4f6ad0cc088deff6a2f42bbb5ac761aaab

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
ETag: "5af2ba24819306e0a55b7f0609480446"
Last-Modified: Fri, 05 Oct 2018 10:27:41 GMT
x-amz-request-id: tx000000000000002776319-005e02f651-24d84d5-default
Accept-Ranges: bytes
Content-Length: 4884
Content-Type: binary/octet-stream

GET
H/1.1 200
OK rostelecom.svg
citycard.ru/i/landing-features/ 466 B
2 KB 297ms
297ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/landing-features/rostelecom.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

81e9b6b3324dd6cb75a193fbc7e7a7013e716b37c4081af652a7a1785e292794

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-1d2"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK dom-ru.svg
citycard.ru/i/landing-features/ 2 KB
3 KB 103ms
103ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/landing-features/dom-ru.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b86e03d2244f2886ea2f4d704ad2daf7b86b6118ba6ef97079ce33aa723d86e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-8d6"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK beeline.svg
citycard.ru/i/landing-features/ 736 B
2 KB 99ms
98ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/landing-features/beeline.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

2aa0ac15211bedf4ed2d8ce5390d26afea3ee4f5afe37ef265901c0766f34fb8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-2e0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK trycolor-tv.svg
citycard.ru/i/landing-features/ 945 B
3 KB 64ms
63ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/landing-features/trycolor-tv.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

9e3891e9e1e1ecafe46548193cf2fb4bbc550db4ed313031b8b05dd8ae51b4e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-3b1"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK other.svg
citycard.ru/i/landing-features/ 941 B
3 KB 119ms
118ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/landing-features/other.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

fbfb4e9a56280ec8984e9b9f6978ec14d7b50762edf6a21d0f2ce9ef9b9ec3da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-3ad"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK assistant.js Show response
citycard.ru/assets/ 6 KB
4 KB 278ms
278ms Script
application/javascript 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/assets/assistant.js?v-14aeac93f7d369be853fd9b67ef99a33

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c35a40cb99ce2c9950c3ce1d5845dfde7851c2b3bd0188b27c36d26573386abf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:43:12 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f9d0-19e9"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK credit_prefrence.svg
citycard.ru/i/categories/ 1 KB
3 KB 170ms
169ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/categories/credit_prefrence.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

4bef5f04fbb69476a941ff6758cfcfc42b00e135902558497743c912450e693e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-550"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK one_click.svg
citycard.ru/i/categories/ 1 KB
3 KB 267ms
266ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/categories/one_click.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

67e138e867626e017b8a78e81b1525fc59079fec487bfbcd20ff1eaa7c3e71b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-4c8"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK guaranteed.svg
citycard.ru/i/categories/ 1 KB
3 KB 219ms
218ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/categories/guaranteed.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c2159e942ef263dd2c38b7dd64098ff29411f4db21aa19f7763cd222ec3d0324

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-59a"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK provider-logo-default.png
citycard.ru/i/ 901 B
3 KB 309ms
309ms Image
image/png 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/provider-logo-default.png

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b0010403c5d13f90a07d0a5573afb7e82170f85ea8b9777ecb89852fc9a7a3f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-385"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 901
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK citycard_logo_white.svg
citycard.ru/i/ 4 KB
4 KB 300ms
300ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/citycard_logo_white.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

04e899594808af81b77e6fbe25845c1b1e6071c135ff055773bcf88435f4d130

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-1000"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK card-visa-grey.svg
citycard.ru/i/ 3 KB
3 KB 296ms
296ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/card-visa-grey.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c0ca57e31e7ec4f4678507df6a45c2c35e54b59ac6fc07ec6600fb287fd75339

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-b83"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK card-mir-grey.svg
citycard.ru/i/ 695 B
3 KB 251ms
251ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/card-mir-grey.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

41b5b3a9e2f5dbebe36da8eeb77cfaa84369fdc9d95c76d49a445a9deeb21bc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-2b7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK card-mc-grey.svg
citycard.ru/i/ 10 KB
6 KB 238ms
238ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/card-mc-grey.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

