www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru Open in urlscan Pro
45.147.197.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Submission: On January 31 via api (January 31st 2024, 4:43:07 pm UTC) from US — Scanned from US

Summary HTTP 196 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 20 domains to perform 196 HTTP transactions. The main IP is 45.147.197.153, located in Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, NL. The main domain is www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru.
TLS certificate: Issued by R3 on January 31st 2024. Valid for: 3 months.

This is the only time www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	45.147.197.153 45.147.197.153	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
40	2607:f8b0:400... 2607:f8b0:4004:c0b::9a	15169 (GOOGLE) (GOOGLE)
12	2606:4700:303... 2606:4700:3038::6815:e9df	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
1	89.184.81.35 89.184.81.35	28907 (MIROHOST ...) (MIROHOST Web hosting)
3 8	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
11	2607:f8b0:400... 2607:f8b0:4004:c17::9b	15169 (GOOGLE) (GOOGLE)
24	2607:f8b0:400... 2607:f8b0:4004:c08::84	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c1f::9b	15169 (GOOGLE) (GOOGLE)
8 12	142.251.111.154 142.251.111.154	15169 (GOOGLE) (GOOGLE)
3 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	68.67.160.184 68.67.160.184	29990 (ASN-APPNEX) (ASN-APPNEX)
11	2607:f8b0:400... 2607:f8b0:4004:c06::65	15169 (GOOGLE) (GOOGLE)
31	2607:f8b0:400... 2607:f8b0:4004:c06::94	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c07::8b	15169 (GOOGLE) (GOOGLE)
4	172.253.115.156 172.253.115.156	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::61	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4004:c09::5f	15169 (GOOGLE) (GOOGLE)
6	54.192.51.4 54.192.51.4	16509 (AMAZON-02) (AMAZON-02)
4	172.253.122.149 172.253.122.149	15169 (GOOGLE) (GOOGLE)
3 4	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	23.220.121.51 23.220.121.51	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2607:f8b0:400... 2607:f8b0:4003:c0c::5e	15169 (GOOGLE) (GOOGLE)
2 2	2607:f8b0:400... 2607:f8b0:4004:c09::64	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4000:12::9	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4000:24::9	15169 (GOOGLE) (GOOGLE)
3	54.228.121.187 54.228.121.187	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c17::6a	15169 (GOOGLE) (GOOGLE)
196	28

11 45.147.197.153 (Netherlands)

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL)
PTR: vm1670795.nvme.had.yt

www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2607:f8b0:4004:c0b::9a (Ashburn, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3038::6815:e9df (United States)

ASN13335 (CLOUDFLARENET, US)

xp4stm90bvzr.frontroute.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.184.81.35 (Kyiv, Ukraine)

ASN28907 (MIROHOST Web hosting, datacenter and domain names registration in Ukraine, US)
PTR: c.hit.ua

c.hit.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4004:c17::9b (Washington, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2607:f8b0:4004:c08::84 (Ashburn, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1f::9b (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.111.154 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.160.184 (Jersey City, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4004:c06::65 (Washington, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2607:f8b0:4004:c06::94 (Washington, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c07::8b (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.115.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c09::5f (Ashburn, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.192.51.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-51-4.yul62.r.cloudfront.net

bucket.cdnwebcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.122.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.220.121.51 (Ashburn, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-121-51.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4003:c0c::5e (Tulsa, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::64 (Ashburn, United States) 2 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4000:12::9 (United States)

ASN15169 (GOOGLE, US)

r4---sn-q4flrnld.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4000:24::9 (United States)

ASN15169 (GOOGLE, US)

r4---sn-q4fzene7.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.228.121.187 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-121-187.eu-west-1.compute.amazonaws.com

neural40.cdnwebcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::6a (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157 ade.googlesyndication.com — Cisco Umbrella Rank: 356	690 KB
36	2mdn.net 2 redirects s0.2mdn.net — Cisco Umbrella Rank: 336 gcdn.2mdn.net — Cisco Umbrella Rank: 1402 r4---sn-q4flrnld.c.2mdn.net — Cisco Umbrella Rank: 103272 r4---sn-q4fzene7.c.2mdn.net — Cisco Umbrella Rank: 217418	6 MB
30	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594 ad.doubleclick.net — Cisco Umbrella Rank: 163 bid.g.doubleclick.net — Cisco Umbrella Rank: 917	185 KB
12	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143 www.google.com — Cisco Umbrella Rank: 2	71 KB
12	frontroute.org xp4stm90bvzr.frontroute.org	307 KB
11	bookmp3.ru www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru	296 KB
9	cdnwebcloud.com bucket.cdnwebcloud.com — Cisco Umbrella Rank: 22466 neural40.cdnwebcloud.com — Cisco Umbrella Rank: 28905	19 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	4 KB
6	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 8747	4 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	6 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28 imasdk.googleapis.com — Cisco Umbrella Rank: 485	137 KB
4	gstatic.com csi.gstatic.com	378 B
4	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 524	994 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	195 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1376	628 B
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3982	57 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11938	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	81 KB
1	hit.ua c.hit.ua — Cisco Umbrella Rank: 185627	738 B
196	20

	Domain	Requested by
40	pagead2.googlesyndication.com	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
31	s0.2mdn.net	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru s0.2mdn.net
24	tpc.googlesyndication.com	googleads.g.doubleclick.net www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru tpc.googlesyndication.com s0.2mdn.net imasdk.googleapis.com pagead2.googlesyndication.com
12	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
12	xp4stm90bvzr.frontroute.org	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
11	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	bucket.cdnwebcloud.com	s0.2mdn.net www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru bucket.cdnwebcloud.com
6	mc.yandex.com	2 redirects www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru mc.yandex.ru
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	csi.gstatic.com	imasdk.googleapis.com
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	ad.doubleclick.net	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
3	neural40.cdnwebcloud.com	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
3	imasdk.googleapis.com	googleads.g.doubleclick.net
3	www.google-analytics.com	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru www.google-analytics.com www.googletagmanager.com
3	www.googletagservices.com	googleads.g.doubleclick.net www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
2	r4---sn-q4fzene7.c.2mdn.net	googleads.g.doubleclick.net
2	gcdn.2mdn.net	2 redirects
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
2	mc.yandex.ru	1 redirects www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
2	counter.yadro.ru	1 redirects www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
1	www.google.com	tpc.googlesyndication.com
1	ade.googlesyndication.com	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
1	r4---sn-q4flrnld.c.2mdn.net	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	www.googletagmanager.com	www.google-analytics.com
1	c.hit.ua	www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
196	32

This site contains links to these domains. Also see Links.

Domain
mir-knigi.info
vk.com
www.facebook.com
twitter.com
bookmp3.ru
www.liveinternet.ru
hit.ua

Subject Issuer	Validity	Valid
youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru R3	`2024-01-31` - `2024-04-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
frontroute.org E1	`2023-12-19` - `2024-03-18`	3 months	crt.sh
hit.ua R3	`2023-12-03` - `2024-03-02`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-12-26` - `2024-06-05`	5 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.cdnwebcloud.com Amazon RSA 2048 M03	`2023-08-23` - `2024-09-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2024-01-16` - `2024-03-26`	2 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh

This page contains 27 frames:

Primary Page: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Frame ID: 80FA92F6EEB47E3CA5E048D7EEAA116D
Requests: 52 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20190131/zrt_lookup_fy2021.html
Frame ID: 0E85EDFF62D6C9DB987562929209B075
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&adk=1812271804&adf=3025194257&lmt=1706719377&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376906&bpp=6&bdt=1481&idt=343&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6082367802774&frm=20&pv=2&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=383
Frame ID: 78A3FDC0774CEAB4389254331834E9FC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=600&slotname=7639484812&adk=992306218&adf=1633998875&pi=t.ma~as.7639484812&w=300&fwrn=4&fwrnh=100&lmt=1706719377&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376912&bpp=4&bdt=1488&idt=385&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=393
Frame ID: 9146B4979C2A27C73FB2DC73911E7D62
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=1032&slotname=7256341433&adk=2496561252&adf=1568110953&pi=t.ma~as.7256341433&w=300&cr_col=1&cr_row=13&fwrn=2&lmt=1706719377&rafmt=9&format=300x1032&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&crui=image_sidebyside&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376916&bpp=3&bdt=1491&idt=416&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C300x600&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=707&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=422
Frame ID: 15C547D85913484441536958568DD7D4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjzgpj9ATAB&v=APEucNUVzCPOUdZO2uKvwc3ZfphoF8eUKY5Rr4PZqvWQ-kW0gOV4cRZLk7qFVMNgdFCkAOIP1BIjjSYy5kkaSuGIqq_-pmVrqA
Frame ID: A9ECCBAE67B2E3216D81A48C7DC2396C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CCB9C8C9F67AFDC65861B4960E1A812E
Requests: 3 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: F9144A85904D734133816856FF571592
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
Frame ID: 64FC5FE1E53FBB03C0F3E279AC403FD8
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 129CC470E9F7284F6304DA972C37B2C6
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: F03CB3B6CB59CE3062F0D0A88886AED3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B075874733A6B9E595384C2421729527
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEYnK3fcjAB&v=APEucNWlCI7FyIFHHXZCoxiwqV0kTO8KEPuoZpR6v3GZJ9Skv_kRZ5XoYYRcuTMz3kAbXllNA9ACyFNCLnWTdyN7mzsde0HwgA
Frame ID: F7D16D8016EAC90FCB0D3E6478CC413E
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: 0314FA9716EF594B11DCA3023D5A3CA7
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEY7cfscTAB&v=APEucNW42TAkhLYADIZCu6PFsw1aIvTwLgpL6M_d14HzQzJR5m1JF5AIvevUonvDep9NULNao_q9ILqJayipKvLWnYkjNDbBdA
Frame ID: 529028024C152DDA71974645F0EA4EC6
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: F64F639881E89E33BCF121580E6DB74D
Requests: 17 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
Frame ID: 814F731544D8A90136CCD189624B1EAF
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C9DD7229E77EBA2FBA7300CD234EADA0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/abg_lite_fy2021.js
Frame ID: 5544F1C14A833E7B20CC90684E700C5F
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3CF16ED3D637283ABECB4C43990265C9
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
Frame ID: 6AE59014B43BFEA1597A1FE85B3E0BB9
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: 1ADE28B6DF71383B4288BDE245993D6C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 9160605BA0988882D45DDE53D1182650
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: B23CE43F1C329552F3382BAD7020305B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Frame ID: E7CB467B6B04C6EE8E8A93EBDC5D77B7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 753D95FF49CB3A9518056CAD71944B0F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1492498A53A23CA7B5A98D7DED6B1A2A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Аудиокниги слушать онлайн бесплатно :: bookmp3.ru

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

196
Requests

91 %
HTTPS

57 %
IPv6

20
Domains

32
Subdomains

28
IPs

5
Countries

8060 kB
Transfer

14856 kB
Size

42
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://mir-knigi.info/
Title: Книги

Search URL Search Domain Scan URL

URL: https://vk.com/bookmp3_ru

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bookmp3ru/

Search URL Search Domain Scan URL

URL: https://twitter.com/bookmp3

Search URL Search Domain Scan URL

URL: https://bookmp3.ru/rss

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/authors
Title: «Авторы»,

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/genres
Title: «Жанры»

Search URL Search Domain Scan URL

URL: http://bookmp3.ru/top
Title: «Топ 100»

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: http://hit.ua/?x=84925
Title:     <img src='//c.hit.ua/hit?i=84925&g=0&x=1' border='0' width='88' height='31' alt='hit.ua: сейчас на сайте, посетителей и просмотров за сегодня' title='hit.ua: сейчас на сайте, посетителей и просмотров за сегодня'/>

Search URL Search Domain Scan URL

URL: https://bookmp3.ru/
Title: bookmp3.ru

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://counter.yadro.ru/hit?t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815 HTTP 302
https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815

Request Chain 38

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1

Request Chain 39

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbp4kWlD78buVd.bOGf.CgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2

Request Chain 40

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPDF9zq2NTje5Totd0iBVLE%26google_cver%3D1

Request Chain 41

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

Request Chain 45

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10265.FjlrwAIsrCZqqSAuphkO6M2P2TZHpJsetTLpgHbOyIGh01c2TwldYwx5K7VLpAJ9.J5V6_2iia5IGMrrmbxjTLt99oiw%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10265.-G0QS4xSs0X6aR2mlU55y_IXXyUbal6kwp_kScGje64g81EmrgBdevWGDX3zN4sYINR58c2mlJ8_lq2lJhN9VOslDH_1viifgRC9wCa9APbeBjbACuTgF1xR4-lldVGyjVSY0o4OaUGSGqnTOpm4b_4VzFgtut1kRVm88CF62F8_mIdaPsiW12AaHFP0LLsf7VS8Y_zVL5Ed8zy19Ztqx2zF8d2xvo0iXBWGo-tnJDE%2C.p-IDALlSFGPJjzwUAZw8UJ9QzVM%2C

Request Chain 66

https://mc.yandex.com/watch/46501593?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6xy7yz3pqvro10cvu5q72wt7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A190598690803%3Ahid%3A638291327%3Az%3A-600%3Ai%3A20240131064257%3Aet%3A1706719378%3Ac%3A1%3Arn%3A361946090%3Arqn%3A1%3Au%3A1706719378352900061%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C60%2C1645%2C1%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1706719373378%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706719379%3At%3A%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/46501593/1?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6xy7yz3pqvro10cvu5q72wt7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A190598690803%3Ahid%3A638291327%3Az%3A-600%3Ai%3A20240131064257%3Aet%3A1706719378%3Ac%3A1%3Arn%3A361946090%3Arqn%3A1%3Au%3A1706719378352900061%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C60%2C1645%2C1%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1706719373378%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706719379%3At%3A%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1

Request Chain 90

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbp4kWlD78buVd.bOGf.CgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2

Request Chain 91

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1

Request Chain 92

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1

Request Chain 100

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWY5NGQxMjItNWRkYy0yNTE1LWM0YWItM2M3Njk3MGRhNjhk

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEN8uylKXBACbm2OcRvK-rD8&google_cver=1

Request Chain 102

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGUxYmVhMzktNmVlNC00M2I1LTlkYWEtZGJlMjRmMGViMDRm

Request Chain 133

https://gcdn.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/BA8B34278B17A9E193B327D962B52B8EA47F1FB3.71F0A3B0D5C4D5241BD997E903B60B815EEBFBC2/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-q4flrnld.c.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/39D7C9E1DB0AB84ECD32C87AA56AD06AB96AE422.3A02C13AC042AE9D11E97FDF78AFA3A614C7C4A2/key/cms1/cms_redirect/yes/mh/9s/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4flrnld/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4

Request Chain 140

https://gcdn.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/957DA0BBDFDC48507C20F27312A3F524C71D9567.B400110330811E301C36F70BB32D159FF1302E9F/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4223DD85B81B4F72A17E87E0C1AE8E5DEDF7D5B5.3B5DA5E9BD6A011FE769C414AABE875AB3CA22A4/key/cms1/cms_redirect/yes/mh/xJ/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4fzene7/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4

196 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/ 62 KB
12 KB 1944ms
1645ms Document
text/html 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard / PHP/7.1.33

Resource Hash

bb09dc5040b062b175a5dea308c664866f136f55d43c296b8f06d738414ee56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: max-age=1, private, must-revalidate
content-encoding: gzip
content-length: 11769
content-type: text/html; charset=UTF-8
date: Wed, 31 Jan 2024 16:42:55 GMT
expires: Wed, 31 Jan 2024 16:42:55 GMT
server: ddos-guard
strict-transport-security: max-age=31536000;
vary: Accept-Encoding
x-powered-by: PHP/7.1.33

GET
H2 200 jquery.js Show response
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/ 334 KB
94 KB 827ms
816ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/jquery.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

b9db30db84c353b393ebed43c0803e40d62453ec010584b9449a28f0348cd01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 08:53:06 GMT
server: ddos-guard
age: 2
etag: W/"536b8-55b2d6f820080-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:56 GMT

GET
H2 200 main.js Show response
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/ 860 B
543 B 205ms
195ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/main.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

a94755ecd90a113ceb5ffbb9a9834639bbf215711895074c4181eb309929ca25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Wed, 25 Oct 2017 18:13:28 GMT
server: ddos-guard
age: 0
etag: W/"35c-55c630327a200-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:56 GMT

GET
H2 200 style.css
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/ 94 KB
15 KB 51ms
42ms Stylesheet
text/css 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

47a37cabd33f930dd28119e3ba60cca269770f1b2a774a52bad0a75d8076cd8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 15:14:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Wed, 30 Jun 2021 13:22:17 GMT
server: ddos-guard
age: 5285
etag: W/"17698-5c5fb9c888be4-gzip"
vary: Accept-Encoding
content-type: text/css
ddg-cache-status: HIT
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 15183
expires: Fri, 01 Mar 2024 15:14:50 GMT

GET
H2 200 font-awesome.min.css
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/ 30 KB
7 KB 39ms
30ms Stylesheet
text/css 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/font-awesome.min.css

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 15:14:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 15:14:28 GMT
server: ddos-guard
age: 5285
etag: W/"7918-55b32c3619d00-gzip"
vary: Accept-Encoding
content-type: text/css
ddg-cache-status: HIT
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 6640
expires: Fri, 01 Mar 2024 15:14:50 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 201ms
82ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618592205083780

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2fee28dabf26003309184f3568a304c27e078ed3d9c0f2a75092dbf91b862ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51421
x-xss-protection: 0
server: cafe
etag: 2140480819292829428
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Wed, 31 Jan 2024 16:42:56 GMT

GET
H2 200 audiobook-tal-1-ne-upustit-svoju-mechtu.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/2/ 23 KB
23 KB 572ms
490ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/2/audiobook-tal-1-ne-upustit-svoju-mechtu.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3c50c8aab2ad723983b74c7c17d2bc5fe4e35931532221f5303bd1361898532

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 15:03:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba6127-5b3c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1aOdyHm%2B%2Bowd7LQV9EJArZBs6v0xM%2FMqyTOhPn6SUctr5iCGEJSNonpJlN47T8r63auA8rngG79EBKB4EHUEWjnlP7DYVXxEX%2BAjBnwjNIpWn59Q0wH0FZKXtbsQihUhAXq00HjEeCY3071uvByXdNWt0E9loNOpnM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e3692108fa7486-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 audiobook-znak-zverja.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/1/ 32 KB
32 KB 525ms
444ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/1/audiobook-znak-zverja.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39c8b4f1bc8a16c97cadc510b92bf8a22ba696bf62d9bd106221985299fe7ccf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 14:03:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba533d-7fda"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJTZpA9SbgoOv1iO3JHLILMqy6dDk%2BllD99Z%2FOU%2F74l1172t1mdfNU2lanW9gVU5b52QIJSrRpvTx%2FEwdjcIe%2FFP48wst8cNh2slSJtS8bmLEK3rKreJgEOyLD%2F0QH5gmjOl%2F%2FofpWubI6UvirL2SjTMIC0tkR93Dzc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e3692108fe7486-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 audiobook-dom-s-mezoninom-5.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/0/ 9 KB
10 KB 229ms
228ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/6/0/audiobook-dom-s-mezoninom-5.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7de3c256573f84f9661292bbb0f6ee7060f4f5e4558305705fa31b2bc93c0c27

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:56 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 13:03:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba4507-25e9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcWKR3qn%2BGghJ%2Bq7ytX5i63ltYxq7iJKiIyKQ%2FiZIvqt%2FtJFgtF5fCu%2Fr8cYuobYV8SKApJWX9lcq9fdMChcsLffDJ97XsC0OY5B%2BqdPcwqJxvo%2B8D5onXycci99azfGhkezx1itsCi5xFrQ6mstZzItJvv7pL6qGgA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e3692498737486-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 audiobook-sozhzhenie-prospero-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/9/ 49 KB
49 KB 173ms
173ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/9/audiobook-sozhzhenie-prospero-1.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b6eb8ec16863d55b01ca4eedf4d7efb445df1ae935d00f6fb81ce1ac63e2a46