29ea1f9e5f125bbfcc78ec91a64b57e82d0285ff6c9bd1dee13cb026aca060a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-29cd"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK card-pcidss-grey.svg
citycard.ru/i/ 19 KB
10 KB 250ms
250ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/card-pcidss-grey.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b3f94de78f9b0afa566c2092c5a6cf42597770d5f6d4ca01b89ecbf614baf80f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-4abe"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clock_3x.png
p3.zdassets.com/hc/theme_assets/1065296/200204069/ 4 KB
5 KB 78ms
36ms Image
image/png 104.18.72.113
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p3.zdassets.com/hc/theme_assets/1065296/200204069/clock_3x.png

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3ac21c2e93b06b7804bea1a377d318209db7962dd251ffbdb3ef8351468ccbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:40:33 GMT
via: 1.1 d5d4d284c2005ab214a2c9b6195c55c5.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 66506
x-amz-server-side-encryption: AES256
cf-ray: 54a87b1dcb832c1c-AMS
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 86400
x-amz-replication-status: COMPLETED
strict-transport-security: max-age=0
content-length: 4378
last-modified: Mon, 24 Sep 2018 10:07:01 GMT
server: cloudflare
etag: "6db1c42c89d03990205f62ed414c5fe2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: HEAD, GET
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=604800
x-amz-version-id: PVFe8gSa3YXTfhyGU3W9FBMt9UkgzgB0
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
x-robots-tag: none, noarchive, none, noarchive
x-amz-cf-id: b2q29SW6AvZHJf7w836HHDZJcN_0qWwWGpxJS7ubRnjKbn9FQZcD1w==
expires: Tue, 31 Dec 2019 11:12:07 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 95 KB
27 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:81e::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K3PHNLX

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0f27846c1b94e1057daac11c58809daa84dc900e2b3a996153402ff2dd62f8c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:40:33 GMT
content-encoding: br
last-modified: Wed, 25 Dec 2019 03:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27910
x-xss-protection: 0
expires: Wed, 25 Dec 2019 05:40:33 GMT

GET
H/1.1 200
OK citycard-logo.svg
citycard.ru/i/ 8 KB
5 KB 447ms
302ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/citycard-logo.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

f5a36be30dae2e354ba077bf444345f3c6692186fa6fbd9b0e4406b8d6bc0098

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/assets/common/main.css?v-0a87bbf38615074fd0577ac23a441a7e
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-2111"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 138 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d88b06054b8feb797b306910c1b78f71bea8e126b00b430f19ba815c2a29b2a3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK sprite.png
citycard.ru/i/ 22 KB
24 KB 309ms
309ms Image
image/png 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/sprite.png?v=1

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

5952b5911a8275617b822c38a0790532d141ac126d47703cd3c6206d0234b0b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/assets/common/main.css?v-0a87bbf38615074fd0577ac23a441a7e
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-56e9"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 22249
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK geometria-medium-webfont.woff
citycard.ru/fonts/ 25 KB
27 KB 378ms
354ms Font
font/woff 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/fonts/geometria-medium-webfont.woff

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

b8ad99092e4b1daa59d372ea65178d3bd87e4fd396ad829d3a3d8a9b27316f83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/assets/common/main.css?v-0a87bbf38615074fd0577ac23a441a7e
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-658c"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: font/woff
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 25996
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK geometria-light-webfont.woff
citycard.ru/fonts/ 26 KB
28 KB 383ms
304ms Font
font/woff 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/fonts/geometria-light-webfont.woff

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

6b34136dec5610149e2082743d2e67357fbdffff76feb23b740d11a12370a852

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://citycard.ru/assets/common/main.css?v-0a87bbf38615074fd0577ac23a441a7e
Origin: https://citycard.ru

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-68f8"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: font/woff
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 26872
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK photo-fixation.html Show response
citycard.ru/tpl/payment/ 1 KB
3 KB 433ms
299ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/payment/photo-fixation.html

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

877c528aafd5ba38a218e6ac5c72128f8e1af62801f83246b344f0f1321a374e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-49d"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK stepper-transaction-state.html Show response
citycard.ru/tpl/payment/ 6 KB
4 KB 482ms
300ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/payment/stepper-transaction-state.html

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

77b8fd9c068cdbabde5c941e8e2b0531f9d61d818f1fab91a63c3b5e95720a98

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-17d8"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share-buttons.htm Show response
citycard.ru/tpl/payment/ 1007 B
3 KB 579ms
242ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/payment/share-buttons.htm

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

bb7664d800ecc4e5d7a0d37f11e4da75b1699b75c04103defebded1397949b5a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-3ef"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

POST
H/1.1 200
OK getnextstep Show response
citycard.ru/action/ 1 KB
3 KB 1338ms
1104ms XHR
application/json 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/action/getnextstep

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

af74229441bedb46000c8f0801a2f187d7fdb3f795b6a157d38b26846ba50c6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: same-origin
Server: nginx
X-Frame-Options: sameorigin always
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: application/json
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK stepper-payment-methods-form.htm Show response
citycard.ru/tpl/payment/ 5 KB
4 KB 623ms
295ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/payment/stepper-payment-methods-form.htm

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

0d57fe453e428967f06ea4cbef8e50c669162c6116f9f72cb63c9d793768b91e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-15c4"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3PHNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4016
date: Wed, 25 Dec 2019 04:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 25 Dec 2019 06:33:37 GMT

GET
H/1.1 200
OK watch.js Show response
mc.yandex.ru/metrika/ 134 KB
40 KB 185ms
92ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

3ce5e6e6f4c06a55b694a7444df3046b202de6bdb3f63b7949b33a0d9e67c6b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:33 GMT
Content-Encoding: br
Last-Modified: Tue, 10 Dec 2019 10:33:56 GMT
Server: nginx/1.14.2
ETag: "5def7494-9e02"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 40450
Expires: Wed, 25 Dec 2019 06:40:33 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1013 B 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:03:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2208
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Wed, 25 Dec 2019 06:03:45 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 794 B
579 B 17ms
16ms Script
text/javascript 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=vcRecaptchaApiLoaded&render=explicit

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/common/libs.js?v-21adc234f450f6bd006bcb2a4243a53d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

2ddcc000b86126790a51473646bc00db75a02f011335ef9b01a7dcfdeb261576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:40:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 486
x-xss-protection: 1; mode=block
expires: Wed, 25 Dec 2019 05:40:33 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
121 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j79&a=514494932&t=pageview&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAAMAjAAAAAC~&jid=553059057&gjid=2144757890&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&_r=1&gtm=2wgc61K3PHNLX&z=1844374189

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://citycard.ru
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 25 Dec 2019 05:40:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://citycard.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=pageview&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAgMAjAAAAAC~&jid=19309853&gjid=1445052320&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-3&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=769620793

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET

ga-audiences
www.google.com/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&uid=5e02f650fafaf4d7058b45f5&gjid=1445052320&_gid=1218973364.1577252434...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&_v=j79&z=1011893206

0
0

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 9ms
6ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Tracking&ea=10%25&el=%2Ftelecom%2F310.5657%2Frostelekom&_u=aGDAAMAjAAAAAC~&jid=&gjid=&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=34140694

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 8ms
6ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Tracking&ea=25%25&el=%2Ftelecom%2F310.5657%2Frostelekom&_u=aGDAAMAjAAAAAC~&jid=&gjid=&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=1812072095

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 11ms
8ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll_Tracking_25&ea=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&_u=aGDAAMAjAAAAAC~&jid=&gjid=&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=1959006968

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 10ms
7ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Tracking&ea=50%25&el=%2Ftelecom%2F310.5657%2Frostelekom&_u=aGDAAMAjAAAAAC~&jid=&gjid=&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=1934998498

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 8ms
7ms Image
image/gif 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll_Tracking_50&ea=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&_u=aGDAAMAjAAAAAC~&jid=&gjid=&cid=1006642837.1577252434&uid=5e02f650fafaf4d7058b45f5&tid=UA-58619268-1&_gid=1218973364.1577252434&gtm=2wgc61K3PHNLX&z=1431959638

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:19:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 429646
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
124 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c04::9a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j79&tid=UA-58619268-1&cid=1006642837.1577252434&jid=553059057&uid=5e02f650fafaf4d7058b45f5&gjid=2144757890&_gid=1218973364.1577252434&_u=aGBAAMAiAAAAAC~&z=150181040