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:56 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 12:03:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba3700-c20b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxx%2BJ0lz%2Ba1hHZiryEVVML3YD1n0SSIvoBO0YrpiQKkUkLapU9zLpFqySfbo8QdG7mXRSwVJc8GHJ%2BaKtGjvs5eAbldgc5RLINqq2GV3sqdbRSgLD7VxovAksfHoZ6x4oSXWp5qlkrRKHKC1xjzKvRdzzUVS49LkhlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36924e9217486-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-ty-dolzhen-zhit.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/8/ 35 KB
36 KB 182ms
181ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/8/audiobook-ty-dolzhen-zhit.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a577f525ac39151dddeefdae10fd698cc0712bac37af3f66f1043dc4e1db34f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:56 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 11:03:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba2908-8d8c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwXatLQYfcSeZWr007fRUvL%2BrCn3Vn5qSsdgmyzW5pzNzvatSwC5q4i9nehuNtJ%2FDZX8U64g2o9Z1%2Fm7zuHXOMCCkPIM4%2Be2tGqVTtfLtpAEHjKo0ece8JVUTgQkak4egZZQxPcifB522Z3GO34fDsFsNSFZpHR18kc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e369260cd331dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-poslushajjte.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/7/ 10 KB
11 KB 230ms
222ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/7/audiobook-poslushajjte.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09ee9fc29c86cc3cc144e255635d758db5c98b926d3c67b166aa863bfe56eda1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:56 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 11:02:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba28df-298a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3%2FUnC7ExBMsHT4ZyoEtE7%2FK7Eolf%2FInBqzLZTgiN80%2Fs%2B59%2FZsDA8QVK9mEWYoS2oEFvMpO5nbWEJGY18vPY1pMPWdUjga8tLt6OOSIB1WKDspGsgEGUVgTNVNjGwHJZQvhQRPoxvgutBxErm%2ByMBGdwtAdoQB%2FKoY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e81a31dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-istorija-doktora-dulitla-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/6/ 38 KB
39 KB 502ms
494ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/6/audiobook-istorija-doktora-dulitla-1.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40430011aa9c10a0a5473d14865b13920c5f0203d7a269cc777e8e2c7eb8564e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 09:02:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65ba0cc2-9858"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jynyZxHSTG%2Bs8aBtf8hCysAsi6BW3SG2E8nTzZqmoNF0r2Akj539sSpqswooelNolKMjt%2BP1i9CmpAUfdOIsscZa%2FYnSBUOR%2BV6cDZQ6f98ltoX1IietDofJvWnpIfj3RPI3Grp3T%2BhdSUp3Te8QFkpRoit7dbw09sw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e81e31dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-krysolov-7.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/5/ 49 KB
50 KB 437ms
429ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/5/audiobook-krysolov-7.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0dc4e71edf70aeb79a7b96ad71c63e3377a8450084584bebde370fc6425beabe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 08:03:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b9febb-c5c7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0p4dhPsakipi7lIyVlVC4ZGXrwfRPM%2BKLeJTbHss8ENthaCM9O2DH1mo46NhhJG4zYA%2BD%2BcJeMAClJCCEQ8y%2FORQ%2BJdvMSi%2B5GcxeZiu6pL1I1QRAMBNXEwkgTLQ8atHsFjEnR0%2FmsJH4z1Gcqde2XHIp9oFUwg1GI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e82131dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-zolotojj-vek-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/4/ 12 KB
12 KB 440ms
432ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/4/audiobook-zolotojj-vek-1.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 744d7b814aedfc0d45ac8606e0c978b48de56c9e1149a9e9da06e7902096f18d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 31 Jan 2024 07:02:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b9f09c-2e92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3U6%2FLfFSC0qxGO%2BOmG0IiESw0ik5vwB0XgOIvOMtnQ0neOjC3gV6tH260n%2FmQs7BE10YklveiGTzHHGOLHRLQy909WzCfcjc9LW9HD8C%2ByJj2l0dnflZDGT%2BPKe2MaJNokHGO95wF556Wiybq8Hb4pdapVKiDmAc0Q8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e82531dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-u-vsekh-mjortvykh-odinakovaja-kozha.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/3/ 21 KB
21 KB 431ms
428ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/3/audiobook-u-vsekh-mjortvykh-odinakovaja-kozha.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3133a9a9c4724701dbc3677598209583f992651bc8f62010df0a5a71da573088

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 30 Jan 2024 20:03:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b955fc-5321"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNiY7DCMjqSM6WZR6gNvrsBryLqFmi6hfpD3Ba%2BdtrSOzsYr1%2BTAXlivLuE7Dfow8ZVwQ9bzsK0JrUixAgLyYS855SPY%2BM2XonkiI7EXeOhN6ScdZTHEUmk8xPQ0zn6TTt7CYChkf05GuQ5H07ytQ6J8E%2F0pGDsL5mY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e82b31dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-da-svjatitsja-imja-tvojo-1.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/2/ 12 KB
12 KB 590ms
587ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/2/audiobook-da-svjatitsja-imja-tvojo-1.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86093643e6702819f7c126fa0defb39fb1c4cc4070a1494a96a9210fbcdd68d2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 30 Jan 2024 19:05:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b94881-2e90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xA0NTVIwxw5U7PAS%2FDySWg9Mnau%2BjIb%2F7vXeC32gnMRQ0CfAnNSbWzM4fdF2M8scnV40lFveNJ5F8kei3iPfs6cI5yxBTC8BaZdb9676cTTobh%2F4tdnzuHry4H47otItzU8ZdgLbarR5i05evXf5urwg6xnH3wMo8Qo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e82c31dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 audiobook-ispoved-10.jpg
xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/1/ 11 KB
12 KB 457ms
455ms Image
image/jpeg 2606:4700:3038::6815:e9df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xp4stm90bvzr.frontroute.org/s02/images/audiobooks/6/7/4/5/1/audiobook-ispoved-10.jpg
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3038::6815:e9df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09a0085dc56e1597c7b5ec47d7e9ab250ed5e5e3d98f4a5a8100310775b5ac7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 30 Jan 2024 19:05:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b9487c-2d6d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVBdneVv7zvRJrGdDqsO2TosqnjVEU8yqg6TtOdfc02aJUZCf7475YQYHONr66EkoezMV5op2RUvUm3%2BRLCYsTNJmbnr2bG8JKkr6CpXdpeXNYu%2FsUhhfnBNvy7bY1eqOdt%2FVAG6ECKImc3cTrua9EFugzbHii5gIzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cf-ray: 84e36927e82e31dd-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 webfont.js Show response
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/ 13 KB
5 KB 684ms
683ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/webfont.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 08:53:02 GMT
server: ddos-guard
age: 1
etag: W/"3384-55b2d6f44f780-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H2 200 audioplayer.js Show response
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/ 386 KB
58 KB 848ms
835ms Script
application/javascript 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/js/audioplayer.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

f919c02713441d1502a5297ec6201783ecf8070a47d5df866a78ca2fb83bc865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 14:24:22 GMT
server: ddos-guard
age: 1
etag: W/"607be-55b321035b180-gzip"
vary: Accept-Encoding
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=2592000, private
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H2 200 bookmp3-logo.png
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/ 27 KB
27 KB 44ms
41ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/bookmp3-logo.png?v1

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

12d8aae0cf51d039bfbef1c8f7ec828851423f05c8f9e5d290b2c2e15cd9a8a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 15:14:51 GMT
strict-transport-security: max-age=31536000;
last-modified: Sat, 21 Oct 2017 10:38:23 GMT
server: ddos-guard
age: 5286
etag: "6d15-55c0c3048e5c0"
content-type: image/png
ddg-cache-status: HIT
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 27925
expires: Fri, 01 Mar 2024 15:14:51 GMT

GET
H2 200 icon-menu-dd.png
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/ 190 B
290 B 639ms
636ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/icon-menu-dd.png?v1

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

db0d17ee9c24794dc313d2588c0c19bccccb2f7439a0dcb6be8cc985df84baf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 12 Oct 2017 17:43:11 GMT
server: ddos-guard
age: 1
etag: "be-55b5d12ea89c0"
content-type: image/png
ddg-cache-status: MISS
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 190
expires: Fri, 01 Mar 2024 16:42:57 GMT

GET
H2 200 icon-search.png
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/ 380 B
461 B 45ms
45ms Image
image/png 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/images/icon-search.png?v1

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

3be3f024c46ff93eb55bb00f599911ef69c7957b19c8c3df9aca743259f35ae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/style.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 15:14:51 GMT
strict-transport-security: max-age=31536000;
last-modified: Thu, 12 Oct 2017 17:41:41 GMT
server: ddos-guard
age: 5285
etag: "17c-55b5d0d8d3f40"
content-type: image/png
ddg-cache-status: HIT
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 380
expires: Fri, 01 Mar 2024 15:14:51 GMT

GET
H2 200 fontawesome-webfont.woff2
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/fonts/ 75 KB
76 KB 680ms
680ms Font
application/octet-stream 45.147.197.153
Netherlands

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.147.197.153 , Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL),

Reverse DNS

vm1670795.nvme.had.yt

Software

ddos-guard /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/css/font-awesome.min.css
Origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
strict-transport-security: max-age=31536000;
last-modified: Tue, 10 Oct 2017 15:17:21 GMT
server: ddos-guard
age: 1
etag: "12d68-55b32cdb16240"
ddg-cache-status: MISS
cache-control: max-age=1
accept-ranges: bytes
content-length: 77160
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815
https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815

753 B
1 KB

208ms
208ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

a61735542ef93f832ab8321f9670a83ff11f58b5e122b2fb014199e32de05312

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Jan 2024 16:42:57 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 753
Expires: Mon, 30 Jan 2023 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 31 Jan 2024 16:42:57 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;t11.6;r;s1600*1200*24;uhttps%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/;0.26702197138890815
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Mon, 30 Jan 2023 21:00:00 GMT

GET
H2 200 hit
c.hit.ua/ 471 B
738 B 694ms
164ms Image
image/png 89.184.81.35
MIROHOST Web hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.hit.ua/hit?i=84925&g=0&x=1&s=1&c=1&t=600&w=1600&h=1200&d=24&0.21670126187068628&r=&u=https%3A//www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 89.184.81.35 Kyiv, Ukraine, ASN28907 (MIROHOST Web hosting, datacenter and domain names registration in Ukraine, US),
Reverse DNS: c.hit.ua
Software: nginx/1.17.9 /
Resource Hash: 3692e6a002123adb2404321010b2f21239c44e22d145e5d31e2663e7ce2d4775

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="UNI"
pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
server: nginx/1.17.9
expires: 0

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 157 KB
56 KB 895ms
365ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

03a76474d3688f27218b2162729d23eb82b7bf7d1e52abfedc7247030a2a170b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Wed, 31 Jan 2024 11:10:18 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65ba2a9a-ddf6"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 56822
expires: Wed, 31 Jan 2024 17:42:57 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 406 KB
138 KB 207ms
102ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618592205083780

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16d9f70ccbbee41b2c8594646dc8587c07ce693655e7c0a97cb24c7577534623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140842
x-xss-protection: 0
server: cafe
etag: 8350809687120913438
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:57 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240124/r20190131/ Frame 0E85 9 KB
5 KB 183ms
53ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240124/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618592205083780

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 18531
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 11:34:06 GMT
etag: 3890843268177463596
expires: Wed, 14 Feb 2024 11:34:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 78A3 413 KB
97 KB 462ms
437ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&adk=1812271804&adf=3025194257&lmt=1706719377&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376906&bpp=6&bdt=1481&idt=343&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6082367802774&frm=20&pv=2&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=383

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddc19916cc2f25ba1826040610726bc13581a898c28bd3f9b0aad19b70241f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 99306
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:57 GMT
expires: Wed, 31 Jan 2024 16:42:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 113ms
112ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=b-topbar&ign=false&pw=1600&ph=1200&x=800&y=0

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9146 24 KB
11 KB 318ms
311ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=600&slotname=7639484812&adk=992306218&adf=1633998875&pi=t.ma~as.7639484812&w=300&fwrn=4&fwrnh=100&lmt=1706719377&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376912&bpp=4&bdt=1488&idt=385&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=393

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d5032c8e28febe586af0986664dbd2425b604bb431b0d2c54c4c95f503559a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10841
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:57 GMT
expires: Wed, 31 Jan 2024 16:42:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 15C5 843 B
621 B 178ms
178ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=1032&slotname=7256341433&adk=2496561252&adf=1568110953&pi=t.ma~as.7256341433&w=300&cr_col=1&cr_row=13&fwrn=2&lmt=1706719377&rafmt=9&format=300x1032&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&crui=image_sidebyside&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376916&bpp=3&bdt=1491&idt=416&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C300x600&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=707&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=422

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9365d263a6cb13e45b4241bba77c68d8b3629cacce4d3895abdfea1467e8bfb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 401
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:57 GMT
expires: Wed, 31 Jan 2024 16:42:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9146 42 B
63 B 115ms
114ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Aw53gQSmfidQw8nzOH0hauSqtjZDDj8Ouwnzwu_zB0gWtRplpoI-atHDskRfatD_rt6EmvxRCiCQwOL6J8RPh5VN4J8CPYrz_gcdbR54OGNKGJgBY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=600&slotname=7639484812&adk=992306218&adf=1633998875&pi=t.ma~as.7639484812&w=300&fwrn=4&fwrnh=100&lmt=1706719377&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376912&bpp=4&bdt=1488&idt=385&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=393

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9146 89 KB
31 KB 75ms
75ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:57 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame 9146 3 KB
1 KB 173ms
58ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 09:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25406
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 09:39:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame 9146 20 KB
9 KB 168ms
52ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:13:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1783
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 16:13:14 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9146 205 KB
65 KB 182ms
67ms Script
text/javascript 2607:f8b0:4004:c1f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78788a484b77f37f7426b9bd6f15cd74c9ef95a46537de4c6a6f87ecea090d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706532320618808"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:57 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A9EC 624 B
507 B 75ms
73ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjzgpj9ATAB&v=APEucNUVzCPOUdZO2uKvwc3ZfphoF8eUKY5Rr4PZqvWQ-kW0gOV4cRZLk7qFVMNgdFCkAOIP1BIjjSYy5kkaSuGIqq_-pmVrqA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=600&slotname=7639484812&adk=992306218&adf=1633998875&pi=t.ma~as.7639484812&w=300&fwrn=4&fwrnh=100&lmt=1706719377&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376912&bpp=4&bdt=1488&idt=385&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=393
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:57 GMT
expires: Wed, 31 Jan 2024 16:42:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A9EC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1

43 B
338 B

87ms
87ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjzgpj9ATAB&v=APEucNUVzCPOUdZO2uKvwc3ZfphoF8eUKY5Rr4PZqvWQ-kW0gOV4cRZLk7qFVMNgdFCkAOIP1BIjjSYy5kkaSuGIqq_-pmVrqA
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0R48WdLWczkCYwdNBu%2Fs8S2me1MuzNOfAWN2IOfS2wVVaMD4yLpQhAJGOUy%2BJ9N%2Bx80Z3lSdotZdFwzhMBLmWRNHZk1CSw2of82V%2BinJsStnT5i3ijmWnP7W1DmPF87BETpidoU4b6P9w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84e369303b10961a-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A9EC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbp4kWlD78buVd.bOGf.CgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2

43 B
771 B

77ms
77ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjzgpj9ATAB&v=APEucNUVzCPOUdZO2uKvwc3ZfphoF8eUKY5Rr4PZqvWQ-kW0gOV4cRZLk7qFVMNgdFCkAOIP1BIjjSYy5kkaSuGIqq_-pmVrqA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPbP9TPUsUN7gOhHVPqxaxfg3ssyOmhe6EKexKioxoR10wCVQNe7%2F42zaoFih9hUpnlO4izlasf%2FcBpRpRK0H%2BHE3YUG8AUj1yGEDYyxcl%2BvNCjQ1Unu4y8wNhzXDxi%2FcyvUIKFtwsx4zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84e369312aa32227-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame A9EC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPDF9zq2NTje5Totd0iBVLE%26google_cver%3D1

43 B
1 KB

73ms
73ms

Image
image/gif

68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPDF9zq2NTje5Totd0iBVLE%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjzgpj9ATAB&v=APEucNUVzCPOUdZO2uKvwc3ZfphoF8eUKY5Rr4PZqvWQ-kW0gOV4cRZLk7qFVMNgdFCkAOIP1BIjjSYy5kkaSuGIqq_-pmVrqA

Protocol

Server

68.67.160.184 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
an-x-request-uuid: c0d3358a-a47e-47fe-a206-71eb5edc74ae
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.70; 38.132.118.70; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
an-x-request-uuid: 64eb56e5-a793-44d4-af23-eb354857087c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEPDF9zq2NTje5Totd0iBVLE%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.70; 38.132.118.70; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A9EC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

170 B
243 B

64ms
63ms

Image
image/png

142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

Requested by

Protocol

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
an-x-request-uuid: 8387e1c9-b3c1-4adb-97a9-3e1693cb264c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D
x-proxy-origin: 38.132.118.70; 38.132.118.70; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9146 0
20 B 116ms
116ms Ping
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7047580445748&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9146 0
20 B 117ms
116ms Ping
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7047580445748&version=m202309260101&ct=119&x=1&cor=3253382708057700000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9146 93 KB
39 KB 99ms
97ms Script
text/javascript 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKmX1U-M6MUBPQPINazMPuHnR3uzT3lhTgvV-UxBBEtI62CN0gjrm5BNgmMNtH80oxEannc3IdqhZ88-vsAjZpXX-kkGrm7kDZc-RsLwrm2B8xfGFIPDJM6-5eR-XB4UYQFIVvx22SztzwrPw9gNHJCS1fpZ46LFVh2h9UuWHbP1-CZLkibEt_qTOF7k9jJQ2Oimqo&cry=1&dbm_d=AKAmf-BZfpb3-vYTVJepd69kBbD-XlAMb_XkoS6JumM_6Zt8tpUrHSga6gGcdDJsFn1DDHOIVyGjtRrlnrgZ64UinUDnJ8JE-gljdAI7ywNRyXaTOn4ReZN6WrDUhBieCyhcPVnucDHn_ExN9VR1yXYyrwZW0WtUztTsi_duKgbZX14Qyb8U-asXwhLdlkMXoN45Mqi1vpqn_Z4VBL61KpS8w14Nn91fNYlrnuNIQp9m9CFcvHdlLhKJQa9FRirAX3bz1VcDlJUZDjk5R2js4TbI55xfI53P8JfitF-Iy4K14a8tA2kIQmPrnEwMsCvnXhTIn6d6iV533ZzGEPvzdpXrfGGK9eOlW7hFegkstz5fy3_jS_hJBsk_BdlVw9wQhjQ8EBUB85XZI9ST2sg1rHsxj741sdmoWbFO1aCY7-vaywZWrXkhIvsINgg48syAxcekly-Xa5_QpTAo8WEQ7gL18GjKBG8O3ABm27o7xuu3ex9IJMaC1wD3PMyaKf9w78Pcjk_8RaFA_algdz3GGooPN0hAFi9yYLqVQjEOKCuNPb_InjO6SwIKDDU_hOy8PPNrB9dYcDXYbc-EOfIHUtHdf_BWaTaOmDK4luDqsj2HIBhIhoSIqvjhaABbDWmbgRRgQGuIYBWHIEpq0UIppqeW-HGXjSSJxUOqq6mfMlEKP54TpSBeA1B3dJdNw2kHVzR_xYBpuCKNtODx9y02iMooRP6k-Sv7tKgFVrcUp2jTTNgj4_2hd1MyMFnvdFdCA_7padQ5btgzw1mrEkHPIvHVZiZbjA0caIUtKP_zAg321Rlbtm5-89shKJDq86dNuHHc6N9pmk9ehTUnmWjr1hKxYlKjb9yEyUfiiIPHQx4N-2lKng6fzl_EYJUnXTWfkbOYN8xpy789dm5bXPKQRwI9aiKYLlq8WLTHiqXrFK3s2F9q9lMRnSd-T6Q0WetnOWVcdEoc5zhmDcPbIWt7j75nUkmvLhGV6WKLO-hJ-oZXLcEWzXO94rwbufvJHDrjV6sjFuU7xDWnmdll_kruhfUPEkmTf3LqKf0_NlGMMTEea8BcU3ykQ6zWunxNKL9_SdAK4irki1CSNkQ3HI-Z81qU4yqqL_uxuegBDyprV5fwQp7NqGfRJM9c-Nt3u37j4huuNdcG4XvrKbLi0MljB2QRPy9cbb8Z0BFoISA2_VKkkmYDJS_o6pDRs1wME7OrXSVTjhRuAIhB69svVOKjZHuUoW7HhPAj5Cxv6jHghdz0NoleQE0JvKfS3vwQ3EobPVuYTAQiu-UqCGj2XXlU-3wjRDZnye4hUbo0HqbAelXlCTt9vTs5BATcQ5gUS5ZvOXpSYtUuIxyxriEThQgvikavmXFtU7YrSwRfh3jvj1sEFYNQEHFrLxeLbh2YVzRh7ACa2TMS0W0ACVCFFMqcYkqoqFYn774ZkACiYBoTemerEjtUb4iLgFCB3BprY4FJkq7P6SHz6mMjVr_C7sStPN-LjZdEUaijvXOxcePhaDCHoqZ9gxpW1Kg7dTZsx6sbKbZfuw_XBv70PfF6GHpNP7te8Kv-XrUrVib5m-A6b61V8RRadQ0TcEH2vDKyPweB2SV4c23muoZuMSfvgIP9VdCSsHDaF9N4tUCFMMMD-I_aGA3jaouP7n9w51pcQ_4iOsL1aQS4b0zlhH7TBE__JAZ2PiOcSNm0JfcdEOi-tdncGDTeWlrGym0hHtY4R-3i8a-IktYZdH4jU-mJ4nowROrlVd-iFlYRsIilZ9cEz8RQe6Wj7U-2jWRb8DbIz62TNFrmrOYcmCQU2is6D8kh0Rl_vQPWEAJpG06bxeEcY9Ej8CeCnztFp7Lok3hfd2nahblA9ODHoUZYPSeogsxKRc1imrgsvDL1um4pnjwSO985DrXJrNPoiOGwE1VLBMJAw3XXR6rj10L1KwFNYs0pKoaRIc9VVEJZ1M_LNFz52CdAQzWbyZm6OeuK2Z5THM9Pw01ErAc7n8QZr3uaMRZtxSJ890O4EbVCmqtrv-r1eWX034Zgy8PRUgiXsx1jek7CJOAKQxadp35Yk3uGzC-B01mcvkcJrwBizB_Ms-wpSmIfB9iqHJseeksj3Kg1EWVQBHLdNweoTjo5S26EbSioNe2ELg0ktmQw3XhqRawnEQ3AySRE5MN4_NqbGM65h1DQPc0l2Rnc-byGp9jRYUxxmdyMeda7vrimVZcSpvZcEA3yTmADQ4xre5oKws4oQ-GxKCboMiFDfz8FC5hy4McxrRcEnTzxVcm9mOSTR3EbuIbznBTq0zyLd0eUotmVK35DXazKS4KWZNdX3OmjEvNJDRTKnhUJSDILI0armZuN3RdLcZXtAr812cw2TU_4JJupRPFKLvSfj1mc8_S6Qxf0o-YkJxrEA4RF1xVyKPaVcQiyBnT1fADkc3SKYMaDNaQ1o3-QNSX7hSW30AIHzxrDRafMjOplTC2wigeQ-NZ9adfHXqf9BkX3Av8r56BjEVgacHTPJB5mjwkimJDuDUoPb0caFTevz3puIL7LqajAMAXKefU1b1otLKI6ezHX2067LybQqotSA71uzxfQWYCj0tMShws12dWa5wEql3n7IktABU-ZkCrQ4_Usl9ly8ldaRDVyAalQwLzXYjoejCAJK0nGNyl1FBbKDSJFyBVj4hgGBx_q7aFZvVFnEV2-WS2huz0VDVCMcKHa58x3maUHXRaBjLOQCMvcKsNLn07XSXxehlrOL-VYoPUj5YmTSMs4GMspLcvwwMS8yXIeR-7Yy5WHV5f8JxDYSDVqM7UKQEK7jEMrzMz0ie5VQDAXNbEq4cs3I7n2zC_ph42jCkTxcw1hLBfBeJlRDKQvJEN0QZlzlG6Vqa94coX5t94V7l76B2OHJ60fUoej8YS5ZwT3urXlCO1qkkxaHLv6dbokOy-bA2QccxANmsRzeEqlRUWjqXxVnh3cXGGSrPmnOmRn7xzjjMvmZwygCmJ0Nd8u9P7dN2-7oKATQWaz8j33-TuiQLdl3-3FObpcNfrrezcF1OBOMa57mcb5fnt0mx8Il9ZkoW3-3-yROd2Gk8RbVXFEvQJZSgp8O2AnTFEQzYrxbBzuqJtP8O_Qo1vABoo84fZOw6LvyJBDj1gF4RgvFHtht2OcGy3aWGju8SXZ8qRi1_KU3TnjC6FHBBwl17XwUlEhQ-uNZMC6MgmNmX5PuN2-05RuUTTi0b8tbxCdEBt4gkJAQLclpQ9sXL_HT927oMj0lPtqADVzBniikt4QexY-Kr4GwCOAuJQ3XgJ65dw_X6V5gPuH2qaqaH3vSOn_udGtkbUhIrPil27A37l_vdd2MQ4DpkRNOTQwxLQQB5kVah91H6k1gFBq2boFMOY5TCCU8epBVTJZ_iZqjC8rCelGkTNB5tg2--6RYv-VniX1HYkxUihzMGY3qEIQ1mXK2DI-8UXOfqaU13R7Kw2zX09yAGfj0wB9prlygQYPwzYfLUivbDgUvUF4hUS_cxxIjYjweUXMgPw2ZCRpUxFzU4CfKUXDFl4RvUvQionGtWKKOhJ9-2iBd6B1_p2gWQy1febwXi73TPAwryW5EyvefRRMUExqDXFnD6mAomQYs2THKIF8wFNxfo3oZ_VmPMvDJylDqW-P_MfWgFaPNANpF7_t_iwJnXqxRThA5YFesgb7AlEKx6DNBTd0cFem1x9u0fMq0PjwMkyOWu2at_0VpnKx-US0qKZxqcF2ro1bOYKXeavz1j3DOKJVGNufhk5iZI69anxVpELhI_WuQicQOWJm_m-qkFsFun6hqy33DfMSGBgeRF-I3PeidsK0KIo981NSzV1PXtt6EXuPFYbFznQ3vLfkYqIQ_aC5u-lFSyPlUoIpZCiypnvT3vxxv4yXYVX59cZoynen9JUTYTBPMdq0NFWjADkCQ_NuOhajP_nIvFnOglwfnl7GwHkc_TfYDMh1fmDZu8tZgqGCy5JdSt0lCXXhc-w3RuhNIRfVjGcFhNuSzefk5eRmhAr0U9vLzo5FHz8UPCj_y6j8BnY5AYRTWNiEPH6y2Ms5D3kZ5VPAfLtkUqFeyVBzBslh2HpxOm59XLPfyoVRNKAPXvoSDSB2lQLib412PShZQ3dpfzIrICiMfXv1dMdpI2Dnj9Yw7sZ2CKn4760D2QtW9Ah83ct5EJqbJ3b24_xIIiF6TexMt3XhcqzREZyB6aMXIzZn88-WXFwYffgO8rKa3zkI3ZhC1UANFgkLhrMMalSsd6w_RfT78FcGgJ2FNLBXXBnbeEBTLPPfH3K5m3oQFfRAB14kFSoXZBphlJ2AhvI634jEgRTwP8Ptl1VhkXR4wSNLFRiDSWgOuqs97Pooi5MB4_aUkpkAk_YAFbAfsxecJCuZ88facNjZldWW9HPd7C4t357gm9XLP6fSByt--uqormUZStBUFv-pPysP&cid=CAQSTwAvHhf_Xs2CTV0YYHq6lr3Kwl7H5EqW1poIoMicEvtNNKIU2JDfkqMzIGWFf-z34nf_Z0_xis2mWhytLNs23M9mPfSvqpUpChWWZOmQLFkYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&ds=l&xdt=1&iif=1&cor=3253382708057700000&adk=2923430906&idt=80&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bad8a82f42143fceeb15160a9b4809aa36745e08d09296e8530576bbfe5fc10e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1618592205083780&output=html&h=600&slotname=7639484812&adk=992306218&adf=1633998875&pi=t.ma~as.7639484812&w=300&fwrn=4&fwrnh=100&lmt=1706719377&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706719376912&bpp=4&bdt=1488&idt=385&shv=r20240124&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082367802774&frm=20&pv=1&ga_vid=556708885.1706719377&ga_sid=1706719377&ga_hid=1063104129&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320377%2C95323006&oid=2&pvsid=28178944929096&tmod=1671768019&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=393
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39771
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10265.FjlrwAIsrCZqqSAuphkO6M2P2TZHpJsetTLpgHbOyIGh01c2TwldYwx5K7VLpAJ9.J5V6_2iia5IGMrrmbxjTLt99oiw%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10265.-G0QS4xSs0X6aR2mlU55y_IXXyUbal6kwp_kScGje64g81EmrgBdevWGDX3zN4sYINR58c2mlJ8_lq2lJhN9VOslDH_1viifgRC9wCa9APbeBjbACuTgF1xR4-lldVGyjVSY0o4OaU...

43 B
480 B

185ms
184ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10265.-G0QS4xSs0X6aR2mlU55y_IXXyUbal6kwp_kScGje64g81EmrgBdevWGDX3zN4sYINR58c2mlJ8_lq2lJhN9VOslDH_1viifgRC9wCa9APbeBjbACuTgF1xR4-lldVGyjVSY0o4OaUGSGqnTOpm4b_4VzFgtut1kRVm88CF62F8_mIdaPsiW12AaHFP0LLsf7VS8Y_zVL5Ed8zy19Ztqx2zF8d2xvo0iXBWGo-tnJDE%2C.p-IDALlSFGPJjzwUAZw8UJ9QzVM%2C

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10265.-G0QS4xSs0X6aR2mlU55y_IXXyUbal6kwp_kScGje64g81EmrgBdevWGDX3zN4sYINR58c2mlJ8_lq2lJhN9VOslDH_1viifgRC9wCa9APbeBjbACuTgF1xR4-lldVGyjVSY0o4OaUGSGqnTOpm4b_4VzFgtut1kRVm88CF62F8_mIdaPsiW12AaHFP0LLsf7VS8Y_zVL5Ed8zy19Ztqx2zF8d2xvo0iXBWGo-tnJDE%2C.p-IDALlSFGPJjzwUAZw8UJ9QzVM%2C
date: Wed, 31 Jan 2024 16:42:58 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 165 KB
56 KB 82ms
82ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

701b097601ebdc781e3ca79cd15b6fc8a6012d91e28e4031e2a89457d91a00a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56990
x-xss-protection: 0
server: cafe
etag: 9935348477317544909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:57 GMT

GET
H2 200 ca-pub-1618592205083780 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 382ms
84ms Script
application/javascript 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-1618592205083780?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cb41205d5e75b52d0ef138410bc83de75905acf5dcd64cbc0aecb1703c3378ac

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OFWYJB3cK4OqEwR5-auh7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-OFWYJB3cK4OqEwR5-auh7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjOsKoxSXF4KghxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHEC8bsvL5kEvr5kkgBiLSB-J_mK6RsQ7_DxYHkTPp2VL2I66-mC6ayXgZitAsgH4ri66awFQMy3bjqr4frprFvOTGfdA8Qxz6ezpgDxYtYZrKuBeErgDNY5QNwSPYN1GhA7pc9gDQHiz5kzWH8Dcdntc6x1QCzEzTHp48u1bAI_Tv0uBAAWXVkN"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9146 172 KB
61 KB 330ms
53ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 22:42:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/ Frame 9146 12 KB
4 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKmX1U-M6MUBPQPINazMPuHnR3uzT3lhTgvV-UxBBEtI62CN0gjrm5BNgmMNtH80oxEannc3IdqhZ88-vsAjZpXX-kkGrm7kDZc-RsLwrm2B8xfGFIPDJM6-5eR-XB4UYQFIVvx22SztzwrPw9gNHJCS1fpZ46LFVh2h9UuWHbP1-CZLkibEt_qTOF7k9jJQ2Oimqo&cry=1&dbm_d=AKAmf-BZfpb3-vYTVJepd69kBbD-XlAMb_XkoS6JumM_6Zt8tpUrHSga6gGcdDJsFn1DDHOIVyGjtRrlnrgZ64UinUDnJ8JE-gljdAI7ywNRyXaTOn4ReZN6WrDUhBieCyhcPVnucDHn_ExN9VR1yXYyrwZW0WtUztTsi_duKgbZX14Qyb8U-asXwhLdlkMXoN45Mqi1vpqn_Z4VBL61KpS8w14Nn91fNYlrnuNIQp9m9CFcvHdlLhKJQa9FRirAX3bz1VcDlJUZDjk5R2js4TbI55xfI53P8JfitF-Iy4K14a8tA2kIQmPrnEwMsCvnXhTIn6d6iV533ZzGEPvzdpXrfGGK9eOlW7hFegkstz5fy3_jS_hJBsk_BdlVw9wQhjQ8EBUB85XZI9ST2sg1rHsxj741sdmoWbFO1aCY7-vaywZWrXkhIvsINgg48syAxcekly-Xa5_QpTAo8WEQ7gL18GjKBG8O3ABm27o7xuu3ex9IJMaC1wD3PMyaKf9w78Pcjk_8RaFA_algdz3GGooPN0hAFi9yYLqVQjEOKCuNPb_InjO6SwIKDDU_hOy8PPNrB9dYcDXYbc-EOfIHUtHdf_BWaTaOmDK4luDqsj2HIBhIhoSIqvjhaABbDWmbgRRgQGuIYBWHIEpq0UIppqeW-HGXjSSJxUOqq6mfMlEKP54TpSBeA1B3dJdNw2kHVzR_xYBpuCKNtODx9y02iMooRP6k-Sv7tKgFVrcUp2jTTNgj4_2hd1MyMFnvdFdCA_7padQ5btgzw1mrEkHPIvHVZiZbjA0caIUtKP_zAg321Rlbtm5-89shKJDq86dNuHHc6N9pmk9ehTUnmWjr1hKxYlKjb9yEyUfiiIPHQx4N-2lKng6fzl_EYJUnXTWfkbOYN8xpy789dm5bXPKQRwI9aiKYLlq8WLTHiqXrFK3s2F9q9lMRnSd-T6Q0WetnOWVcdEoc5zhmDcPbIWt7j75nUkmvLhGV6WKLO-hJ-oZXLcEWzXO94rwbufvJHDrjV6sjFuU7xDWnmdll_kruhfUPEkmTf3LqKf0_NlGMMTEea8BcU3ykQ6zWunxNKL9_SdAK4irki1CSNkQ3HI-Z81qU4yqqL_uxuegBDyprV5fwQp7NqGfRJM9c-Nt3u37j4huuNdcG4XvrKbLi0MljB2QRPy9cbb8Z0BFoISA2_VKkkmYDJS_o6pDRs1wME7OrXSVTjhRuAIhB69svVOKjZHuUoW7HhPAj5Cxv6jHghdz0NoleQE0JvKfS3vwQ3EobPVuYTAQiu-UqCGj2XXlU-3wjRDZnye4hUbo0HqbAelXlCTt9vTs5BATcQ5gUS5ZvOXpSYtUuIxyxriEThQgvikavmXFtU7YrSwRfh3jvj1sEFYNQEHFrLxeLbh2YVzRh7ACa2TMS0W0ACVCFFMqcYkqoqFYn774ZkACiYBoTemerEjtUb4iLgFCB3BprY4FJkq7P6SHz6mMjVr_C7sStPN-LjZdEUaijvXOxcePhaDCHoqZ9gxpW1Kg7dTZsx6sbKbZfuw_XBv70PfF6GHpNP7te8Kv-XrUrVib5m-A6b61V8RRadQ0TcEH2vDKyPweB2SV4c23muoZuMSfvgIP9VdCSsHDaF9N4tUCFMMMD-I_aGA3jaouP7n9w51pcQ_4iOsL1aQS4b0zlhH7TBE__JAZ2PiOcSNm0JfcdEOi-tdncGDTeWlrGym0hHtY4R-3i8a-IktYZdH4jU-mJ4nowROrlVd-iFlYRsIilZ9cEz8RQe6Wj7U-2jWRb8DbIz62TNFrmrOYcmCQU2is6D8kh0Rl_vQPWEAJpG06bxeEcY9Ej8CeCnztFp7Lok3hfd2nahblA9ODHoUZYPSeogsxKRc1imrgsvDL1um4pnjwSO985DrXJrNPoiOGwE1VLBMJAw3XXR6rj10L1KwFNYs0pKoaRIc9VVEJZ1M_LNFz52CdAQzWbyZm6OeuK2Z5THM9Pw01ErAc7n8QZr3uaMRZtxSJ890O4EbVCmqtrv-r1eWX034Zgy8PRUgiXsx1jek7CJOAKQxadp35Yk3uGzC-B01mcvkcJrwBizB_Ms-wpSmIfB9iqHJseeksj3Kg1EWVQBHLdNweoTjo5S26EbSioNe2ELg0ktmQw3XhqRawnEQ3AySRE5MN4_NqbGM65h1DQPc0l2Rnc-byGp9jRYUxxmdyMeda7vrimVZcSpvZcEA3yTmADQ4xre5oKws4oQ-GxKCboMiFDfz8FC5hy4McxrRcEnTzxVcm9mOSTR3EbuIbznBTq0zyLd0eUotmVK35DXazKS4KWZNdX3OmjEvNJDRTKnhUJSDILI0armZuN3RdLcZXtAr812cw2TU_4JJupRPFKLvSfj1mc8_S6Qxf0o-YkJxrEA4RF1xVyKPaVcQiyBnT1fADkc3SKYMaDNaQ1o3-QNSX7hSW30AIHzxrDRafMjOplTC2wigeQ-NZ9adfHXqf9BkX3Av8r56BjEVgacHTPJB5mjwkimJDuDUoPb0caFTevz3puIL7LqajAMAXKefU1b1otLKI6ezHX2067LybQqotSA71uzxfQWYCj0tMShws12dWa5wEql3n7IktABU-ZkCrQ4_Usl9ly8ldaRDVyAalQwLzXYjoejCAJK0nGNyl1FBbKDSJFyBVj4hgGBx_q7aFZvVFnEV2-WS2huz0VDVCMcKHa58x3maUHXRaBjLOQCMvcKsNLn07XSXxehlrOL-VYoPUj5YmTSMs4GMspLcvwwMS8yXIeR-7Yy5WHV5f8JxDYSDVqM7UKQEK7jEMrzMz0ie5VQDAXNbEq4cs3I7n2zC_ph42jCkTxcw1hLBfBeJlRDKQvJEN0QZlzlG6Vqa94coX5t94V7l76B2OHJ60fUoej8YS5ZwT3urXlCO1qkkxaHLv6dbokOy-bA2QccxANmsRzeEqlRUWjqXxVnh3cXGGSrPmnOmRn7xzjjMvmZwygCmJ0Nd8u9P7dN2-7oKATQWaz8j33-TuiQLdl3-3FObpcNfrrezcF1OBOMa57mcb5fnt0mx8Il9ZkoW3-3-yROd2Gk8RbVXFEvQJZSgp8O2AnTFEQzYrxbBzuqJtP8O_Qo1vABoo84fZOw6LvyJBDj1gF4RgvFHtht2OcGy3aWGju8SXZ8qRi1_KU3TnjC6FHBBwl17XwUlEhQ-uNZMC6MgmNmX5PuN2-05RuUTTi0b8tbxCdEBt4gkJAQLclpQ9sXL_HT927oMj0lPtqADVzBniikt4QexY-Kr4GwCOAuJQ3XgJ65dw_X6V5gPuH2qaqaH3vSOn_udGtkbUhIrPil27A37l_vdd2MQ4DpkRNOTQwxLQQB5kVah91H6k1gFBq2boFMOY5TCCU8epBVTJZ_iZqjC8rCelGkTNB5tg2--6RYv-VniX1HYkxUihzMGY3qEIQ1mXK2DI-8UXOfqaU13R7Kw2zX09yAGfj0wB9prlygQYPwzYfLUivbDgUvUF4hUS_cxxIjYjweUXMgPw2ZCRpUxFzU4CfKUXDFl4RvUvQionGtWKKOhJ9-2iBd6B1_p2gWQy1febwXi73TPAwryW5EyvefRRMUExqDXFnD6mAomQYs2THKIF8wFNxfo3oZ_VmPMvDJylDqW-P_MfWgFaPNANpF7_t_iwJnXqxRThA5YFesgb7AlEKx6DNBTd0cFem1x9u0fMq0PjwMkyOWu2at_0VpnKx-US0qKZxqcF2ro1bOYKXeavz1j3DOKJVGNufhk5iZI69anxVpELhI_WuQicQOWJm_m-qkFsFun6hqy33DfMSGBgeRF-I3PeidsK0KIo981NSzV1PXtt6EXuPFYbFznQ3vLfkYqIQ_aC5u-lFSyPlUoIpZCiypnvT3vxxv4yXYVX59cZoynen9JUTYTBPMdq0NFWjADkCQ_NuOhajP_nIvFnOglwfnl7GwHkc_TfYDMh1fmDZu8tZgqGCy5JdSt0lCXXhc-w3RuhNIRfVjGcFhNuSzefk5eRmhAr0U9vLzo5FHz8UPCj_y6j8BnY5AYRTWNiEPH6y2Ms5D3kZ5VPAfLtkUqFeyVBzBslh2HpxOm59XLPfyoVRNKAPXvoSDSB2lQLib412PShZQ3dpfzIrICiMfXv1dMdpI2Dnj9Yw7sZ2CKn4760D2QtW9Ah83ct5EJqbJ3b24_xIIiF6TexMt3XhcqzREZyB6aMXIzZn88-WXFwYffgO8rKa3zkI3ZhC1UANFgkLhrMMalSsd6w_RfT78FcGgJ2FNLBXXBnbeEBTLPPfH3K5m3oQFfRAB14kFSoXZBphlJ2AhvI634jEgRTwP8Ptl1VhkXR4wSNLFRiDSWgOuqs97Pooi5MB4_aUkpkAk_YAFbAfsxecJCuZ88facNjZldWW9HPd7C4t357gm9XLP6fSByt--uqormUZStBUFv-pPysP&cid=CAQSTwAvHhf_Xs2CTV0YYHq6lr3Kwl7H5EqW1poIoMicEvtNNKIU2JDfkqMzIGWFf-z34nf_Z0_xis2mWhytLNs23M9mPfSvqpUpChWWZOmQLFkYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&ds=l&xdt=1&iif=1&cor=3253382708057700000&adk=2923430906&idt=80&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:06:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 14:06:03 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/ Frame 9146 31 KB
12 KB 53ms
53ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 21:49:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68018
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: cafe
etag: 10551285868935850944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Feb 2024 21:49:19 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9146 41 KB
14 KB 56ms
53ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 433916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 16:11:01 GMT

GET
DATA 200
OK truncated
/ Frame 9146 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc3ac6a88d9a6fbd010b40a4db865f05876dd8e4e635d065474b2464e8005372

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame CCB9 38 KB
13 KB 56ms
53ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 152396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 22:23:02 GMT
expires: Tue, 28 Jan 2025 22:23:02 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 181ms
53ms Script
text/javascript 2607:f8b0:4004:c07::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::8b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 Jan 2024 15:47:06 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3352
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 31 Jan 2024 17:47:06 GMT

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
499 B 185ms
183ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 31 Jan 2024 11:10:18 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65ba2a9a-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Wed, 31 Jan 2024 17:42:58 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame CCB9 39 KB
15 KB 53ms
52ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
259 B 61ms
60ms XHR
text/plain 2607:f8b0:4004:c07::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1063104129&t=pageview&_s=1&dl=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&ul=en-us&de=UTF-8&dt=%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAACAAI~&jid=1486944692&gjid=1062676394&cid=556708885.1706719377&tid=UA-109514583-1&_gid=909189492.1706719378&_r=1&_slc=1&z=378406080