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://citycard.ru
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 25 Dec 2019 05:40:33 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://citycard.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK calendar.json Show response
citycard.ru/ 1 KB
2 KB 553ms
313ms XHR
application/json 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/calendar.json

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

3423def50136d564c8f8b385351164ff6c04cc08653115e3729281f3a866aec6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-5e9"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/ 254 KB
91 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:800::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=vcRecaptchaApiLoaded&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 19 Dec 2019 18:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Dec 2019 05:03:14 GMT
server: sffe
age: 472672
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 92878
x-xss-protection: 0
expires: Fri, 18 Dec 2020 18:22:41 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
109 B 16ms
16ms Image
image/gif 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j79&tid=UA-58619268-1&cid=1006642837.1577252434&jid=553059057&_u=aGBAAMAiAAAAAC~&z=121974753

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Dec 2019 05:40:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content csp
citycard.ru/external/action/ 0
2 KB 825ms
825ms Other
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/external/action/csp

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/csp-report

Response headers

Pragma: no-cache
Date: Wed, 25 Dec 2019 05:40:35 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: sameorigin always
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

POST
H/1.1 204
No Content csp
citycard.ru/external/action/ 0
2 KB 1833ms
1833ms Other
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/external/action/csp

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
Origin: https://citycard.ru
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/csp-report

Response headers

Pragma: no-cache
Date: Wed, 25 Dec 2019 05:40:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: sameorigin always
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 2DB6 0
0 41ms
41ms Document
text/html 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&co=aHR0cHM6Ly9jaXR5Y2FyZC5ydTo0NDM.&hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=jdduu3451hdt

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Mp6dGwX2WpK/oDyeqGjL1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&co=aHR0cHM6Ly9jaXR5Y2FyZC5ydTo0NDM.&hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&size=invisible&badge=inline&cb=jdduu3451hdt
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 25 Dec 2019 05:40:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-Mp6dGwX2WpK/oDyeqGjL1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 8439
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1

302
Found

1 Show response
mc.yandex.ru/watch/36127890/
Redirect Chain

https://mc.yandex.ru/watch/36127890?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%...
https://mc.yandex.ru/watch/36127890/1?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A...

0
-1 B

47ms
47ms

XHR

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/36127890/1?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20191225064033%3Aet%3A1577252434%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A840863296%3Ahid%3A1035033881%3Ads%3A0%2C131%2C247%2C84%2C225%2C0%2C0%2C927%2C13%2C%2C%2C%2C1544%3Afp%3A1367%3Awn%3A4971%3Ahl%3A2%3Agdpr%3A14%3Av%3A1784%3Ast%3A1577252434%3Au%3A1577252434568349091%3At%3A%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 25 Dec 2019 05:40:33 GMT
Last-Modified: Wed, 25-Dec-2019 05:40:33 GMT
Server: nginx/1.14.2
Location: /watch/36127890/1?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20191225064033%3Aet%3A1577252434%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A840863296%3Ahid%3A1035033881%3Ads%3A0%2C131%2C247%2C84%2C225%2C0%2C0%2C927%2C13%2C%2C%2C%2C1544%3Afp%3A1367%3Awn%3A4971%3Ahl%3A2%3Agdpr%3A14%3Av%3A1784%3Ast%3A1577252434%3Au%3A1577252434568349091%3At%3A%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: https://citycard.ru
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Wed, 25-Dec-2019 05:40:33 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 25 Dec 2019 05:40:33 GMT
Last-Modified: Wed, 25-Dec-2019 05:40:33 GMT
Server: nginx/1.14.2
Access-Control-Allow-Origin: https://citycard.ru
Strict-Transport-Security: max-age=31536000
Location: /watch/36127890/1?wmode=7&page-url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&charset=utf-8&browser-info=ti%3A10%3Ans%3A1577252432166%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20191225064033%3Aet%3A1577252434%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Awh%3A1%3Apv%3A1%3Arn%3A840863296%3Ahid%3A1035033881%3Ads%3A0%2C131%2C247%2C84%2C225%2C0%2C0%2C927%2C13%2C%2C%2C%2C1544%3Afp%3A1367%3Awn%3A4971%3Ahl%3A2%3Agdpr%3A14%3Av%3A1784%3Ast%3A1577252434%3Au%3A1577252434568349091%3At%3A%D0%9E%D0%BF%D0%BB%D0%B0%D1%82%D0%B0%20%D0%A0%D0%BE%D1%81%D1%82%D0%B5%D0%BB%D0%B5%D0%BA%D0%BE%D0%BC%3A%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D0%B2%D0%B8%D0%B4%D0%B5%D0%BD%D0%B8%D0%B5%2C%20%D1%82%D0%B5%D0%BB%D0%B5%D1%84%D0%BE%D0%BD
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Wed, 25-Dec-2019 05:40:33 GMT

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 3646 0
0 20ms
20ms Document
text/html 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&cb=4ewqv6dcuagf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1GQrUQihBh8SmpmDYyM2ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=ru&v=mhgGrlTs_PbFQOW4ejlxlxZn&k=6LcNchgUAAAAAElGHpEtwhIMsqd7JxcXQW-ZWtzo&cb=4ewqv6dcuagf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 25 Dec 2019 05:40:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-1GQrUQihBh8SmpmDYyM2ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1119
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK advert.gif
mc.yandex.ru/metrika/ 43 B
445 B 140ms
47ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Server: nginx/1.14.2
ETag: "561bb0f5-3d"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 61
Expires: Wed, 25 Dec 2019 06:40:34 GMT

GET
H/1.1 200
OK 1 Show response
mc.yandex.ru/watch/36127890/ 152 B
699 B 55ms
54ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

ef1ea07d87ddb8fdf23d824fd13887830ee247fdeba082f8abd770ca375fe7aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://citycard.ru
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 25 Dec 2019 05:40:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 25-Dec-2019 05:40:34 GMT
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://citycard.ru
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 152
X-XSS-Protection: 1; mode=block
Expires: Wed, 25-Dec-2019 05:40:34 GMT

GET
H/1.1 200
OK stepper-finish-registration.htm Show response
citycard.ru/tpl/payment/ 4 KB
3 KB 340ms
251ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/payment/stepper-finish-registration.htm

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

82ff774f08326de220213099eb4619202ef2f1c16d3d02cb05ff1fe289de05a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-f18"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK pay-wait.gif
citycard.ru/i/ 17 KB
19 KB 308ms
308ms Image
image/gif 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/pay-wait.gif

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

ec9159910e1139b18eb68f9fd1cfe81a9ffc4b589b5135e41fa073594c176547

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-4220"
X-Frame-Options: sameorigin always
Connection: keep-alive
Content-Type: image/gif
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 16928
X-XSS-Protection: 1; mode=block
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK pay-error.svg
citycard.ru/i/ 45 KB
20 KB 303ms
303ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/pay-error.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

4425292b859007cac1417e4b73e9a5bdb6e042e7d0f374125fe385d64c5611f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-b334"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK pay-succes.svg
citycard.ru/i/ 45 KB
20 KB 296ms
296ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/pay-succes.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

0bc9f4c59ee0425813933d538317ac9039b8189e5efa4cf6203dc658f8d368ad

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-b33b"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK recipe.svg
citycard.ru/i/ 46 KB
19 KB 298ms
298ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/recipe.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

dcd355a56378df860e9aa19044893b5b1aa05da73fe1f6e75224cbea496640d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-b9a7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK save_customer_logo.svg
citycard.ru/i/ 1 KB
3 KB 190ms
189ms Image
image/svg+xml 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citycard.ru/i/save_customer_logo.svg

Requested by

Host: citycard.ru
URL: https://citycard.ru/telecom/310.5657/rostelekom

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

0bedae477d56038ed8f2c0c9107b728da9794f91d9fb5a3dceeaa86adf6e5f4a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citycard.ru/telecom/310.5657/rostelekom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-56c"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=315360000, public
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 share.php Show response
vk.com/ 21 B
321 B 213ms
78ms Script
text/html 87.240.190.78
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://vk.com/share.php?act=count&url=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F&index=0

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/common/plugins.js?v-48696582b963c517893c121574d77ccb

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.78 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv78-190-240-87.vk.com