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::8b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

bc4540a14193a6537e0c03127bbf19848e6226bd437f2550d18f1f385c55eccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 metrika_match.html Show response
mc.yandex.com/metrika/ Frame F914 2 KB
1 KB 185ms
184ms Document
text/html 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 869
content-type: text/html
date: Wed, 31 Jan 2024 16:42:58 GMT
etag: "65ba2a9a-365"
expires: Wed, 31 Jan 2024 17:42:58 GMT
last-modified: Wed, 31 Jan 2024 11:10:18 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 89 KB
22 KB 162ms
54ms Document
text/html 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

243118467b955fa3ffd66248f80e9ec9f2b60b751eeed8c46bd3ddf594b8054e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:58 GMT
expires: Thu, 30 Jan 2025 16:42:58 GMT
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9146 0
0 270ms
151ms Fetch
image/gif 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssoEp37nVIBWyxRXLxBYzZ_-SIGBv6OxUl72FhaiyJYsRliFcNELxUghCUZLkDORL1UUmg7sEhjLM0udItzg4z_NBXHtS-xSo_2zKyG7-bRZY_adNgxwJoLB83GFlVfK6a4qtSfMm3vmq9sXt_rS4aiwWQQ4FEdoMyXWm3bTQRJnYd3veUmYjl-WSs92nkVYGv6a0pd4G2GkDOIytpcYJNvp0XawqJsPUmrwBuBJHtXJt3Mdhm69DPANA6CAatdF5l5rY78v1dfxiIJFgM3X545OC6V9NeVM--D_0ePXN-jxRdZ4tKBUQXmJlNaawQ7jVTkhfUsZzap6KOK09u_z560rOhTgUF05b895MejvfMlb0hpJsmi6J73IRKjTOr0zDWWLl890ksW3yAowwSfmPSQgsqrkuvhlqGqNYT2PI7pLuGGRajVrRiVruSAP2IANMmy_Zstm6-D0bj8uJzmPFzZ0x5IqHMeLJjKGQkZRuBODARHx3M7hWDUnmhpQWhETC0fyXpT3vhk4qtVKmrCNUFAtcAHjXn-i2OmjAZEyh7biVS8stq0ae-8Egs9i1qGdJNSf2ZqBrlhJ44SnIkko_E6W_4134QEoRLJno2tGwXaUqsVPvwn13zB9lXuQNq7wvRp0t6QB8Xf3i3aaAsISEHdLu2b9Ic8SiyJLvZdD3SpFVDyD1q_0VwQsysp6MltDrCZ64cpFUWxsq094zR1YCA9vJrW-39GSMxKWbevXsHJmArduC0fLAjRyaldtx6ReEIypvi8WrhuNd2bn5lLUA0aaqtYE3Uz5bQ67eE5mSOamg5Mpwuhk9P77_XvDqn1fG5Q8BifrN34Piwl4e6NWqwcYzdAHCYD4OjFmUbKJxnmpkWd8mLVKxCykoK3tUGEhf1YFKl3ptMeYScQWgENYgGavFMzBWbifxNjXpDDOiGq4eBekMsKgkYfXzheuFTkedaJ5Hs_oD6qsE6bvahuro-Plx4fO0sylHS7RA7bH9JbboqL_SsXjXRBlHjBh_6KDf3kA_nGmr5jWP_7bDH4gRiK_ejYYf2YsAhlEd4SBwsSIVOVUAOcu4MU1EEJNGMo7NS9Jn_omC8sFbp38PbZZWTumm0guRKoPfhzLFpmHkyCJ8i2ta8Ri6qV9ECtI03FN-y7G9NbS2YrodAvjzEQziweAzB-AuDowIEzy5t1DfmhJA6wqoqv6DBv89m4SIzKv9e4nr7c3WuJABVraM_Wlnq9IohFp8SBxYtmmHt8sTLdTln9vJYaWnOSLt6oy0Wxwf-aPRkjVHGCX1Thjid9XB4J7BHCZ6NuxuaFI2y97CgUaIbZcvz-4sPP3OqrDufpnoxUgFHtS-wpAPN_7JY_XVHHoPH_MBWi8RdDJOJ_DpsKt3j_rN6dgWRwMCYQ2si0rQ8g1lrdbdvoxuyeWg8oKYLoJt99cbDtk77Q10OFcmTHA69_yJ9AO42KmPyXC9XEJdtXExegD6MA9NVdIHm0Om-l7vRi59YfQv3j9tstXlKjbbZlYUi9hunrSXMaZ6DkROQEDHEyMUFhJEj2xH0yUHgj6-K0xxlIRy064OB4T7tJUnNyaq9qa46kYa-MLK4LtmAQV5fViQcbGg_gzXe6l900fg9w1w&sai=AMfl-YTBb3EoP4AyujWfXD0AUwoIVm8dMldrb-em-UPsWZXInxRKTBCuZ-pp7gcERV-FnwzEK2dxmLXRnBpjx1Xo4KK515dM5n8S0SPXs0rLdJMMgQNH5o5UZ7hAjIAIbJO_u5lgiKAa3WyCrjTo0fXLahRXZOyZoXftcGRm8w2NNLVqkJtEqMvtXB79ZLKE8jPMCwyRFtQW3N9loFk_25Sr7TfeDUaQZpL2Y4_rArjBR6vAR-jRR3U5_oV6_WnaVjoRGNZN6UTeoNJYnK2-rR_BVna7w1BRJn4x6d7NuoActQ&sig=Cg0ArKJSzK4oGqWUEvIREAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=475&cbvp=1&cstd=455&cisv=r20240124.85496&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 31 Jan 2024 16:42:58 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/ Frame 129C 9 KB
4 KB 54ms
53ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 16408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 12:09:30 GMT
etag: 3890843268177463596
expires: Wed, 14 Feb 2024 12:09:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/ Frame F03C 9 KB
4 KB 53ms
52ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 16408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 12:09:30 GMT
etag: 3890843268177463596
expires: Wed, 14 Feb 2024 12:09:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/ Frame B075 9 KB
4 KB 55ms
55ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 16408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 12:09:30 GMT
etag: 3890843268177463596
expires: Wed, 14 Feb 2024 12:09:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxVeL7m-iz9yPEQtvDNk4yaXUQxaXk_Bf9DWC7eJVvchgCCuTuS6q3RQW-FjaKyZAKOMfcMaAWvwZx3kQAsnmbU8H1Q_W6ZtGChCWNFkmUjXrfJbBuEm7Akguw5JO32YnMMdXBgGEw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 86ms
84ms Script
application/javascript 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVeL7m-iz9yPEQtvDNk4yaXUQxaXk_Bf9DWC7eJVvchgCCuTuS6q3RQW-FjaKyZAKOMfcMaAWvwZx3kQAsnmbU8H1Q_W6ZtGChCWNFkmUjXrfJbBuEm7Akguw5JO32YnMMdXBgGEw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NzE5Mzc4LDUxMjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cueW91bGEud3d3LnNiZXJiYW5rLnNiZXIuc2Jlci5zcGJqeThmbnJmY29kN3AucGVycy0xLmJvb2ttcDMucnUvIixudWxsLFtbOCwibE1JemRBS0tERVkiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/am=wA/d=1/rs=AJlcJMzmB6bdT_BMgeeZSzvNF8-3Z93uig/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a164985f05eaa421bb7a0121fea2e4d2da0864893b930c568c609638d121763

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4bGR--K2VTCKTVk1-TKeZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-4bGR--K2VTCKTVk1-TKeZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsKoxSXF4K0hxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHEC8bsvL5kEvr5kkgBiLSB-J_mK6RsQ7_DxYHkTPp2VL2I66-mC6ayXgZitAsgH4ri66awFQMy3bjqr4frprFvOTGfdA8Qxz6ezpgDxYtYZrKuBeErgDNY5QNwSPYN1GhA7pc9gDQHiz5kzWH8Dcdntc6x1QCzEwzHp48u1bAInrizrZgIAdfJYuQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 225 KB
81 KB 179ms
70ms Script
application/javascript 2607:f8b0:4004:c06::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XR25G8TDFM&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5c022e98388f001ddc8593d79cd149b40e2e74868732dee70f6b7f4fdbe46747

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/46501593/
Redirect Chain

https://mc.yandex.com/watch/46501593?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6xy...
https://mc.yandex.com/watch/46501593/1?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6...

466 B
576 B

183ms
182ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/46501593/1?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6xy7yz3pqvro10cvu5q72wt7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A190598690803%3Ahid%3A638291327%3Az%3A-600%3Ai%3A20240131064257%3Aet%3A1706719378%3Ac%3A1%3Arn%3A361946090%3Arqn%3A1%3Au%3A1706719378352900061%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C60%2C1645%2C1%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1706719373378%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706719379%3At%3A%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

370ce2401aa4dc6e7c26edcf87701fe82dc5b046f093bd4c9cff6064557e7204

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Wed, 31-Jan-2024 16:42:58 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 466
x-xss-protection: 1; mode=block
expires: Wed, 31-Jan-2024 16:42:58 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 31-Jan-2024 16:42:58 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/46501593/1?wmode=7&page-url=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6xy7yz3pqvro10cvu5q72wt7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A190598690803%3Ahid%3A638291327%3Az%3A-600%3Ai%3A20240131064257%3Aet%3A1706719378%3Ac%3A1%3Arn%3A361946090%3Arqn%3A1%3Au%3A1706719378352900061%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C60%2C1645%2C1%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1706719373378%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706719379%3At%3A%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 31-Jan-2024 16:42:58 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 129C 4 KB
1 KB 182ms
64ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 31 Jan 2024 16:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 15:41:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/ Frame 129C 16 KB
7 KB 57ms
55ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:24:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 14359709190881042667
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 16:24:34 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/ Frame 129C 22 KB
9 KB 56ms
54ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6f8aad2c2e01e81032eb3ce744f73450e33b1718dd95ee9cb968e76b8512f59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:14:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66501
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9451
x-xss-protection: 0
server: cafe
etag: 11136001603933606047
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Feb 2024 22:14:37 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 64FC 120 KB
41 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 00:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 01 Feb 2024 00:29:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F7D1 624 B
245 B 76ms
74ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEYnK3fcjAB&v=APEucNWlCI7FyIFHHXZCoxiwqV0kTO8KEPuoZpR6v3GZJ9Skv_kRZ5XoYYRcuTMz3kAbXllNA9ACyFNCLnWTdyN7mzsde0HwgA

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:58 GMT
expires: Wed, 31 Jan 2024 16:42:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 0314 172 KB
60 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 22:42:46 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/ Frame 0314 8 KB
3 KB 54ms
54ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:03:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Feb 2024 22:03:27 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/ Frame 0314 23 KB
9 KB 53ms
52ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/abg_lite_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 13:37:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 13:37:48 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0314 41 KB
14 KB 55ms
54ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 433917
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 16:11:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame 0314 3 KB
1 KB 100ms
96ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 09:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 09:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame 0314 20 KB
8 KB 61ms
57ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:13:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 16:13:14 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0314 205 KB
65 KB 70ms
63ms Script
text/javascript 2607:f8b0:4004:c1f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78788a484b77f37f7426b9bd6f15cd74c9ef95a46537de4c6a6f87ecea090d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706532320618808"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0314 42 B
63 B 114ms
111ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CeCKZHl4QRdI63dB9bG_Gtm8uE1uDcjfgbbmYBEhW5cvWSpWlau5Lu609FM8NsgG3JUYWDorWAXH1dV-IP0FRMKdb6SAPZjL_Alm5EMQw4BwSkNrk

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5290 640 B
262 B 84ms
78ms Document
text/html 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEY7cfscTAB&v=APEucNW42TAkhLYADIZCu6PFsw1aIvTwLgpL6M_d14HzQzJR5m1JF5AIvevUonvDep9NULNao_q9ILqJayipKvLWnYkjNDbBdA

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F64F 172 KB
60 KB 63ms
55ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 22:42:46 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/ Frame F64F 8 KB
3 KB 58ms
53ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 22:03:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 13 Feb 2024 22:03:27 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/ Frame F64F 23 KB
9 KB 58ms
54ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240124/r20110914/abg_lite_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 13:37:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 13:37:48 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F64F 41 KB
14 KB 61ms
57ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 433917
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 16:11:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame F64F 3 KB
1 KB 69ms
65ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 09:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 09:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame F64F 20 KB
8 KB 63ms
59ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:13:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 16:13:14 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F64F 205 KB
65 KB 69ms
67ms Script
text/javascript 2607:f8b0:4004:c1f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78788a484b77f37f7426b9bd6f15cd74c9ef95a46537de4c6a6f87ecea090d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706532320618808"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F64F 42 B
63 B 113ms
113ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BY17c-27cIj7vrYuTFgB5_4AbPIXdsTqL7Sko0rjd_cUKZM2HrQaFUvU0-snkJhVKQ0MvvOYlY7cjCqmGS7TeWzZEeAIOT2-yI2arN2a7XlGS65Mo

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F7D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1

43 B
734 B

70ms
70ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEYnK3fcjAB&v=APEucNWlCI7FyIFHHXZCoxiwqV0kTO8KEPuoZpR6v3GZJ9Skv_kRZ5XoYYRcuTMz3kAbXllNA9ACyFNCLnWTdyN7mzsde0HwgA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqeKC8DHTCBg7ZvtsjqOBwOTQBdNQP7MxKEGhW6z1T9RJ0t9LBxTvthJ%2FyoMRJeri98WMf85XudMhA47N3zS22p%2FEQjdjhfYXtzmzbAh64%2BB2d9HgVkOb6kIFTZw1k3uOrubyBbKZNx7Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84e36935d9ea2227-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F7D1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbp4kWlD78buVd.bOGf.CgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2

43 B
732 B

72ms
72ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEYnK3fcjAB&v=APEucNWlCI7FyIFHHXZCoxiwqV0kTO8KEPuoZpR6v3GZJ9Skv_kRZ5XoYYRcuTMz3kAbXllNA9ACyFNCLnWTdyN7mzsde0HwgA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsQ153jlcmcDooXIhBaZi9OQdpGsgWZS8RlK1fe8xTdFZD5kzTBOAxHa2Yd1hBpjRavDEDpmjlBuWxKbAXd4HzTKjmQ7P%2FytEs7pxkKCnij9RsbzLnfYC4aXLb%2B5YZpFu9ILTFBmC6A8Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84e369367ab42227-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPecKcoZ35DKuXMeRDH0oLw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F7D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1

43 B
1 KB

64ms
63ms

Image
image/gif

68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEYnK3fcjAB&v=APEucNWlCI7FyIFHHXZCoxiwqV0kTO8KEPuoZpR6v3GZJ9Skv_kRZ5XoYYRcuTMz3kAbXllNA9ACyFNCLnWTdyN7mzsde0HwgA

Protocol

Server

68.67.160.184 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
an-x-request-uuid: d6b1bc97-167d-480b-9b8c-c09eda1630f8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.70; 38.132.118.70; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPDF9zq2NTje5Totd0iBVLE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F7D1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

170 B
188 B

61ms
60ms

Image
image/png

142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D

Requested by

Protocol

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:58 GMT
an-x-request-uuid: a97e5b09-9a1c-47eb-8824-362718038728
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEyNjYxMjc5OTYwMjM2MTEzOQ%3D%3D
x-proxy-origin: 38.132.118.70; 38.132.118.70; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 AGSKWxUXxBMKMUBXLO4adaK8BKeRpO6ZwY5g3XGVstHZRglsGD8tP4BhHYKI1Mcs4ZdxILRtXBkxQ_W6jSx58LgpjWO8UcEhapXR7RmxHEEPo05WSf-j5aY_Ax6_07QAD5VXyJ_pkqpaMg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 81ms
81ms Script
application/javascript 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUXxBMKMUBXLO4adaK8BKeRpO6ZwY5g3XGVstHZRglsGD8tP4BhHYKI1Mcs4ZdxILRtXBkxQ_W6jSx58LgpjWO8UcEhapXR7RmxHEEPo05WSf-j5aY_Ax6_07QAD5VXyJ_pkqpaMg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NzE5Mzc4LDg0NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LnlvdWxhLnd3dy5zYmVyYmFuay5zYmVyLnNiZXIuc3Biank4Zm5yZmNvZDdwLnBlcnMtMS5ib29rbXAzLnJ1LyIsbnVsbCxbWzgsImxNSXpkQUtLREVZIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

227614c21f09c5231bd9519d2509242e5effd12521dceac06da95573e587ba14

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--ITI0QaLFhdionJjj3BWjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:58 GMT
content-security-policy: script-src 'report-sample' 'nonce--ITI0QaLFhdionJjj3BWjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4K4hxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgLsh-zlQBxIx_XjBxAvG7Ly-ZBL6-ZJIAYi0gfif5iukbEO_w8WB5Ez6dlS9iOuvpgumsl4GYrQLIB-K4uumsBUDMt246q-H66axbzkxn3QPEMc-ns6YA8WLWGayrgXhK4AzWOUDcEj2DdRoQO6XPYA0B4s-ZM1h_A3HZ7XOsdUAsxMMx6ePLtWwCHYtOLGUGAJVFXY4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 3 KB
3 KB 55ms
55ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11c19322da0d5ba717f281542aad3d364fde06fd9b0df43c068510951fd0db07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:40:14 GMT
date: Thu, 25 Jan 2024 17:40:14 GMT
x-content-type-options: nosniff
age: 514964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3555
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 n_one_vway_bahia-principe-es_np.js Show response
bucket.cdnwebcloud.com/ Frame 0314 1 KB
977 B 229ms
73ms Script
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=276473795&ord=481368163
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74130e91791cf3496d353724953e6466d3240ea308838a482dff16cd6c119aa0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:54:45 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 21820
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: abM1IolFGrEv-j4qrTKPEHqNEGC_D7yZFJGQgFQd3JSXKrvsEmuupw==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 206 KB
31 KB 56ms
55ms Document
text/html 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ee61be0b2b806f4f1f7a2f5083d88982599787022c337811f1a97983f9fe13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:58 GMT
expires: Thu, 30 Jan 2025 16:42:58 GMT
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 0314 0
0 274ms
149ms Fetch
image/gif 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuugznz79xu9BLxJ1JLAHclnO_eeMs3JkS1lgRBN3kbT98De2ZmY9td9LpqJj9fvNEXlMeIP_i9clScTLb9PQNlTuQCaGMURhuZkauBDYTtD01BluN3e9_obdhVH7RuM2GFwrzXvd2PG0jm8ziknKF0TXy6Z8vFSrNIC7GW96yXnBFMlDWZWaqlwt_TflcGydXUuGd9_XoQrcVPkFYOG0p8dCgwd-mQUyUsxUCu2ONvJbOwG-V0Sy4FWEYgxhCVWnYzhaBBUrtAY1tJNDJt1gkTww-sqLZgQr2ZSJnlP4ITAEXMHgi4YS5ucWa0h4W04_RCO7-fXZ4NVGXrS3Owc7uhMYzUZoMiFt9LJzAlDnyHBLff_mzDp67bNEaRFNiMEaU_x8zs9XW2kcELWDoVY4UjPJh2hyQXVS3NoI1QWea5ayGfrW7SriaBIW8C4MuWLHE6wkVu77MK4bpCMGaLjyEc4h0lw0lBlvxHdOCzr9Xe2FfL6vL_OxZXb7V0qKc-fxNg70XuTMPlm7W-e3kD3bDi0sPAadYsU3Y5_e3rXF6rngF4uEgosGekMRe6df8boyyc3deyvwwtYaFE1mqKRrVLL0l6Len0T7cGobq3nv9hjDsKfjpSw5pkMLkyefYY8y1ubBNkkdDdTV11dkQGngVdIHiK5xM2JGQh7RjCwSAD8yVWxt1-mOaxZfYkRIhN7Wm9S4YQlJFUxyoRpdv6guXmrucY0JRy6mcTIf9NEa3YOLD8ywHoaE_4pcjyUzthJQ6SWkBMKeq2goOLtrPd6SfF7-vm9WcdWuG1_DjndoHdQK2IDej7TlcClsf-cm_-PlRxneR-E-a67I1RtbkAWVQ7uFhpYrjMvXMsqNm2o4-ouPaHVTZJkN67Iv3yDUcjWuGhnekDORGa-bhM6LIT1k74mQ3wWBNdONYwd67gADekKNR5Y5p_3yvazp9-Ba9il5I-deVj7pO1nSgIUK5LiNopg0qLjkGT0kUjJJGA4dl4x-0qerCOKj6tg3zzM-M6ixmiX6fCQRWCzpJxqjF7M9ZeeKsbknVW7O5FLkMqt4ZbgDDkGyyo400Gi7LT4_k4cVeWwrdLagsPSK59nHtIZh8uJHXEhknpS9sHvThk9Me5rCnsZSdQN6uY1MbE91Zr9LUjiSmKB2LtxkYSnn0JS-NGoRL5lwCSQMd01xOonCm-IfAPCCBNSSnaRH0BC6aCGE8rSru7OAhr9AYybNgh6bn_1xG-2K_OYoDKGKt3S6chwJpLVthlX2iF35XQSOPWkhRdyar3Taafa-_DQFFvqzjoSuQPOF3JOiIcFvsutIrHjsa4-69QCBlzU0S-yh67gsFv-hz7mT8eCxFKizcwQaBceTFuzWQoyZSZxXK1hucAtPN6P8Nr2bNE9YWun852QReb6M-_tLGh_62Aldm98y1zH5hJWE-CsRU9eBJ7EX0Bcv-ioUfaN3MCl0Io1GECo2UETQvm8evoogFeYbEiJLKpZwW8-Ba1frzdBxJKF1aAOFLd58DvX11YAJiABUpTi-k7lM33CMjIWM2TnU8uJefiHuOrVx8ojMP_GwipTli_XhMNRr8vY2wkzbfgip4zyxYQbERW1Uusrm8Dg75Jcab9BmXbwjj3mU8&sai=AMfl-YTQ7AD2LLMkMsktquQfRlSlbxaQZNlNid9LRFkdkwQN6ZzB_-R6aGcvrW-II7SHN67OdjVnWrAsVWm-vRHZGshACWlvVg-uETznDpBeRluTg08PxEuRXIn-VwYJ60ARmwZ2-s5bXWvnxt8G4mXbKYS4mwJrjLrN6lcrj6CoFodTatfi_ZLg9sawtC8DqV53TANjhBcL3VrGro_W5eFj4E5l_cUob-OFf_kA29t9cTBV8gWLg_GCcWNYxdSHpCet9uaezx-WcNXGjwT-4cNqpHybIX_RSkplvjyhrZtnIw7hVl8yRUDYfcrUEdNZy3Cq53j-xSJKm37VQMb_1wZrmEpe5VJJmnBP3f9weBoPMTGyf3kU_TgbtYSRq0sNAjpna2S1I-__4D0IVyoDuS8f6WzPMazO3_B15zkoq_p4Q7hf_YNvQKiE5yGVMUGXapooPTjqoBZOS82IRly7W4hi4xKuYTG_xjM_jHir6LLX-H_mMYCXwCW1R4PEuq0uyzhdPraoaDs&sig=Cg0ArKJSzNsXLlR53o9qEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iYWhpYS1wcmluY2lwZS5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=258&cbvp=1&cstd=245&cisv=r20240124.48715&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H2 200 n_one_vway_bahia-principe-es_np.js
bucket.cdnwebcloud.com/ Frame 0314 1 KB
1 KB 215ms
75ms Image
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=276473795&ord=481368163
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:54:45 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 21820
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 7HKXV3CJRvXImJpDRmU3I-U6aueig19kaMjWefztSDH_XCpkZtvApg==