Software

VK / PHP/3.22483

Resource Hash

a349ff483262fec531ee2cc40ab8db69c967ee32ff16e2508b4fda2d9a5b4ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:40:35 GMT
content-encoding: gzip
x-frontend: front213211
server: VK
x-powered-by: PHP/3.22483
strict-transport-security: max-age=15768000
content-type: text/html; charset=windows-1251
status: 200
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 41

GET
H2 200 / Show response
graph.facebook.com/ 81 B
535 B 58ms
46ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F&callback=__likelyCallbacks.random_fun_1

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/common/plugins.js?v-48696582b963c517893c121574d77ccb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

60a560f8c28c173c34efe6ac822c2c13683c6a0c5bea6bbfefbb80b44d866107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Wed, 25 Dec 2019 05:40:34 GMT
x-fb-rev: 1001568517
alt-svc: h3-24=":443"; ma=3600
content-length: 81
pragma: no-cache
x-fb-debug: QG6knmcJsJQCUZSXmot6vyOv4KuMmYlENIB4FnNOs8RYeyZ6z/sA4mYMg9QROAPGrfejh99JyI/aIPvtosyILQ==
x-fb-trace-id: D8VruSVJF3y
etag: "05081e5ceb3fe7d91b1eb1bd535fb56037c5af44"
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AQRvf2aNt7nt2g6PzGYGsww
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dk Show response
connect.ok.ru/ 26 B
1 KB 186ms
64ms Script
application/javascript 217.20.152.207
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.ok.ru/dk?st.cmd=extLike&ref=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F&uid=0

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/common/plugins.js?v-48696582b963c517893c121574d77ccb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

217.20.152.207 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

ip207.152.odnoklassniki.ru

Software

apache /

Resource Hash

d4c0e14db74409aface8f7b7ed46886c3442c370c723be3aab05b245476b39f5

Security Headers

Name

Value

Content-Security-Policy

default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Dec 2019 05:40:35 GMT
content-encoding: br
vary: Accept-Encoding
server: apache
content-security-policy-report-only: default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
content-type: application/javascript;charset=UTF-8
status: 200
content-security-policy: default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;

GET
H/1.1 200
OK field-hidden.html Show response
citycard.ru/tpl/form-builder/payment/fields/ 83 B
2 KB 100ms
99ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/form-builder/payment/fields/field-hidden.html

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

195d45d6917d0a14baf0d8ef6c7bae291c8b6504190ac04d60c12cb1e61563c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:34 GMT
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
ETag: "5e01f96e-53"
X-Frame-Options: sameorigin always
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 83
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK field-text.html Show response
citycard.ru/tpl/form-builder/payment/fields/ 690 B
2 KB 141ms
140ms XHR
text/html 5.8.181.26
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://citycard.ru/tpl/form-builder/payment/fields/field-text.html

Requested by

Host: citycard.ru
URL: https://citycard.ru/assets/raven.min.js?v-56eda42466a4abb8e661f506d0bdc2cb

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

5.8.181.26 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-5-8-181-26.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

4ee9b9558d44dbb40835b5cffa8efc0a5c324d34a0072cb43837e2407ac3e430

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://citycard.ru/telecom/310.5657/rostelekom
X-CSRF-Token: ZDA4MDIyZjc5YTQ0NDNjZDk1NjAzNjI1MjFlOTBhYTk9SnUBf2YwWnQbUFh5ZypUd3JnSH0Ee01oXD9UfyUGCw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 25 Dec 2019 05:40:35 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Last-Modified: Tue, 24 Dec 2019 11:41:34 GMT
Server: nginx
X-Frame-Options: sameorigin always
ETag: W/"5e01f96e-2b2"
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com *.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.googletagmanager.com *.pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net *.ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru *.imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com *.zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru *.storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https://* https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://*:*; frame-ancestors 'self'; report-uri /external/action/csp;
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET

ga-audiences
www.google.com/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=514494932&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcitycard.ru%2Ftelecom%2F310.5657%2Frostelekom&ul=en-us&de=UTF-8&dt=%D0%9E%D0%BF%D0%BB%D0%B0%D1%8...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&uid=5e02f650fafaf4d7058b45f5&_gid=1129232801.1577252444&gjid=900034606&_v=j79...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&_v=j79&z=1934020794