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 5290
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1

43 B
61 B

47ms
45ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEY7cfscTAB&v=APEucNW42TAkhLYADIZCu6PFsw1aIvTwLgpL6M_d14HzQzJR5m1JF5AIvevUonvDep9NULNao_q9ILqJayipKvLWnYkjNDbBdA
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEK7mHPSmMChj3MzInHppA6A&google_cver=1
date: Wed, 31 Jan 2024 16:42:59 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5290
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWY5NGQxMjItNWRkYy0yNTE1LWM0YWItM2M3Njk3MGRhNjhk

170 B
188 B

69ms
66ms

Image
image/png

142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWY5NGQxMjItNWRkYy0yNTE1LWM0YWItM2M3Njk3MGRhNjhk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEY7cfscTAB&v=APEucNW42TAkhLYADIZCu6PFsw1aIvTwLgpL6M_d14HzQzJR5m1JF5AIvevUonvDep9NULNao_q9ILqJayipKvLWnYkjNDbBdA

Protocol

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWY5NGQxMjItNWRkYy0yNTE1LWM0YWItM2M3Njk3MGRhNjhk
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame 5290
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEN8uylKXBACbm2OcRvK-rD8&google_cver=1

23 B
278 B

163ms
60ms

Image
image/gif

23.220.121.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEN8uylKXBACbm2OcRvK-rD8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNPh9QIQ8ZCY7AEY7cfscTAB&v=APEucNW42TAkhLYADIZCu6PFsw1aIvTwLgpL6M_d14HzQzJR5m1JF5AIvevUonvDep9NULNao_q9ILqJayipKvLWnYkjNDbBdA
Protocol: H2
Server: 23.220.121.51 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-121-51.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 31 Jan 2024 16:42:59 GMT
pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEN8uylKXBACbm2OcRvK-rD8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5290
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGUxYmVhMzktNmVlNC00M2I1LTlkYWEtZGJlMjRmMGViMDRm

170 B
188 B

60ms
59ms

Image
image/png

142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGUxYmVhMzktNmVlNC00M2I1LTlkYWEtZGJlMjRmMGViMDRm

Requested by

Protocol

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
server: pekko-http/1.0.0
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGUxYmVhMzktNmVlNC00M2I1LTlkYWEtZGJlMjRmMGViMDRm
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C9DD 38 KB
13 KB 59ms
54ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 152396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 22:23:02 GMT
expires: Tue, 28 Jan 2025 22:23:02 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 60ms
60ms Ping
text/plain 2607:f8b0:4004:c07::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-XR25G8TDFM&gtm=45je41t0v9105662211&_p=1706719378534&gcs=G1--&gcd=11l1l1l1l6&dma=0&tcfd=10000&ul=en-us&sr=1600x1200&cid=556708885.1706719377&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru%2F&dt=%D0%90%D1%83%D0%B4%D0%B8%D0%BE%D0%BA%D0%BD%D0%B8%D0%B3%D0%B8%20%D1%81%D0%BB%D1%83%D1%88%D0%B0%D1%82%D1%8C%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%3A%3A%20bookmp3.ru&sid=1706719379&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=5645
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XR25G8TDFM&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c07::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/ Frame 5544 23 KB
9 KB 54ms
52ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 05:24:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40684
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 05:24:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5544 8 KB
846 B 194ms
189ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 15:23:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/ Frame 5544 15 KB
3 KB 57ms
52ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 17:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515063
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Thu, 18 Jan 2024 02:36:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jan 2025 17:38:36 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/ Frame 5544 378 KB
132 KB 60ms
56ms Script
text/javascript 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

325f25191af82345cc615c820126c663f55ee865ccb8c6f033e11ee57085617a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134582
x-xss-protection: 0
last-modified: Thu, 18 Jan 2024 02:36:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:36:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/ Frame 5544 20 KB
8 KB 53ms
53ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:13:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1785
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 16:13:14 GMT

GET
DATA 200
OK truncated
/ Frame F64F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b6117d8be17a0ccc8f6e4bcfa591cb576dc1b8396d1c2e6e743927a03163666

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 814F 118 KB
40 KB 55ms
55ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:36:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83201
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 17:36:18 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 3CF1 38 KB
13 KB 56ms
53ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 152397
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 22:23:02 GMT
expires: Tue, 28 Jan 2025 22:23:02 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 n_one_vway_bahia-principe-es_np.js Show response
bucket.cdnwebcloud.com/ Frame F64F 1 KB
975 B 93ms
74ms Script
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=275490374&ord=414564318
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74130e91791cf3496d353724953e6466d3240ea308838a482dff16cd6c119aa0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:54:45 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 21820
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 6fyFlzzNM7GrrCdYb5irmD86vVV2qB0Qv5WWGr1j8TTSdHHqAcSXcA==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 209 KB
31 KB 62ms
55ms Document
text/html 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61d101801c1f9fdd8dddd032ea43c62fe911ddc06914c77ac8928b603f34c2e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:42:59 GMT
expires: Thu, 30 Jan 2025 16:42:59 GMT
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F64F 0
0 161ms
153ms Fetch
image/gif 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv8Nkdku7IFHCrnx-E-mlam8Brxxx5IO3zRVq7Z0rRGhRDAvhT1dEqopuvvW2VeGnwdcT98UfgqnC3UMwck3wIypIafWbiX0hhHYxWoTWIePgOY5VOuUwb0AFbX4Uymd-Syza7w-ZaQWHFgQk1nseS9ODQHFsHo0oFHp2KUUxBVJbPjYBW8zy8KWQUKN2pIgjjY1J6BqVeCoU_wKoUm24TOD10Y3fCIu163jn27Qmu67OeFwN66TfVJ32PQw1bZ-5ClOIeZBJ9Nk8eB79H0yTzDQIYXRNumxbrrisqdWrz0v5sNpuXrg4vLs61K9gpXlrQ1QI8yHNqST-YD1xapEnaFU9dqcbHGT3S2lZRoau2meaakMaBQOEw9W_F0krHygJEm-ae61VverDBKcTNmF9SfdNTMlpQIrWkKtHze1hL08D6rwvB5jQ58wNTcmPfVkwGRNR46bnZV9hNImEqN-3cfezVqGlbFj9Doppdnp4VDUT1z6KEJvOOFPiVmJbDo1CWnPDafoHfIyLuzMRm3RhzA_brXuCOfFx1RH59Inhi1fDYXB5vm11RJOPcuF3Tynrr6V_raFr0Y1P8Fst9YlxLAivE4rQ3s3CJUUBmsIRABeTfISiTMwKklu_27QRQDNumW8RzuDWfgeIy43JwjQPl2n2qjXOA1iHe6EKzBqkharC7MTPBFRa4WJZ_Vawfwus8bDQJRAnmXTJG8FgJ0ApmLgF3eBJNjdepZcT_zWcpH5m2DMimjZzlg1aGEjxYHq-tE0z6aDbb584QMqLGlsOjfDQZPYH00d1eoD5I4iV9NTfqN_m8suZtE69RoUREzZvS9mbmb_dnIpPl2-nzDFmjAXeRZVlgjfQlcPNslBdYkR6aiot15TU6F8S7Fhgtntopguwemef1DDnG-lY4yWqpJtJXsEAOQHIjbnWk5_V2ciIw6UB9gdtTF0y_8r40_f3SrwOAim98fM18VyzYBogu-0uKjF-AYth9EtVJpWUnkTIwLRGxGLOCvLjbqPLdaDD47Grdugh4iP2z1o599tp5hVqjjxz-6JyN7arG1i3OgQPvAbvCIvqgrsnxVvH6DtvauDkaEdadbYek-0lojqa83Xmb0OQEg61I82z3zURDjCid00LkfxTEvf6kwD43qiLnXshVjUhJ1Z7nY6YribGMZ7bGas5zNuYp7xzi-0fLQvdLptUJXW-IruZ-V-1bS9OP0MRv6NcxiPkptLanO9zVobIxmDdK3eNmub3Sb-5VrsNXvA2eK1yt72cFTTsXd6IgGbT-RSNjamqwwx7hVuv1ZFMg4yerFixHahty9fwVl4AJX7sEY32n8X7POOtLwP2rypdJjOPZoaJlh17yYMeDXi6cpMvO8D2bo92LexCJ4LSJq8cfyauHAjYyNt-5rN4rxRPZyJIFYzCrYGoMCgk5AKQXS-W-uXhBhyEJc1qebWJCm24B8_imHPqhRdtrLx6J1EqvtHqQX0hTNnx9Z-05YUJaBgXMxBSdUvn2_Ts2Q-CeN07DUa-35n0gEj8MX1Q8M1h-irKxyYfSALg4isMtMTt5d06QxfEFkHQlGrAMcNd9_qeIioGD2BckFYE-5jflaBL8nXcvAEnmTHEDj__Y6g9FQPNn9rM-W&sai=AMfl-YTJrvpMfVKJVvM4eETwDgSdvmyuEuk79MLi81ae0kABxCC8iAMT_TzZlTSt_gdjY3EUVx1jS5op4kmw3DONVdkUbFZNuIX520UOfiGDDlwtRskdrPB6j5f-sWnMu4-kaWUpRqrITMfRd2kMeS7ke2RL16KCnz_G3NqexpmgBRbcmWovKmM2JMHAXkfHb7n77Cqgam93lZDBNR0cNA2DnK-zChyoc6N0intUwGd5vchQODH4xeSHrlyVIGNNNQ01_0AwFHMK0IB4v5liK6io0zXLOXFG7KiHK6R3LC2WgudvzjEr8y4cbCRRT0vUWzXc2WuZraii2D_TrGSjxWU5ny_B27CYPkMkk-TODqPgxgnuT93kKFZmQQPEhsC8Nre6R1hqMygtIEODX_ygGgvKUsCKDF8BgU3pzhdacBtjb2KIP2CmrcrxlYH889AdTe8S0W0rUM-LcgyqoyBOsXNUFjX8fmG8OUEM3sbYQ4tdmDivjU_YY_qC3j4LgEWl5eY0VRzG1Vs&sig=Cg0ArKJSzNicLr0RDFA7EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iYWhpYS1wcmluY2lwZS5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=384&cbvp=1&cstd=374&cisv=r20240124.54805&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H2 200 n_one_vway_bahia-principe-es_np.js
bucket.cdnwebcloud.com/ Frame F64F 1 KB
1 KB 84ms
76ms Image
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=275490374&ord=414564318
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 14:54:45 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Fri, 20 Dec 2019 13:03:10 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 21820
etag: W/"9748fb959a7ee41d8aebb52473ace3d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: kBePGGJxZ_KjS-jFiKzNKM-7Id-MWxNQ5PB8DsWXJVtMRYeOqh3IcA==

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9146 0
0 119ms
112ms Fetch
image/gif 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssoEp37nVIBWyxRXLxBYzZ_-SIGBv6OxUl72FhaiyJYsRliFcNELxUghCUZLkDORL1UUmg7sEhjLM0udItzg4z_NBXHtS-xSo_2zKyG7-bRZY_adNgxwJoLB83GFlVfK6a4qtSfMm3vmq9sXt_rS4aiwWQQ4FEdoMyXWm3bTQRJnYd3veUmYjl-WSs92nkVYGv6a0pd4G2GkDOIytpcYJNvp0XawqJsPUmrwBuBJHtXJt3Mdhm69DPANA6CAatdF5l5rY78v1dfxiIJFgM3X545OC6V9NeVM--D_0ePXN-jxRdZ4tKBUQXmJlNaawQ7jVTkhfUsZzap6KOK09u_z560rOhTgUF05b895MejvfMlb0hpJsmi6J73IRKjTOr0zDWWLl890ksW3yAowwSfmPSQgsqrkuvhlqGqNYT2PI7pLuGGRajVrRiVruSAP2IANMmy_Zstm6-D0bj8uJzmPFzZ0x5IqHMeLJjKGQkZRuBODARHx3M7hWDUnmhpQWhETC0fyXpT3vhk4qtVKmrCNUFAtcAHjXn-i2OmjAZEyh7biVS8stq0ae-8Egs9i1qGdJNSf2ZqBrlhJ44SnIkko_E6W_4134QEoRLJno2tGwXaUqsVPvwn13zB9lXuQNq7wvRp0t6QB8Xf3i3aaAsISEHdLu2b9Ic8SiyJLvZdD3SpFVDyD1q_0VwQsysp6MltDrCZ64cpFUWxsq094zR1YCA9vJrW-39GSMxKWbevXsHJmArduC0fLAjRyaldtx6ReEIypvi8WrhuNd2bn5lLUA0aaqtYE3Uz5bQ67eE5mSOamg5Mpwuhk9P77_XvDqn1fG5Q8BifrN34Piwl4e6NWqwcYzdAHCYD4OjFmUbKJxnmpkWd8mLVKxCykoK3tUGEhf1YFKl3ptMeYScQWgENYgGavFMzBWbifxNjXpDDOiGq4eBekMsKgkYfXzheuFTkedaJ5Hs_oD6qsE6bvahuro-Plx4fO0sylHS7RA7bH9JbboqL_SsXjXRBlHjBh_6KDf3kA_nGmr5jWP_7bDH4gRiK_ejYYf2YsAhlEd4SBwsSIVOVUAOcu4MU1EEJNGMo7NS9Jn_omC8sFbp38PbZZWTumm0guRKoPfhzLFpmHkyCJ8i2ta8Ri6qV9ECtI03FN-y7G9NbS2YrodAvjzEQziweAzB-AuDowIEzy5t1DfmhJA6wqoqv6DBv89m4SIzKv9e4nr7c3WuJABVraM_Wlnq9IohFp8SBxYtmmHt8sTLdTln9vJYaWnOSLt6oy0Wxwf-aPRkjVHGCX1Thjid9XB4J7BHCZ6NuxuaFI2y97CgUaIbZcvz-4sPP3OqrDufpnoxUgFHtS-wpAPN_7JY_XVHHoPH_MBWi8RdDJOJ_DpsKt3j_rN6dgWRwMCYQ2si0rQ8g1lrdbdvoxuyeWg8oKYLoJt99cbDtk77Q10OFcmTHA69_yJ9AO42KmPyXC9XEJdtXExegD6MA9NVdIHm0Om-l7vRi59YfQv3j9tstXlKjbbZlYUi9hunrSXMaZ6DkROQEDHEyMUFhJEj2xH0yUHgj6-K0xxlIRy064OB4T7tJUnNyaq9qa46kYa-MLK4LtmAQV5fViQcbGg_gzXe6l900fg9w1w&sai=AMfl-YTBb3EoP4AyujWfXD0AUwoIVm8dMldrb-em-UPsWZXInxRKTBCuZ-pp7gcERV-FnwzEK2dxmLXRnBpjx1Xo4KK515dM5n8S0SPXs0rLdJMMgQNH5o5UZ7hAjIAIbJO_u5lgiKAa3WyCrjTo0fXLahRXZOyZoXftcGRm8w2NNLVqkJtEqMvtXB79ZLKE8jPMCwyRFtQW3N9loFk_25Sr7TfeDUaQZpL2Y4_rArjBR6vAR-jRR3U5_oV6_WnaVjoRGNZN6UTeoNJYnK2-rR_BVna7w1BRJn4x6d7NuoActQ&sig=Cg0ArKJSzK4oGqWUEvIREAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1197&vt=11&dtpt=722&dett=3&cstd=455&cisv=r20240124.85496&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 3 KB
3 KB 68ms
53ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/preload.jpg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11c19322da0d5ba717f281542aad3d364fde06fd9b0df43c068510951fd0db07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:40:14 GMT
date: Thu, 25 Jan 2024 17:40:14 GMT
x-content-type-options: nosniff
age: 514965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3555
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 64FC 8 KB
6 KB 72ms
71ms XHR
application/json 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb9458547563f51c8bf0a9bfe10c7165a14e284a50686853ffdee6bed92d98a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6000
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6AE5 118 KB
40 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:36:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83201
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 17:36:18 GMT

GET
H2 200 noah.min.js Show response
bucket.cdnwebcloud.com/ Frame 0314 19 KB
7 KB 85ms
84ms Script
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/noah.min.js?1706719379315
Requested by: Host: bucket.cdnwebcloud.com
URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=276473795&ord=481368163
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3949bc357609db6e9bc5796a30a25a1865ba837e2cada69a1832b03e0814a51d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:08:27 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2023 14:02:49 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 84873
x-amz-server-side-encryption: AES256
etag: W/"3c5a63b88b693279fc4d9dcff91d29c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 1PH6Ck4rPlBlYWsfJ0pmFcUBvNfxEFf7WE0fPmFaWDWEs6b8VQXckQ==

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 3 KB
3 KB 56ms
55ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/preload.jpg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11c19322da0d5ba717f281542aad3d364fde06fd9b0df43c068510951fd0db07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:40:14 GMT
date: Thu, 25 Jan 2024 17:40:14 GMT
x-content-type-options: nosniff
age: 514965
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3555
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 517 B
545 B 54ms
53ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/replay.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182fc11158c66dbbd0432664c2967f118f3a5e57b7e5fb28822376e8dbe365db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:40:15 GMT
date: Thu, 25 Jan 2024 17:40:15 GMT
x-content-type-options: nosniff
age: 514964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 517
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 37 KB
37 KB 69ms
68ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/poster.jpg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cea0c881f37fd3f492b1917ce42a88e0f95d7392ec970cb9646d721f7bf7fb87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 20:51:28 GMT
date: Tue, 30 Jan 2024 20:51:28 GMT
x-content-type-options: nosniff
age: 71491
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37751
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame C9DD 39 KB
15 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5544 0
234 B 200ms
69ms Ping
image/gif 2607:f8b0:4003:c0c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ls20nhcb&c=2134487379515&slotId=1067243689757.5&qqid=COC34JGJiIQDFYolaAgdvegDoA&fb=outstream-lima&sei=44752538%2C44809796%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4003:c0c::5e Tulsa, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5544 0
20 B 114ms
113ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CVo7hkXi6ZaCrForLoPMPvdGPgArs6qPOdYTi18K5EmQQASD-76A-YMmGgIDco8QQoAG6tey4KsgBBagDAcgDmwSqBNkCT9DtdXbiyR8PxiQr7xrKnZzG3hIFW9Nv-Sd06j1bxheEeEpRLv8QKhA_eLSW_lk9BrIY9rzVbyC-Sfu_VQUm-A61A9sOR7XtnlBsyZJzpgAuMbtUF7nAZ-NeAspkyniGmadUgzEI6-Fkl5RPZYxUO4yUYk_tLexHWMUHpl6UlTW3hU3md1TwrUcB92CIEq7wzetCPfVrq7v_f5ETEnl_CmtF-sXyL8KEhE5Z1d7eobswoV9vLa8fw-9IElJhldfD9GelMPKSefzIyoKurBQ5LRygIPkO5Y8VxovVc4JwEWFin9LV-U6JyxgpB4RGYc_UM6xwG0fBZSQD-7nqG6f92wDjODNG4MYbZfqz_Rcy6CroMSkJ47uW7YuTJTYEOJuAUTX5O4jz6_hLUlsCWzoBNzLWgl1Unga494fofcL31z50hCUAXVMn_p416n_NKVaCLo2Vr2WjIUVywATHyOyP2wTgBAOIBeW7oZROkAYBoAZOgAe67byYBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgGEQARgfMgKKAjoEgECAQEi9_cE6WM-D4JGJiIQDgAoBmAsByAsBgAwBogwIKgYKBKy6sQKqDQJVU7AT0by-FtgTDIgUAtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1706719379348&ai=CVo7hkXi6ZaCrForLoPMPvdGPgArs6qPOdYTi18K5EmQQASD-76A-YMmGgIDco8QQoAG6tey4KsgBBagDAcgDmwSqBNkCT9DtdXbiyR8PxiQr7xrKnZzG3hIFW9Nv-Sd06j1bxheEeEpRLv8QKhA_eLSW_lk9BrIY9rzVbyC-Sfu_VQUm-A61A9sOR7XtnlBsyZJzpgAuMbtUF7nAZ-NeAspkyniGmadUgzEI6-Fkl5RPZYxUO4yUYk_tLexHWMUHpl6UlTW3hU3md1TwrUcB92CIEq7wzetCPfVrq7v_f5ETEnl_CmtF-sXyL8KEhE5Z1d7eobswoV9vLa8fw-9IElJhldfD9GelMPKSefzIyoKurBQ5LRygIPkO5Y8VxovVc4JwEWFin9LV-U6JyxgpB4RGYc_UM6xwG0fBZSQD-7nqG6f92wDjODNG4MYbZfqz_Rcy6CroMSkJ47uW7YuTJTYEOJuAUTX5O4jz6_hLUlsCWzoBNzLWgl1Unga494fofcL31z50hCUAXVMn_p416n_NKVaCLo2Vr2WjIUVywATHyOyP2wTgBAOIBeW7oZROkAYBoAZOgAe67byYBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgGEQARgfMgKKAjoEgECAQEi9_cE6WM-D4JGJiIQDgAoBmAsByAsBgAwBogwIKgYKBKy6sQKqDQJVU7AT0by-FtgTDIgUAtgUAdAVAfgWAYAXAQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5544 0
45 B 184ms
70ms Ping
image/gif 2607:f8b0:4003:c0c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ls20nhcm&c=2134487379515&slotId=1067243689757.5&qqid=COC34JGJiIQDFYolaAgdvegDoA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.1lm&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4003:c0c::5e Tulsa, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 5544 32 KB
18 KB 90ms
84ms XHR
text/xml 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Ar4llZyT6j9ymz5ZRNUMyktHLra1v_DgBJz3r7oULr_Z4rpXwoPkGwlysrgCoRiSgH0oC6z7ruvvVL_LE9lXz767HUSQ&cry=1&dbm_d=AKAmf-Czxcu5F4gO-_sncDeYTiGI543cspOXsHAeYYJXyRtW74R6UMezNn38B8d3PM0jAp44wIBDWDbRFjLjLE2Q_oCVLXlWqS8ptYrokjOXNa6hpy94roh2jEexQSEHbhwEWZkR6vLUdOVLcOb7zsCZ1PAKjVaGSsES1gLOeK54W8iyPiY3Ez2990ngY4yWeBxa-LxvWwCqTJlK2TM_BjxVH-l_cgyyJkJRr7wXQDYISJa_iU_-XRyAT0NTpgLwyZm2rkU2G5IEvM9OxCUMMgM5Ey9KyJh3dKZPqCLSAAcAEn3vECwQSt4iasUqNEplMEnGRleEnqayqNPfsmNzdQRLsJUbae0NzuLZlplpljMfT42fmwfLozCdhKoX-MuXhJ5-DeR7ujEMQsPm77xR6nqXdcA0tzkBLcrTpBewi8Rr4DHLcNjZt-4nG1XBXxIv1pxL9v3FDhPgscTFxDTK1EiMV2zb2aErc3zVMhe-Z-oGkmObJGnq1PXMWJVUQdbxoIfqOTYF9pdhef1m5ZK2CwGhP2_G9_8v9j4iARV_xr9Gt04y0KaHO2P8el9J0LZ4kfn8pGylYrl-vBAj6szLj3gfhx-o29mAw_BgVoGRPwtc9-gCsPTkbEXJpQbCYT2AgF2diFeO5N6JNWrFEDLI9EDUm9_EP0_gyMbIbgE8e2ACpxLKzQFdXV9ILrEn3zp7B6PvM0tf8z9VxF9BnhJsyILpF4G07tIyvw5ifZg2elOzBGvIsvUDhElo9d8rokfX_j8F1t3LDoEL7K9UXkEiGE22YblV75Wg8naMV6FjH9aD14ntj6r18hb9O7mF1Rk-eCH46x6lyJt57E-x8GMaKcSn6ANRMGLb9ynKigjNgc5lzJ4CzIJH-xgmy3_yj9HN3IRnTmaQCCyLCv9wWe2_mWBYe7rWX6k14-6zmQywntdeyf-VOx3TAhQzdJ1ihc3z9R_p-IzaNkBZ08Wjp_dwrYTSg-3hAv1Z9l6eOoXqgcSl3ExvdE4c0DqsqPG-DurcnXGqFW7Frjmx126IVVXsXPgxk1WCUi5uxAUqYBxz6O4Q-i0WOkBL6NY6ixy-MIL9WnsLpE6DqOZhFw62x5dwuxVgjEc8wl9T7AJ6i9O8P6GBWgXuwArIhOiiMcqukjcAnFFu6oRCew7_dkPy90KYSO0W9J8s5E4T0xYpTl1PY_nchlMML-YThAMS7mQ3gfmySphZLzkOUZiyMpJwn2FB2WoHk62c9KwejSxv0gobE5_Z7qiK5O1KVAF2lWoMJiAEIjymU-sYgwaMy5hAAfcg3v4nWCJ9pf6DEbD02FMNOAM56iyywlGhHIE9brmlNK2urw7ruXuLoyzlaDLrY-HJtt2Cpzzxlp4prHTV_-wR35PsY4lxtki2IaGeRYe3adptAcm94p6rw5O4g1qyH3pehDJUFNzRwhXd_KYaDcgwLmvdGwdS8kJnLs4_MGGxUtS94NCVn5G3qcnqsfhJjswKtBk1zuGOUXYHl9l2JzOBoZN5gYSqWfewcEkBseMTw36k5-r5fz7SiGWpCpJ-OVwos1qaPa4v40FbAsYp9o4_O0vVFtbt47-xQAw3ej29DL6Gu-WNzS6DKq6aIUvmAL5wW_T0r5Wi8aACoK6jxnTpEgJ23EZCv8qBqQyzHgZkAwQB8hCidqtocgjIrHx6l2pN9p74Jys3e0UylqvtEnVcOj2qIasx6mWTS5n_1eIT_L9xaycOctXWabNhXUBlKh35R2qMTF98oU2QcUIN_tOA8i7SPat0adKhRGX26M7KCJrT-Z0VkTBhHksHarMlvBrtD4L2DUcJ3i7oHh5fZKylfA6OwufGtPD_OkJ64BoxhbkTejbdgAJ0GP3pPj7Q3zoGScT2-bWUvBs4PbiLgurgYprui3Z9k0VkTBRqWHwoi58G2O_RXOzwemSVv8ScoonhbphA2jpGZp4nHpZV5pFVOAsCAeUTVlNUCNdaPGCMx9ws-WblGTzaBEt4KbPuPDivPZ0xzUAwYyZ8i-kMaOKJApKWgTSwFs5GIZKEiPvc6qhsWKC_-JtNt0DLRml0fABO-DwcxDbtjaqFg73vt4z5Nb9ZNfqvf5MPrj_4wfRsdbC4dIYJgSJUCoUgo5GgzS5jHEyZehk0q58xVOZYAJGgiEBobMSQBO3ONmeIaDKfglmWs0TT8v4CNu-5nVs1hPv-vIyaFbLw_kbHUfN6zlcKGoQGCt9srmIVTTx8O_VwOnYdk8kZgAZh_o3aGR05oKPqrmnHxMez0ha3wkIwrbNjbSAB9jJnYS2Sl_i0dCJebUSPhEagfVlM2kfHs-3zW8mBv-zNZX8xvkjx52JiUbKCXDt_dhpHgI_5DBY_0JFWcZGsNYGeogGwpa_5IvYytG2Lsi1J6KggfpmICFY9VXO5jx6L66VBDaXMu-R5I5_ZbUJg3XcmQwzJZHSPoBWqk64wdhDboNJsU4Mk3_aF7vaoYf8yGT4enM_i2F7wry6zOo1vDXC5rDNSp0WOUTrgO4A3mnMMFby7sSiRPHmNsA9NUzc4jEE7vKP90wyp97OiHY7LggDHgmmravRVmTl9uQG3aAS7wf5nLIDKmzhSOZVOGc8TI_8EArHCuwo26zTKiOKtuLKIEGZv3CU5pgUyhMHzinGtZ4tQbWslKuiRwgi5r017b7H0X5zvJjA1UF1goBOitmgLq0VtErCW3ap9_rvbGyD0jEuWGuzRqMvvcxN9qHXBGlxY2SQ-XpV0KcNcbp7mB_FksN6EGaWXv79FRD7LzZlWrK74u2HeNV_2tzxiUvWQ3VQjLhHtH9eDf9C-JsxyfBzT834pU4UDeORM1YFm1PBvYhVzIIn7jiuKj4bLFhI0MkgbcJcSyYNriHc5WEsAaLTzjEU4D88CsGUfC62q57l1uKr-JjcZe12HwnqgxqZdfYqJPuNVs00ypBrfeAudZkP3erYqW-P4QOmQj_xvWvkr7fGdD5hw161YKIEq3JbrluTz938KCXbMscvaXzhtpRPVQFxjLLW3IGmPRPZdVGu05gtN4Q9HTNwb-Be93zlzdg4ftefzV0Bc8tf3p9tXDzK8wr583EaOv8pnDUZDrwfuS2ZoEpQ8MDqV8QRs2jP1ptB0WGK9JrwnM45bSn1KBEYvohbwqqGWNMQiHo7AHIPiAgeXOCJUOTXZX-GLi_tRAwhgHgDrORD-n0ov83TQADtW4xQJWnzbVMEDI64_ViWm1qyDNbqZp4TqMxBza_3oFAjGEPHxDvXXEoidWgxwWKDhqmcpxa11t93VLTrk5J0wkC7i229HK_DB3vOvVmyCCxWvjb4V1L2KkDJG7cYNE2s5nuYMgGjt1CQFabnRhvfncu2k6-iNt0hOnO2mTDmYhOgZDd1BlsueQwXpGz-cLDbQWQ1OxO8BOpadyjgDu-L28tgaAWi4RqnhnOqjEqt0xdFL672Odhw0Br57Fbdly2YBpV1J3EpLGYjgn6He-yMXLvs1CaxVt8Tdh2jrD4xdgTyHJbGYje3365C75lwKlaZr26O69vDFcPZ-2GpBBzEZHg0WK_a5FWx-n_YthojxleOjJMtJiPnirk9IncFHXg1IjTVlLmYvUqYzxqrudGfe31HS96D7SEYz4wNhW1z0EC_ZJfdbDMRNWWK0hU-gHC3BCQwax55SNfZ5BvOHwSRCVIF1tRYPJzy30jtCBthL2vyWjPKq36UL2QDJobvOMrn_m5p5vtW1HLlW9HRLAeZZ4PLCd_UpkCLjpufVltmO_rloFX6OpGfRSbBCB4Q6iHgvIIi0bPG1Zap-VeoBzMU0-VhsprPwCUYNWr1374NsVG5WNyWTHSIV1xIB0PtUEl-gA_ECR6oIuus4QtgnsaDNgc7hLrOW_CfKqj0dHF9kWB69lI-QbF1jHywEvcK89nqGftttUphx&cid=CAQSTgAvHhf_6Pp0rWKJ5MEkehFKuEMyppiQp5wjDR3I-Sq5UFvr2XJc2qGaNr0hJoViiMGuiGR3Y-qb2Ie8NsZr5fK7hE9qilcMNLq5FEz0_hgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

c4899ce1ff0e432e9b6f5c7d9de44bad497f54d384fdfa02746ea5bc2ba0391e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17942
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 0314 0
0 115ms
114ms Fetch
image/gif 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuugznz79xu9BLxJ1JLAHclnO_eeMs3JkS1lgRBN3kbT98De2ZmY9td9LpqJj9fvNEXlMeIP_i9clScTLb9PQNlTuQCaGMURhuZkauBDYTtD01BluN3e9_obdhVH7RuM2GFwrzXvd2PG0jm8ziknKF0TXy6Z8vFSrNIC7GW96yXnBFMlDWZWaqlwt_TflcGydXUuGd9_XoQrcVPkFYOG0p8dCgwd-mQUyUsxUCu2ONvJbOwG-V0Sy4FWEYgxhCVWnYzhaBBUrtAY1tJNDJt1gkTww-sqLZgQr2ZSJnlP4ITAEXMHgi4YS5ucWa0h4W04_RCO7-fXZ4NVGXrS3Owc7uhMYzUZoMiFt9LJzAlDnyHBLff_mzDp67bNEaRFNiMEaU_x8zs9XW2kcELWDoVY4UjPJh2hyQXVS3NoI1QWea5ayGfrW7SriaBIW8C4MuWLHE6wkVu77MK4bpCMGaLjyEc4h0lw0lBlvxHdOCzr9Xe2FfL6vL_OxZXb7V0qKc-fxNg70XuTMPlm7W-e3kD3bDi0sPAadYsU3Y5_e3rXF6rngF4uEgosGekMRe6df8boyyc3deyvwwtYaFE1mqKRrVLL0l6Len0T7cGobq3nv9hjDsKfjpSw5pkMLkyefYY8y1ubBNkkdDdTV11dkQGngVdIHiK5xM2JGQh7RjCwSAD8yVWxt1-mOaxZfYkRIhN7Wm9S4YQlJFUxyoRpdv6guXmrucY0JRy6mcTIf9NEa3YOLD8ywHoaE_4pcjyUzthJQ6SWkBMKeq2goOLtrPd6SfF7-vm9WcdWuG1_DjndoHdQK2IDej7TlcClsf-cm_-PlRxneR-E-a67I1RtbkAWVQ7uFhpYrjMvXMsqNm2o4-ouPaHVTZJkN67Iv3yDUcjWuGhnekDORGa-bhM6LIT1k74mQ3wWBNdONYwd67gADekKNR5Y5p_3yvazp9-Ba9il5I-deVj7pO1nSgIUK5LiNopg0qLjkGT0kUjJJGA4dl4x-0qerCOKj6tg3zzM-M6ixmiX6fCQRWCzpJxqjF7M9ZeeKsbknVW7O5FLkMqt4ZbgDDkGyyo400Gi7LT4_k4cVeWwrdLagsPSK59nHtIZh8uJHXEhknpS9sHvThk9Me5rCnsZSdQN6uY1MbE91Zr9LUjiSmKB2LtxkYSnn0JS-NGoRL5lwCSQMd01xOonCm-IfAPCCBNSSnaRH0BC6aCGE8rSru7OAhr9AYybNgh6bn_1xG-2K_OYoDKGKt3S6chwJpLVthlX2iF35XQSOPWkhRdyar3Taafa-_DQFFvqzjoSuQPOF3JOiIcFvsutIrHjsa4-69QCBlzU0S-yh67gsFv-hz7mT8eCxFKizcwQaBceTFuzWQoyZSZxXK1hucAtPN6P8Nr2bNE9YWun852QReb6M-_tLGh_62Aldm98y1zH5hJWE-CsRU9eBJ7EX0Bcv-ioUfaN3MCl0Io1GECo2UETQvm8evoogFeYbEiJLKpZwW8-Ba1frzdBxJKF1aAOFLd58DvX11YAJiABUpTi-k7lM33CMjIWM2TnU8uJefiHuOrVx8ojMP_GwipTli_XhMNRr8vY2wkzbfgip4zyxYQbERW1Uusrm8Dg75Jcab9BmXbwjj3mU8&sai=AMfl-YTQ7AD2LLMkMsktquQfRlSlbxaQZNlNid9LRFkdkwQN6ZzB_-R6aGcvrW-II7SHN67OdjVnWrAsVWm-vRHZGshACWlvVg-uETznDpBeRluTg08PxEuRXIn-VwYJ60ARmwZ2-s5bXWvnxt8G4mXbKYS4mwJrjLrN6lcrj6CoFodTatfi_ZLg9sawtC8DqV53TANjhBcL3VrGro_W5eFj4E5l_cUob-OFf_kA29t9cTBV8gWLg_GCcWNYxdSHpCet9uaezx-WcNXGjwT-4cNqpHybIX_RSkplvjyhrZtnIw7hVl8yRUDYfcrUEdNZy3Cq53j-xSJKm37VQMb_1wZrmEpe5VJJmnBP3f9weBoPMTGyf3kU_TgbtYSRq0sNAjpna2S1I-__4D0IVyoDuS8f6WzPMazO3_B15zkoq_p4Q7hf_YNvQKiE5yGVMUGXapooPTjqoBZOS82IRly7W4hi4xKuYTG_xjM_jHir6LLX-H_mMYCXwCW1R4PEuq0uyzhdPraoaDs&sig=Cg0ArKJSzNsXLlR53o9qEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iYWhpYS1wcmluY2lwZS5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=811&vt=11&dtpt=553&dett=3&cstd=245&cisv=r20240124.48715&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H2 200 noah.min.js Show response
bucket.cdnwebcloud.com/ Frame F64F 19 KB
7 KB 75ms
75ms Script
application/javascript 54.192.51.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bucket.cdnwebcloud.com/noah.min.js?1706719379464
Requested by: Host: bucket.cdnwebcloud.com
URL: https://bucket.cdnwebcloud.com/n_one_vway_bahia-principe-es_np.js?n_o_nu=not&n_o_aut_tc=275490374&ord=414564318
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-4.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3949bc357609db6e9bc5796a30a25a1865ba837e2cada69a1832b03e0814a51d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:08:27 GMT
content-encoding: gzip
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2023 14:02:49 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 84873
x-amz-server-side-encryption: AES256
etag: W/"3c5a63b88b693279fc4d9dcff91d29c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: LI16Dg4gz-xobxiRGSI3yMSp9nvbI6azAKKLA7PVlMTtI3Dt1yFm2Q==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 64FC 17 KB
6 KB 55ms
55ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H/1.1

206
Partial Content

file.mp4
r4---sn-q4flrnld.c.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 64FC
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r4---sn-q4flrnld.c.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/acao,ctier,expire,id,ip,ipbits,itag...