0
0

GET ga-audiences
www.google.de/ads/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&_v=j79&z=1011893206

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j79&tid=UA-58619268-1&cid=1006642837.1577252434&jid=553059057&_u=aGBAAMAiAAAAAC~&z=121974753

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-3&cid=1006642837.1577252434&jid=19309853&_v=j79&z=1011893206&slf_rd=1&random=1909393704

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&_v=j79&z=1934020794

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58619268-1&cid=477643109.1577252444&jid=1850180450&_v=j79&z=1934020794&slf_rd=1&random=2268417102

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oauth.mail.ru vk.com graph.facebook.com https://www.googleadservices.com .google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com .googletagmanager.com .pingdom.net mc.yandex.ru google.com connect.facebook.net www.googleadservices.com www.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com/recaptcha/ googleads.g.doubleclick.net .ok.ru login.vk.com m.vk.com; style-src 'self' 'unsafe-inline' www.payanyway.ru https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: mc.yandex.ru .imgsmail.ru https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com .googletagmanager.com .google-analytics.com https://www.google-analytics.com vk.com login.vk.com www.google.com www.google.ru www.facebook.com .zdassets.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://storage.cloud.croc.ru .storage.cloud.croc.ru www.payanyway.ru googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' fonts.gstatic.com http://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' wss://citycard.ru https:// https://www.google-analytics.com; media-src 'self'; object-src 'self'; frame-src 'self' https://:; frame-ancestors 'self'; report-uri /external/action/csp;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin always
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citycard.ru
connect.ok.ru
graph.facebook.com
mc.yandex.ru
p3.zdassets.com
stats.g.doubleclick.net
storage.cloud.croc.ru
vk.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.telekom-rt.online
www.google.com
www.google.de
104.18.72.113
217.20.152.207
217.73.63.221
2a00:1450:4001:800::2003
2a00:1450:4001:80b::200e
2a00:1450:4001:817::2004
2a00:1450:4001:81e::2008
2a00:1450:400c:c04::9a
2a02:6b8::1:119
2a03:2880:f01c:800e:face:b00c:0:2
5.8.181.26
87.236.16.109
87.240.190.78
04e899594808af81b77e6fbe25845c1b1e6071c135ff055773bcf88435f4d130
0655888d039f9e353205cac5caa5e624b891c9e06353eeb95f37f237d6e91eb7
0bc9f4c59ee0425813933d538317ac9039b8189e5efa4cf6203dc658f8d368ad
0bedae477d56038ed8f2c0c9107b728da9794f91d9fb5a3dceeaa86adf6e5f4a
0d57fe453e428967f06ea4cbef8e50c669162c6116f9f72cb63c9d793768b91e
12d3630d828041c7c1a17f38a18d22e03a219af5107c3d2d15eacbf2aaa56f04
195d45d6917d0a14baf0d8ef6c7bae291c8b6504190ac04d60c12cb1e61563c4
29ea1f9e5f125bbfcc78ec91a64b57e82d0285ff6c9bd1dee13cb026aca060a1
2aa0ac15211bedf4ed2d8ce5390d26afea3ee4f5afe37ef265901c0766f34fb8
2ddcc000b86126790a51473646bc00db75a02f011335ef9b01a7dcfdeb261576
3423def50136d564c8f8b385351164ff6c04cc08653115e3729281f3a866aec6
35ef6bbabd1627b84c060d4694c1da3e2f1ca3e07569292ea23d79235ca146b0
3ce5e6e6f4c06a55b694a7444df3046b202de6bdb3f63b7949b33a0d9e67c6b8
41b5b3a9e2f5dbebe36da8eeb77cfaa84369fdc9d95c76d49a445a9deeb21bc1
42d07aab90c9a6240489d2346152e0357c13249d5643fbcf685485c742f62020
4425292b859007cac1417e4b73e9a5bdb6e042e7d0f374125fe385d64c5611f3
4bef5f04fbb69476a941ff6758cfcfc42b00e135902558497743c912450e693e
4ee9b9558d44dbb40835b5cffa8efc0a5c324d34a0072cb43837e2407ac3e430
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5952b5911a8275617b822c38a0790532d141ac126d47703cd3c6206d0234b0b4
60a560f8c28c173c34efe6ac822c2c13683c6a0c5bea6bbfefbb80b44d866107
67e138e867626e017b8a78e81b1525fc59079fec487bfbcd20ff1eaa7c3e71b4
6b34136dec5610149e2082743d2e67357fbdffff76feb23b740d11a12370a852
77b8fd9c068cdbabde5c941e8e2b0531f9d61d818f1fab91a63c3b5e95720a98
81e9b6b3324dd6cb75a193fbc7e7a7013e716b37c4081af652a7a1785e292794
82ff774f08326de220213099eb4619202ef2f1c16d3d02cb05ff1fe289de05a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
877c528aafd5ba38a218e6ac5c72128f8e1af62801f83246b344f0f1321a374e
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e3891e9e1e1ecafe46548193cf2fb4bbc550db4ed313031b8b05dd8ae51b4e1
a349ff483262fec531ee2cc40ab8db69c967ee32ff16e2508b4fda2d9a5b4ea7
af74229441bedb46000c8f0801a2f187d7fdb3f795b6a157d38b26846ba50c6c
b0010403c5d13f90a07d0a5573afb7e82170f85ea8b9777ecb89852fc9a7a3f8
b0f27846c1b94e1057daac11c58809daa84dc900e2b3a996153402ff2dd62f8c
b2da9350a14c90632d18d6332c4417e8caa84641749a20652150933da8582e1a
b3f94de78f9b0afa566c2092c5a6cf42597770d5f6d4ca01b89ecbf614baf80f
b86e03d2244f2886ea2f4d704ad2daf7b86b6118ba6ef97079ce33aa723d86e2
b8a6ee58fd51009c9f2a7ecde3d76d7fb46c829f733cfe0b825649ffee738a91
b8ad99092e4b1daa59d372ea65178d3bd87e4fd396ad829d3a3d8a9b27316f83
bb7664d800ecc4e5d7a0d37f11e4da75b1699b75c04103defebded1397949b5a
c0773d0b1e094e970eb4aaccc36c2f4f6ad0cc088deff6a2f42bbb5ac761aaab
c0ca57e31e7ec4f4678507df6a45c2c35e54b59ac6fc07ec6600fb287fd75339
c2159e942ef263dd2c38b7dd64098ff29411f4db21aa19f7763cd222ec3d0324
c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0
c35a40cb99ce2c9950c3ce1d5845dfde7851c2b3bd0188b27c36d26573386abf
d4c0e14db74409aface8f7b7ed46886c3442c370c723be3aab05b245476b39f5
d88b06054b8feb797b306910c1b78f71bea8e126b00b430f19ba815c2a29b2a3
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dcd355a56378df860e9aa19044893b5b1aa05da73fe1f6e75224cbea496640d2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deb78f8c8b0a48de5086f8d4b2baa743368b524805638a0edfc160663deb360e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec9159910e1139b18eb68f9fd1cfe81a9ffc4b589b5135e41fa073594c176547
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1ea07d87ddb8fdf23d824fd13887830ee247fdeba082f8abd770ca375fe7aa
f0487c65e5941d1f0bb54eadb5133144d3559aa7a44df04e8efe93ccba75a464
f06c2665e8de01e4c2b5d186519feeba7c993818677ab924d0962238476ee42c
f3ac21c2e93b06b7804bea1a377d318209db7962dd251ffbdb3ef8351468ccbd
f5a36be30dae2e354ba077bf444345f3c6692186fa6fbd9b0e4406b8d6bc0098
fbfb4e9a56280ec8984e9b9f6978ec14d7b50762edf6a21d0f2ce9ef9b9ec3da

citycard.ru Open in urlscan Pro 5.8.181.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

74 Requests

93 %HTTPS

54 %IPv6

14 Domains

14 Subdomains

13 IPs

5 Countries

1061 kBTransfer

3316 kBSize

0 Cookies

9 Outgoing links

Page URL History

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

citycard.ru Open in urlscan Pro
5.8.181.26 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

93 %
HTTPS

54 %
IPv6

14
Domains

14
Subdomains

13
IPs

5
Countries

1061 kB
Transfer

3316 kB
Size

0
Cookies

74 HTTP transactions
1 data transactions