426 KB
427 KB

214ms
62ms

Media
video/mp4

2607:f8b0:4000:12::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-q4flrnld.c.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/39D7C9E1DB0AB84ECD32C87AA56AD06AB96AE422.3A02C13AC042AE9D11E97FDF78AFA3A614C7C4A2/key/cms1/cms_redirect/yes/mh/9s/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4flrnld/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

HTTP/1.1

Server

2607:f8b0:4000:12::9 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9df8cd495861ffd4f3bf6b8454f714e83b40a0da5f6035123a1a0bc46babe8e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 31 Jan 2024 16:42:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Nov 2023 23:56:23 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-436303/436304
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 436304
Expires: Wed, 31 Jan 2024 16:42:59 GMT

Redirect headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r4---sn-q4flrnld.c.2mdn.net/videoplayback/id/f53e9cd10ee1f26f/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1738255377/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/39D7C9E1DB0AB84ECD32C87AA56AD06AB96AE422.3A02C13AC042AE9D11E97FDF78AFA3A614C7C4A2/key/cms1/cms_redirect/yes/mh/9s/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4flrnld/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 648
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 3CF1 39 KB
15 KB 62ms
62ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

GET
DATA 200
OK truncated
/ Frame 64FC 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 64FC 13 KB
5 KB 71ms
71ms Script
text/javascript 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81988
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Jan 2024 17:56:31 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/17935818835445338392/ Frame 64FC 517 B
545 B 74ms
72ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17935818835445338392/replay.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182fc11158c66dbbd0432664c2967f118f3a5e57b7e5fb28822376e8dbe365db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17935818835445338392/index.html?e=69&leftOffset=0&topOffset=0&c=lksWgQzzhF&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:40:15 GMT
date: Thu, 25 Jan 2024 17:40:15 GMT
x-content-type-options: nosniff
age: 514964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 517
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:56:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

POST
H2 204 csi
csi.gstatic.com/ Frame 5544 0
54 B 76ms
75ms Ping
image/gif 2607:f8b0:4003:c0c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ls20nhd3&c=2134487379515&slotId=1067243689757.5&qqid=COC34JGJiIQDFYolaAgdvegDoA&fb=outstream-lima&vast_v=2.0&vmfc=13&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4003:c0c::5e Tulsa, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 5544 41 KB
15 KB 77ms
76ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 05:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213484
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 05:24:55 GMT

HEAD
H/1.1

200
OK

file.mp4
r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 5544
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

210ms
64ms

Fetch
video/mp4

2607:f8b0:4000:24::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4223DD85B81B4F72A17E87E0C1AE8E5DEDF7D5B5.3B5DA5E9BD6A011FE769C414AABE875AB3CA22A4/key/cms1/cms_redirect/yes/mh/xJ/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4fzene7/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Server

2607:f8b0:4000:24::9 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Wed, 31 Jan 2024 16:42:59 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 428599600
Last-Modified: Fri, 26 Jan 2024 09:49:25 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 31 Jan 2024 16:42:59 GMT

Redirect headers

date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 648
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4223DD85B81B4F72A17E87E0C1AE8E5DEDF7D5B5.3B5DA5E9BD6A011FE769C414AABE875AB3CA22A4/key/cms1/cms_redirect/yes/mh/xJ/mip/2001:550:1d05:1::10/mm/42/mn/sn-q4fzene7/ms/onc/mt/1706718567/mv/u/mvi/4/pl/48/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 5544 453 B
477 B 83ms
82ms Image
image/png 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-1618592205083780

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
expires: Wed, 31 Jan 2024 17:32:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 814F 8 KB
6 KB 92ms
75ms XHR
application/json 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67efe0a63d2dff2e09eaabac71dceb658341d5ce38489805e6a9f26b1c67366f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5883
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9146 42 B
64 B 129ms
116ms Fetch
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvmpu1EYQ_j8XaTZGA9PL-wdv95joLHVMaL6nJ88MtoDzFrdU3k3ucweZdKNnyIPOMjNR2GKidSoopqbdHg_HiFEcIbnpb6U35gwVjP54jifdAEJkuP3DCrTtpDffEiROg2BUGurRqWR6U4aQ4vrK8-W4_d&sai=AMfl-YRqUkG1XYyq8z64BSBNamO_FN1AuQ8QX1i-uCAGfU8hZ6sOucr2VQ0QtmMMsDTH2wvdfTcu5qFlmsXez6RVxEjTIw-pVmw-cD34a2LU84Vk1x5w46zvU2MO70qWzNhcQxI4WqOPOwQWEE8K03ulSg&sig=Cg0ArKJSzDgeh_uL2MuLEAE&cid=CAQSTwAvHhf_Xs2CTV0YYHq6lr3Kwl7H5EqW1poIoMicEvtNNKIU2JDfkqMzIGWFf-z34nf_Z0_xis2mWhytLNs23M9mPfSvqpUpChWWZOmQLFkYAQ&id=lidar2&mcvt=1027&p=0,259,40,300&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20240129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=992306218&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170671937700&rst=1706719377310&rpt=869&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Gotham-Bold.otf
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 154 KB
69 KB 65ms
64ms Font
font/otf 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/Gotham-Bold.otf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183be4309aa229c11d790bb79b82a6a181a3f76cd009635a145a9d65c9c80766

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:26:14 GMT
date: Thu, 25 Jan 2024 17:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515805
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70565
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/otf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Gotham-Medium.otf
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 126 KB
59 KB 54ms
54ms Font
font/otf 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/Gotham-Medium.otf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8183507b37f3df80ea253b144745ed58784f5b4465b5216fbf9e314df592d06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 30 Jan 2025 01:54:26 GMT
date: Wed, 31 Jan 2024 01:54:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53313
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60432
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/otf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 1ADE 39 KB
15 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CCB9 0
20 B 125ms
123ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BGNtIkXi6ZdKGMpScoPMP65md6AEAAAAAOAHgBAI&bg=!FhWlFVrNAAa8BdJLnAU7ADQBe5WfOBQ2MPqH1rrm_J8sRAa2QbVHJw4TgI7x6RVxfHvcTWyG2xF0J4YfX5cuuh0CpWg0AgAABJ9SAAAAC2gBB5kDIuPCTb3ps9AA5tshK1i0hGefg6f-IQH1gRowlkelfduVYrc3ZtVSjXDXSi6qfJ8ysHx1waNVU-gZSLe0Qe601G55ckvzA4u9nxmhv0rBTpp_mufFP0DpXMtYeyM009gv1FIgCvLQ2zzI9xcPPRWmJvjRoRlhajpyA8r9i2lpdjiPI2AUkXvb6EdYYM1JhcEryNFI5jldukpbF7MuDVA9xcyZH_LVdiYhlcPzf5eXfVAYy35VfYpFgl0JkdzVuA87qYOUGgdiGobZqKMZFZtHFhPmO2jVJdfrVQFH2W3yEWcHuhTmrXBAWioDdOqFxfMeOweD83jvcXZflVotT0l1ELf_6pG7B6FLFAbYx03QHDJ7qLSECmgRcuyLsJncxlkTufHLFJG6HadVPh74cQ9yJ8_e1a1deZlOszw6dMYgUoiR-MKXbpL51LJD5qwkjViSildGjq-kdASmrQRdRVtnDYn-wQhpVc08_BX-1mxsxIPl2MFyOzcIi8Lj12VqywgXVuw4uTozl-SGNGJMYtVsIvEbj8C1n1h-LZYaoMAxFuYpAGOsI_CPGCJVPI37h-W3imCcOIOgrA2ZTx2K8dGF-zoA8mxAhE3ED_FrtcBLeqjKkduh6hLGnZXeLQsSs1ylMSv6Ns4ncwdnC8XOdqVdPNlkrzOYZEUIYNoe0eFDKPMjFzAk6BhkIoxbfDwRbb3l7i-E63Xge7HqcId-Wim9x_FkXFOwOd53k3jKNQbSKG3fvp0epIBGfW1bfNWBcj5X7hl-g64ZFJxcH0AVRrrPJOZSMSPZKwkGk5xu-foH4vo-IrbqKBsDyHpJXbrJ_ptwCNptiG6_S1IlVh8WV4UXCS4pqcj7ftN1t6l0rGz3kuo6cMcVo9wD1b2uGO7X-oaxWTLy9uG001BSiVvc_5SaRIl4lrBE7l6fLtZBpfFthjJWAMCySfUPhLVTiscDAejMdSqmfOKE8wT3gGl3GWUd4iDNKv_G0LBaiyZuA8FW74tYqtIoV8-heYBiUgeJVB4K3GyKlbLBKitHeQhlBU_F2IsqYh7shcvSRbd_p8MvzaF6gG0

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 0314 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11f7e44a484661f09fb5e952a1623f477a29d1546eda9780bb06547ddfe793dc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 atp
neural40.cdnwebcloud.com/ Frame 0314 74 B
323 B 494ms
146ms Image
image/png 54.228.121.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://neural40.cdnwebcloud.com/atp?577728982338=&n_o_aut_tc=276473795&nonhm=true&gdpr_consent=CMP_NOT_FOUND
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.121.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-121-187.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 31 Jan 2024 16:43:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 74
content-type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 814F 17 KB
6 KB 58ms
57ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H3 200 Gotham-Bold.otf
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 154 KB
69 KB 76ms
75ms Font
font/otf 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/Gotham-Bold.otf

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183be4309aa229c11d790bb79b82a6a181a3f76cd009635a145a9d65c9c80766

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 30 Jan 2025 03:06:15 GMT
date: Wed, 31 Jan 2024 03:06:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49004
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70565
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/otf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Gotham-Medium.otf
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 126 KB
59 KB 72ms
71ms Font
font/otf 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/Gotham-Medium.otf

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8183507b37f3df80ea253b144745ed58784f5b4465b5216fbf9e314df592d06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 20:51:45 GMT
date: Tue, 30 Jan 2024 20:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71474
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60432
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/otf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6AE5 8 KB
6 KB 80ms
77ms XHR
application/json 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c78c4638e9b648790707f416784d447c732762c2b2417b33d45234150668904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5963
x-xss-protection: 0

GET
H3 200 texto_logo.svg
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 5 KB
2 KB 64ms
58ms Image
image/svg+xml 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/texto_logo.svg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbbd6285bb18a8c92cc59574c958877754850f795f0f4dad205c79fd21d1d467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:41:29 GMT
date: Thu, 25 Jan 2024 17:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514890
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2125
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 sol_logo.svg
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 2 KB
1 KB 74ms
64ms Image
image/svg+xml 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/sol_logo.svg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08bb8bf8ea037474da111ae1a70781e3210f7a0b29ac2f61cc5e88a3e37b920d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:48:41 GMT
date: Thu, 25 Jan 2024 17:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514458
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1118
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 PALM.svg
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 3 KB
2 KB 72ms
61ms Image
image/svg+xml 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/PALM.svg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afcd6ebf6cf7124e138218f69982d6c9ca1820345967c9263d243dbf5631d204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:56:40 GMT
date: Thu, 25 Jan 2024 17:56:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 513979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1519
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 palmera2.png
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 960 KB
961 KB 70ms
62ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/palmera2.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73f6add564f8d8c794d4b1bd49749c1770990b44616591ea59ce7333cf05a574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:41:29 GMT
date: Thu, 25 Jan 2024 17:41:29 GMT
x-content-type-options: nosniff
age: 514890
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 983441
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 palmera.png
s0.2mdn.net/sadbundle/9845278200317499338/ Frame 814F 941 KB
941 KB 71ms
63ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9845278200317499338/palmera.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22e99768051bfffd5038e9ead749c8beab5ed5f1042a82eaa188096b2c63d4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:56:40 GMT
date: Thu, 25 Jan 2024 17:56:40 GMT
x-content-type-options: nosniff
age: 513979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 963679
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 puntacana_pros.jpg_1641818490109_puntacana_pros.jpg
s0.2mdn.net/dynamic/2/10889189/s0.2mdn.net/creatives/assets/4372216/ Frame 814F 899 KB
899 KB 77ms
68ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10889189/s0.2mdn.net/creatives/assets/4372216/puntacana_pros.jpg_1641818490109_puntacana_pros.jpg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f6eabe4823cc0f6a9e0ecbfe0aa590539d20ec27f541c00f1cd6e8a376bf1d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9845278200317499338/index.html?e=69&leftOffset=0&topOffset=0&c=xPrzq818Nb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 17:41:29 GMT
x-content-type-options: nosniff
age: 514890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 920912
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 12:41:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Jan 2025 17:41:29 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 9160 23 KB
8 KB 61ms
54ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 412101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 Jan 2024 22:14:38 GMT
expires: Sat, 25 Jan 2025 22:14:38 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame F64F 0
0 142ms
141ms Fetch
image/gif 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv8Nkdku7IFHCrnx-E-mlam8Brxxx5IO3zRVq7Z0rRGhRDAvhT1dEqopuvvW2VeGnwdcT98UfgqnC3UMwck3wIypIafWbiX0hhHYxWoTWIePgOY5VOuUwb0AFbX4Uymd-Syza7w-ZaQWHFgQk1nseS9ODQHFsHo0oFHp2KUUxBVJbPjYBW8zy8KWQUKN2pIgjjY1J6BqVeCoU_wKoUm24TOD10Y3fCIu163jn27Qmu67OeFwN66TfVJ32PQw1bZ-5ClOIeZBJ9Nk8eB79H0yTzDQIYXRNumxbrrisqdWrz0v5sNpuXrg4vLs61K9gpXlrQ1QI8yHNqST-YD1xapEnaFU9dqcbHGT3S2lZRoau2meaakMaBQOEw9W_F0krHygJEm-ae61VverDBKcTNmF9SfdNTMlpQIrWkKtHze1hL08D6rwvB5jQ58wNTcmPfVkwGRNR46bnZV9hNImEqN-3cfezVqGlbFj9Doppdnp4VDUT1z6KEJvOOFPiVmJbDo1CWnPDafoHfIyLuzMRm3RhzA_brXuCOfFx1RH59Inhi1fDYXB5vm11RJOPcuF3Tynrr6V_raFr0Y1P8Fst9YlxLAivE4rQ3s3CJUUBmsIRABeTfISiTMwKklu_27QRQDNumW8RzuDWfgeIy43JwjQPl2n2qjXOA1iHe6EKzBqkharC7MTPBFRa4WJZ_Vawfwus8bDQJRAnmXTJG8FgJ0ApmLgF3eBJNjdepZcT_zWcpH5m2DMimjZzlg1aGEjxYHq-tE0z6aDbb584QMqLGlsOjfDQZPYH00d1eoD5I4iV9NTfqN_m8suZtE69RoUREzZvS9mbmb_dnIpPl2-nzDFmjAXeRZVlgjfQlcPNslBdYkR6aiot15TU6F8S7Fhgtntopguwemef1DDnG-lY4yWqpJtJXsEAOQHIjbnWk5_V2ciIw6UB9gdtTF0y_8r40_f3SrwOAim98fM18VyzYBogu-0uKjF-AYth9EtVJpWUnkTIwLRGxGLOCvLjbqPLdaDD47Grdugh4iP2z1o599tp5hVqjjxz-6JyN7arG1i3OgQPvAbvCIvqgrsnxVvH6DtvauDkaEdadbYek-0lojqa83Xmb0OQEg61I82z3zURDjCid00LkfxTEvf6kwD43qiLnXshVjUhJ1Z7nY6YribGMZ7bGas5zNuYp7xzi-0fLQvdLptUJXW-IruZ-V-1bS9OP0MRv6NcxiPkptLanO9zVobIxmDdK3eNmub3Sb-5VrsNXvA2eK1yt72cFTTsXd6IgGbT-RSNjamqwwx7hVuv1ZFMg4yerFixHahty9fwVl4AJX7sEY32n8X7POOtLwP2rypdJjOPZoaJlh17yYMeDXi6cpMvO8D2bo92LexCJ4LSJq8cfyauHAjYyNt-5rN4rxRPZyJIFYzCrYGoMCgk5AKQXS-W-uXhBhyEJc1qebWJCm24B8_imHPqhRdtrLx6J1EqvtHqQX0hTNnx9Z-05YUJaBgXMxBSdUvn2_Ts2Q-CeN07DUa-35n0gEj8MX1Q8M1h-irKxyYfSALg4isMtMTt5d06QxfEFkHQlGrAMcNd9_qeIioGD2BckFYE-5jflaBL8nXcvAEnmTHEDj__Y6g9FQPNn9rM-W&sai=AMfl-YTJrvpMfVKJVvM4eETwDgSdvmyuEuk79MLi81ae0kABxCC8iAMT_TzZlTSt_gdjY3EUVx1jS5op4kmw3DONVdkUbFZNuIX520UOfiGDDlwtRskdrPB6j5f-sWnMu4-kaWUpRqrITMfRd2kMeS7ke2RL16KCnz_G3NqexpmgBRbcmWovKmM2JMHAXkfHb7n77Cqgam93lZDBNR0cNA2DnK-zChyoc6N0intUwGd5vchQODH4xeSHrlyVIGNNNQ01_0AwFHMK0IB4v5liK6io0zXLOXFG7KiHK6R3LC2WgudvzjEr8y4cbCRRT0vUWzXc2WuZraii2D_TrGSjxWU5ny_B27CYPkMkk-TODqPgxgnuT93kKFZmQQPEhsC8Nre6R1hqMygtIEODX_ygGgvKUsCKDF8BgU3pzhdacBtjb2KIP2CmrcrxlYH889AdTe8S0W0rUM-LcgyqoyBOsXNUFjX8fmG8OUEM3sbYQ4tdmDivjU_YY_qC3j4LgEWl5eY0VRzG1Vs&sig=Cg0ArKJSzNicLr0RDFA7EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9iYWhpYS1wcmluY2lwZS5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1164&vt=11&dtpt=780&dett=3&cstd=374&cisv=r20240124.54805&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6AE5 17 KB
6 KB 59ms
58ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:42:59 GMT

GET
H2 200 atp
neural40.cdnwebcloud.com/ Frame F64F 74 B
322 B 868ms
747ms Image
image/png 54.228.121.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://neural40.cdnwebcloud.com/atp?4516414957=&n_o_aut_tc=275490374&nonhm=true&gdpr_consent=CMP_NOT_FOUND
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.121.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-121-187.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 31 Jan 2024 16:43:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 74
content-type: image/png

GET
H3 200 sol_logo.svg
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 2 KB
1 KB 174ms
166ms Image
image/svg+xml 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/sol_logo.svg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08bb8bf8ea037474da111ae1a70781e3210f7a0b29ac2f61cc5e88a3e37b920d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 20:51:14 GMT
date: Tue, 30 Jan 2024 20:51:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71506
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1118
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 texto_logo80.svg
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 6 KB
2 KB 180ms
172ms Image
image/svg+xml 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/texto_logo80.svg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45565342518890a25b46dee5e726ad773917bfcc17dab19f4d6455f4a4b9c722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Fri, 24 Jan 2025 17:39:03 GMT
date: Thu, 25 Jan 2024 17:39:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2164
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 palmera.png
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 941 KB
941 KB 175ms
168ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/palmera.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22e99768051bfffd5038e9ead749c8beab5ed5f1042a82eaa188096b2c63d4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 00:29:46 GMT
date: Mon, 29 Jan 2024 00:29:46 GMT
x-content-type-options: nosniff
age: 231194
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 963679
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 palmera3_1.png
s0.2mdn.net/sadbundle/11938805746972946677/ Frame 6AE5 490 KB
491 KB 176ms
169ms Image
image/png 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11938805746972946677/palmera3_1.png

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7316c9f4d49e26236b93f844761720c06a1e9a32de4eea83678381e3237e0947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 30 Jan 2025 04:20:30 GMT
date: Wed, 31 Jan 2024 04:20:30 GMT
x-content-type-options: nosniff
age: 44550
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 502226
x-xss-protection: 0
last-modified: Thu, 25 Nov 2021 15:49:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 rivieramaya_pros.jpg_1641818490109_rivieramaya_pros.jpg
s0.2mdn.net/dynamic/2/10889189/s0.2mdn.net/creatives/assets/4372216/ Frame 6AE5 629 KB
629 KB 173ms
167ms Image
image/jpeg 2607:f8b0:4004:c06::94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10889189/s0.2mdn.net/creatives/assets/4372216/rivieramaya_pros.jpg_1641818490109_rivieramaya_pros.jpg

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::94 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9da6de1aef1fa34d5e7eafd29d8e2db02c2e3cad512a7f100520b830fd6da113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11938805746972946677/index.html?e=69&leftOffset=0&topOffset=0&c=EsTy24zt3I&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 17:42:41 GMT
x-content-type-options: nosniff
age: 514819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 643736
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 12:41:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Jan 2025 17:42:41 GMT

GET
H2 200 avw
neural40.cdnwebcloud.com/ Frame F64F 0
105 B 227ms
148ms Image
text/plain 54.228.121.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://neural40.cdnwebcloud.com/avw?1496040403658&n_o_aut_tc=275490374
Requested by: Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.121.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-121-187.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 31 Jan 2024 16:43:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame B23C 39 KB
15 KB 67ms
66ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

GET
H3 206 file.mp4
r4---sn-q4fzene7.c.2mdn.net/videoplayback/id/ac009f5b781f17c6/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3850711325/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 5544 2 MB
0 130ms
63ms Media
video/mp4 2607:f8b0:4000:24::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240124/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4000:24::9 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 31 Jan 2024 16:43:00 GMT
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-428599599/428599600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 428599600
last-modified: Fri, 26 Jan 2024 09:49:25 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame E7CB 39 KB
15 KB 55ms
54ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 9160 39 KB
15 KB 66ms
66ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9146 0
21 B 121ms
118ms Ping
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7047580445748&version=m202309260101&ct=119&x=1&cor=3253382708057700000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ag._logadslot& Show response
fundingchoicesmessages.google.com/f/AGSKWxVvYL51Ws1QokQwJW2ZRVUapIlxKmf3U3wzoP6RlYPnoRPiKHF7B54BoRIT6ntcIqcvaVD5g3f9viYuJFt5NWzqOYbFfcGIzaVFbH3u4zEsKhZNHfG46m1D-Ga1KrK8t66wh_pNr57pkQ5_HnN01YnQ2iMCx... 54 B
110 B 77ms
76ms Script
application/javascript 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVvYL51Ws1QokQwJW2ZRVUapIlxKmf3U3wzoP6RlYPnoRPiKHF7B54BoRIT6ntcIqcvaVD5g3f9viYuJFt5NWzqOYbFfcGIzaVFbH3u4zEsKhZNHfG46m1D-Ga1KrK8t66wh_pNr57pkQ5_HnN01YnQ2iMCxEH6NaS3V4DdKDOXMXuI_K1jZDyYRy6L/_/ad_feedback_/adblocker.js/adrotator./delivery/ag._logadslot&

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.lMIzdAKKDEY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwUwk8S3lvqCRjdd4FHf7_IJcArdw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e300f975ef7c4891958823595fc7bb225d79b494f0157bd036497acaf47cebb0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-HEsPAIrq_zN1Ev1SlfzZOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-HEsPAIrq_zN1Ev1SlfzZOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsKoxSXF4KkhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHEC8bsvL5kEvr5kkgBiLSB-J_mK6RsQ7_DxYHkTPp2VL2I66-mC6ayXgZitAsgH4ri66awFQMy3bjqr4frprFvOTGfdA8Qxz6ezpgDxYtYZrKuBeErgDNY5QNwSPYN1GhA7pc9gDQHiz5kzWH8Dcdntc6x1QCzEwzHl48u1bAIvHrxuZwQAdgJZJQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 86 KB
30 KB 58ms
57ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cb00582f66db2a752a204b662cc0860a94d2cd945eacdad5778abe7414ac5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:02:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2422
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31168
x-xss-protection: 0
server: cafe
etag: 14589227577193608053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 31 Jan 2024 17:02:38 GMT

POST
H3 204 AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 189ms
75ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GAKpSLJ2HLtPhPHiXCNTjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-GAKpSLJ2HLtPhPHiXCNTjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw1pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBD7s6NrHCADwECDi"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIkpP8kYmIhAMVFA5oCB3rTAcdEAAYACC1gathQhMI5dnfkYmIhAMVnAJoCB0Fkw8W;dc_eps=AHas8cDS4h4PqayOLHdar39kQblwznHX3pyT0Iu7v-u4yih36YRI8d22cC0xDcZ-nv0k-95iYC7C4bSbvg;met=1;&timestamp=1706719380340;e...
ade.googlesyndication.com/ddm/activity/ Frame 9146 42 B
199 B 137ms
118ms Image
image/gif 172.253.115.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIkpP8kYmIhAMVFA5oCB3rTAcdEAAYACC1gathQhMI5dnfkYmIhAMVnAJoCB0Fkw8W;dc_eps=AHas8cDS4h4PqayOLHdar39kQblwznHX3pyT0Iu7v-u4yih36YRI8d22cC0xDcZ-nv0k-95iYC7C4bSbvg;met=1;&timestamp=1706719380340;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9DD 0
21 B 120ms
120ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BLKe7kXi6ZaOrForLoPMPvdGPgAoAAAAAOAHgBAI&bg=!iYqlisXNAAa8BdJLnAU7ADQBe5WfOPKyA0C1J83g5u9gXBGc97zCJ4_wktnvmyVIKyf_wCorJndsfufu6N_r9FhJbii3AgAAAxhSAAAABGgBB5kDMUQj6yDIik1RxwVT9TcOd-cuxpJm3Y1VuTHC_nkQh6Y9wSvxAQJTZEx_a16pbtw2rBY2bx8jz6LM82JioBGpL-XNQz-Mp0z81dNCQfuTCuQqlh2mmz_5RGuEU-PCof9UMZ8nwZWn8U5-MCGFBuTbVVqPqlIltkh-yFz1I6Dz4rTnHWiJr3oUo8duBWfcXZAmyVe3EbfJvxXI-yiPsR__QrA_V3x1VjOhG6aZM_cPCRceQAO7GSWw42e5rWRuoOln0nkP29eY1p1FYWdUPYMZQifrSbwZU6uYCvzxG4nENWrWwTopnV-HaWHZ8w_5A-A3f5_eiUJ8LrJjeFPQiZwa1v6g_S5GkMOliwNshKbpWLY1aL665pjN8DV2NZUu9fSuKXt8icEE1k0L1qSDd43pbGdo3GQcdOV6a-8nDjHdk3NBi632xpHWgOSFkbQROy9P4rgorB0VmTvBsLzXA3hC18xB2HQwZLZOuJ1tUBCAuiM7JyKMBXbHgEaBdC7BETZ7uaUpQ6cXqWWCicmS_WapMmUkXrlB6odY1mdmQfWmp6CLmnrqM5iPhecL7mMClDrbeikU3C7UHqjuC_WQyj4Fpho1om19X-qes6yiZfpZWKV5fw3F6zkRajEbqvcCHfKePvLpSFpqXYmuF67ccm2esFD4aRVgL1gLJ9g_d_hibB4uikbybRWgo6XlpcrsGG9eLiSnnAZcqEhD7wXO4l5jTVvSyEkctdrukDckbu5e9ioZjuzRJBnqs0wvTZNSAbNrhab32aBsi42_c0MNIEnKLRnQaH8UPxDU03IW_fGvur0k885Go9xz-ZRBCLVr45rlUB8xe8m5VldE-DR85z4SMGyCOFlz1UjIa8BxSqOH9GehMQVxw0o-uIeTfO1WApCeFJBJGXGJbfGfQdcvOKgeoKxGzNZiVyu73-4Kiz3lzP4mVSs9vf1WiZ1-sNLOet-ttWriGD8k8rSbesuP0vEZl6Yf55xz8MmJGarS7JE3jxaFiNPup6y0Wy5WhdmFroj1ImZmZocTP4IrH20xUey8j4LdcDfWDTo9irUMEGyYGPHB6mDNjltjbxGJrEh6JYvj1qI

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 78ms
77ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eFr4bDU6rOqtSoCgXLABCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eFr4bDU6rOqtSoCgXLABCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0ZBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBC78XTqTCQDuaiD3"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 71ms
71ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-_qQemZMXpJrcfQ8y1nA-TA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-_qQemZMXpJrcfQ8y1nA-TA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw15BiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBG7sOz6TCQDxViDt"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 75ms
73ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kiawy8ioGvJnWEpXRxDUnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-kiawy8ioGvJnWEpXRxDUnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0pBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBBrW3ZvNBADrsSCR"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUoa2MDL3Kl8nEA3tF-AueYc99DrrGbBBq2cI0lEUSc9tEY-s58k_sqV-wBbW70BVB2VPwuX-Blm6T2jyemfqUg1UU61swRPLcNEJ-sUqEH7Fb4mnRr1tYhclwjdiwjstkO_h2a1A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 84ms
84ms Script
application/javascript 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUoa2MDL3Kl8nEA3tF-AueYc99DrrGbBBq2cI0lEUSc9tEY-s58k_sqV-wBbW70BVB2VPwuX-Blm6T2jyemfqUg1UU61swRPLcNEJ-sUqEH7Fb4mnRr1tYhclwjdiwjstkO_h2a1A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2NzE5MzgwLDU2MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cueW91bGEud3d3LnNiZXJiYW5rLnNiZXIuc2Jlci5zcGJqeThmbnJmY29kN3AucGVycy0xLmJvb2ttcDMucnUvIixudWxsLFtbOCwibE1JemRBS0tERVkiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9f80af13b5a1a227cda5f6e7596cc5d9e5d40a792472318e29e7515575c45d60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tca-J5Um7zWAHwo09DSMKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-tca-J5Um7zWAHwo09DSMKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJwNxz0LQWEYBuDjySMkyYTZIBOb-UwGi1IUmZRkOZMsTPwDed_BoIzyMRgMBoONSAaJwcJxJCUfC4N7uIbLPjMF7T5FDfiUlXqgLaz9J9pBRTlTHY7JM10gFNApAlpRpzKYfheywf1lkOttkAeCcPde6QPjWNR8Swp2pgTPNcEbsJRxyFYFa-DsCw4PBI8WgieQ0QXnoMOSu9CIS25BLS25CWpecgKeBclfKO2XXAW3w9p4GD2La7oYtukPbspYwQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F64F 42 B
64 B 117ms
117ms Fetch
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXWGsjQZohw9A0i2oIPBPqUKmLXrJrymH3puZgZ3Pn5CApILN9QQ27---F_QjKJtQXl3XfhRD0S8hASk82gOiEmy0sNHaGS86NFYdFCgMozIakeMgGFaSeQyxAOHXEBq_ZwEoit1O3F3_d34JjmqrBfcQb&sai=AMfl-YRPboaPPZEDAM69Fyv_3ip8wgpbi-LEwbGoIUBLtFLgLb8ZhupChxqtssAhH1Z_hWK42Eeoi2WCdUoP8hLNSRaGATRJbL8rAWDT21KVitOpho4RpeHaaZfRDd8aNSjhm8OvNgJXeIVF_KOI-xbV&sig=Cg0ArKJSzD6KwvtH1PeOEAE&cid=CAQSTgAvHhf_6Pp0rWKJ5MEkehFKuEMyppiQp5wjDR3I-Sq5UFvr2XJc2qGaNr0hJoViiMGuiGR3Y-qb2Ie8NsZr5fK7hE9qilcMNLq5FEz0_hgB&id=lidar2&mcvt=1086&p=0,0,90,728&mtos=1086,1086,1086,1086,1086&tos=1086,0,0,0,0&v=20240129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170671937900&rst=1706719378676&rpt=798&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CF1 0
21 B 118ms
115ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bgo4okXi6ZaWrForLoPMPvdGPgAoAAAAAOAHgBAI&bg=!ycqlyoXNAAa8BdJLnAU7ADQBe5WfOBfs_UE5RLUwG7eH_MSB6v9bnyWlGIj6YPiK9B77cIgtcRrpaoqzc8yXVMsqRhEjAgAAA0FSAAAABGgBB5kDN8xm87kOexqQ-UX49rLoF2vX-kqBz1xzqqDCOrwmeXiL9btnF3936azVeSA9WF6qudcdRH9ktmePWMtnLCDwrDyruA1PohKEEfzsrZcmZLxzvPpxvo-rOvi87pdQaLXOJwC4LcSj8wwGpAuEK-SK_rebVrvJzC8strJrLREHYqqeixsgbeBbCEX6TmlHxGTkKVTYHl5G3FjPUTIm-ZzA8AP05cyLPlfMBpcFqcsQgpoGjxSuSna7QtCHWlu01AY7u7muiD15vU3F4IaxGHb9VHWlSY0wRI1yMWZnQbNNWfZZkVysfsR2vXJKVox1q98knv7rzvclCzH2eHkjoLNBe8jumBvGcU-EssMWMMk2R6-ON1EBorijNpxLaEDP5HnIuCUrMmEwCEojEzxAn5aZH2vX473K2LDKPcXacrMbGnu8CHGmXxv4ZwntcQMUCTOjr8cg6Qizla631XfMLe682LFvE6bZ7MfzDEFFnfWbZAMvB8GiinJn86SOi4_CI_MuGKn2UgPHgVXSX_JYa91vRp-pPMmbxNqUkHiyz8n6ptvJ0W5hP5zRWPqo7p2-tFGNJMwKzelhVtIYdyh7kZJAUpnaa8q8vWQBRkywRlY1J2a7A7OLt83gwBXCr80CQj7KN95u9BCFqts02PaFcPk1CxKdiV67T2v_2UNNFEZhxgMa0piZlNt2a6kPPNP2AXB-0iVojZebcwk3BgkFOmhrOIMjHZhTvdpVwei-ndJzkinPKZmKUHAUasIBvZCibEAI_ek7yVjf14RgGEuIDmVihlo0FZc23nGdUnTWDXHwRcV6oTZOlxG-8-nJv5JnBzhQu69zI0VE8-C2IJyCck1h25_ACOLtugqFpf7xOI289QjWKgBmYZlxElm5k3Sp_HQ6G0E3dH2f8_LL9PLgg0-cnO-BoaIH8citheI8x0wrkScqU60X5pH0kT0DoKeClRw0BBDPC2du8RJGWvkAXLNZdFYaJYpyrGeBOP9T6nJJtXq2zRqr134YUyXHDwVobYLcXNw8SBHEWuHTIHbynPMnHAINYyYissi8BoGvS6Omv9yovKRh9r4o_gSFpINyYbGDRcIqp1Zc4Kk

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9160 0
21 B 114ms
114ms Image
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BRY2tk3i6ZZWBGeDYoPwP4OC7sAUAAAAAOAHgBAI&bg=!kJOlk9zNAAa8BdJLnAU7ADQBe5WfONLK8fz1oWtQTAIpLdGEE4sttI2H6zRoL-CjVInhKzEdWGQqorIY61LR5yrB9NtjAgAAATBSAAAABmgBB5kDNzKT9mCvSXjsdzLDdih_YP366FrFgaJeqGHnaqdP27mKJ_3A6x4Nz2i31r4hqtE6r5db8jSNLlovq8hd8XDnwCHNvvhCWz9BPS2d7MbOTlt0aWIu8I1hB1GtcxiHA4vpII1VbEdiqyb0MVjfoOplXQiV-bXkcrG3xIeAUoAfgwTzqM2Ch7CUZ7fJYwjSaqFFxpWYCnehOfIoGtJW1CNml1TB9LkdZcg6FXy5PwDdNUgxPibscGbnoVQnYY9SXqdnmKpk76zWby5LBFnPPMOTB3zHaM_aFY6Heo__TlKr4YsH12NFquqi-5HNG_DKM2gKIqtgCwPqHre5KRgEcftEkWa6w7RfrozW-A3M8at_wikelW6D8zfM52isYexo46BmfpcZ1DR16hHLfqEHzspOIBuOeLf8ZvQ9_y3bBzMyD3Sk6e_K4rH86Kt3jx5FOh-GEDqOU09gz5a6c50ga1q0pPxs5yg3s02x3DEnigRXh81UbYzHESy9jGzekSvECQJsE7NncvhaFYs_9nb6MCJKc0wer8MObGmIpzc22bh49UjL4foP4RsVzciAzNKhIRvaEKWL3bW39vFBcwyZbsScNnIROx_Jn3HbOgZIHKhxzuFHL-2uRf_rQtex06LcdZnFV732IWIL6EMUAD-jkCqeU8UDvrnPM61HOUQLAv51iZ9qjXU2pdpfJ1q5Q968HlSo4RLXaRqYb4RVXwkr8IIrBScQO1Gu08jw3T27XP5aDBNwu4fBu8D1aKAkYnXAKPPcpA5EB0-HchqvEXgfUJ8gTdoDoh9uxXyZWF0IfuOfMvPQxkxpkdNQxu29X8Lmr2dzuWm-CMpL8Bs08Hvt72xTbMJP-G6X8l0H4WB9c2Jcp1hpxJHwHE8ZjSM6JkuWXbczXXAYgxumXPxs8xPJKY0pD9Ek_Ta21nL2H9mWX-69Sx8-vfpdbeGsCpMUVIDPVNSMyqQJdFNU2lVt4NC1NSynjiGX0p9QF3xpt2hAptinVcALPt1pOrbVIxG8ADdVfwINn1fDHq00cRpbRjlc3vP5OlDwWFaL8xVLYlal45L1yBHl9qnGr66VZ3FOQaijrphlsmB6T7_0ke8

Requested by

Host: www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
URL: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxW-XB82J68HkrNyaAbo6krRU0PdogFkrybOM7HmjbPixzHMp-4SpgcHXXFFjXNxWwKTvq9ZJ5eme6xeEJw9C8Ai9BcWDfovvLhsORw8Z3v9Bm3Gs7-i6xCk9Z17N6KiOoCGrl8TVw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 76ms
75ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxW-XB82J68HkrNyaAbo6krRU0PdogFkrybOM7HmjbPixzHMp-4SpgcHXXFFjXNxWwKTvq9ZJ5eme6xeEJw9C8Ai9BcWDfovvLhsORw8Z3v9Bm3Gs7-i6xCk9Z17N6KiOoCGrl8TVw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-spNKycULU5Xi8XhCKazQCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-spNKycULU5Xi8XhCKazQCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw1JBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBC7MalzLDADuISCK"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 74ms
73ms XHR
text/html 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiIA6vYFb8bKN9UoD1d0Zv_AqsfvkwXXEcd13CWwMXrR5aDEzGM3Gto97L-JVD_s49QfNY6pfze0sbIeLpPq52Ghml_OYpLg36Tw4oraEESI-VH07zfgXbUEK3y259En8JmshLnA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--SFczf4U8VVLhp7-KarGYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-security-policy: script-src 'report-sample' 'nonce--SFczf4U8VVLhp7-KarGYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmJw0JBiqGV4xtQKxAXZz5kqgJjxzwsmTiB-J_mK6RsQ7_DxYJkSOIN1DhA7pc9gDQHistvnWOuAWIiHY8rHl2vZBCasfbCOGQDrjiC0"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 82ms
81ms XHR
application/json 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240124&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb53c642930f6a69164eb7afdec72b48ae78bc72260409b8a98c15ace8cc7df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12026
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0314 42 B
64 B 116ms
114ms Fetch
image/gif 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssE6cCLAJ-AGKH5BE6vv_QBWHpYU0-kBoxNMUtlC4QdoO3YB-L3-gIsPSJd1921UTHVCpDZ8JIU5jJYEM3FbBQzolsuanVClEkJA3l0RQp5Do9J3CPUKM5fj9D660_h4eE1MDGtnga-mdyQ6WwRo9583Ans&sai=AMfl-YSuZsvhcZSzwciDew0Zu3bojobfVUU0n41ouqXOiGglBI-omoy1q5Jd8cPDKks9pQU0QO_Mc5e3TWTojGh1DJ4EI_PYzY1imP2aSh-D5us_LGe_n1-AMDzD6W_x8ie8Hh3JQz43xMiQZW8oDbqr&sig=Cg0ArKJSzOyQ8D0Y4COsEAE&cid=CAQSTgAvHhf_6Pp0rWKJ5MEkehFKuEMyppiQp5wjDR3I-Sq5UFvr2XJc2qGaNr0hJoViiMGuiGR3Y-qb2Ie8NsZr5fK7hE9qilcMNLq5FEz0_hgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170671937800&rst=1706719378627&rpt=521&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 57ms
55ms Script
text/javascript 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:43:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Jan 2024 16:43:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 753D 13 KB
5 KB 64ms
62ms Document
text/html 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 140060
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jan 2024 01:48:41 GMT
expires: Wed, 29 Jan 2025 01:48:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1492 829 B
1 KB 356ms
71ms Document
text/html 2607:f8b0:4004:c17::6a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::6a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a615d1d6069751bb64dd7dffa0649987c7aee3f41efc3d846048053164eafa5b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b2xBgxVDPGT0JFpxbWW7ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-b2xBgxVDPGT0JFpxbWW7ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 31 Jan 2024 16:43:01 GMT
expires: Wed, 31 Jan 2024 16:43:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 753D 39 KB
15 KB 53ms
52ms Script
text/javascript 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 10:30:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22325
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 30 Jan 2025 10:30:56 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1492 0
0 113ms
113ms Image
text/html 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240124&jk=28178944929096&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 753D 0
11 B 52ms
52ms Image
text/plain 2607:f8b0:4004:c08::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vWz3pA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::84 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 16:43:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 5544 0
45 B 64ms
63ms Ping
image/gif 2607:f8b0:4003:c0c::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ls20nhh5&c=2134487379515&slotId=1067243689757.5&qqid=COC34JGJiIQDFYolaAgdvegDoA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1179&mt=video%2Fmp4&vs=1280x720&msm=1&aits=15%2C0%2C18%2C22%2C692%2C59%2C309%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.1pw~atrd.1q1~vil.2m0&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240117_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4003:c0c::5e Tulsa, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jan 2024 16:43:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 110ms
109ms Image
text/html 2607:f8b0:4004:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240124&jk=28178944929096&bg=!g4ClgM_NAAa8BdJLnAU7ADQBe5WfON6HuTf3dtsBYvhuhDnafv0Fsub22_93QOhvTKzmlpVALkuDJHfP6HlkFb-B7BmgAgAAAKZSAAAABGgBB5kC8WRpJZn7T8O2zCt4t6ctUk1ovER2ZsJhNxLXB2AGkgRKy7QNIP-ICSwa-MI4Syi2_9uO_y32kHiT300h9Tp2nXa9ESA9A9GIESLZgCwdIAOfrwEXFlj2EbOUOJhbzUhf6iyxML6jee3ninciu95Qg7iEG_H-l1VALjaJO2DrQVLrU88OYE-bn-MRpfKmKe5asWZYdvf_ElXE5pLOiKTchrx3HSwmpOXfhbZ77WzOVsMRiYI-KKnwwg56iIgXFPZTExBtnB-HkkQH-x4vP6tFxiRdCqjM27eWDJYPMyjbMwraztsqQXRzanFDdp3N3hmeE-Rhjt83GL9awsJIHoLKJm0tcZHWHOZUijq_IP6czae8N0-i8koCr3iT8uyhzSyLSVdFI14KNat20-GbwO1wRvyhwYscIXLr_sjC3cCj0f97YD8vAh1TJoT1oBjJArrHC-JL3syyzRqkJ6_XPFA9xqlAEPiqPvmJAA6LGRhrPX5YyjN3nQXClMtASDWn6FQn6WaQBSZ_a9EnUDvctHEpLSx9jyTUHQp0J5S6QvCclUnlw-MUp1aKy_IGQjlkUjDQAcSXkYNWrPi3L8XLLA3hq6CSbg-HuJ10jvcmhydmKlpt2RzNLwXU-EvhK0EaWGkJtIv1brF1dKENbKNdmn0j7XMdiE_sK-IiwcZ0J9h6biF25eY_VPDNpzt4yP2aalxFyeJ-6MZKFYvjJM0cwcjgadl9GrDHJA7RkFdqQDthIvEyyP1wG_ugomly-80GkXpapWmvTP7JHBj2TIU27V5_-x1tLd-ZokYhXG5Ajx_Miyip4FJvnWuVWgINZwV4SIKoyRsQDnk-_LhsTnAMN3rpHqX5_rr7-mZMF9jQlvaKGbxU69rWZEi3xU9iZv_2Aq4S87M_u6fZdNDVfuyCiTMN5n9s9i51AA9xDqUzAPc_FGni2nXf5d8o5IDCRafP_GeM1YzQESkZWEHomN5JenRlf3yWH02tjuxWx6IGNDRKLmrP3g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c0b::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

179 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bookmp3.ru/	1970-01-21 02:50:55	Name: __ddg1_ Value: V8cNkyw2RAtIMJPsqpvh
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/	1969-12-31 23:59:59	Name: _csrf-frontend Value: cde731aeb533e37d3b530ba15aab265fbfb19645d7ee601a52b8ff6ecaa1305ea%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22%A1%7DJT%80P%FC-%01OC%CF%FB%40%B2%1AM%A7%0F%89%8EMk%C9%B6b%F4%5D%83%A1%3F%26%22%3B%7D
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru/	1969-12-31 23:59:59	Name: b Value: b
.hit.ua/	1970-01-21 03:41:19	Name: uid Value: 2098655886.1706719377.313851357
.yadro.ru/	1970-01-21 02:49:44	Name: FTID Value: 1bkdYH0z9c8j1bkdYH001KEK
.yandex.ru/	1970-01-21 03:41:19	Name: i Value: WzzoH82iywG/v7m+ik7cZZbAOsyHYVBBgFfjaYJlGK2pdlWM9qwadsdV4haZRc9tOACnKPHykjf0rsG3axkyBD5EIN4=
.yandex.ru/	1970-01-21 03:41:19	Name: yandexuid Value: 4968187281706719377
.yadro.ru/	1970-01-21 02:49:44	Name: VID Value: 0-rbfI2ui9uj1bkdYH0010j3
.bookmp3.ru/	1970-01-21 03:26:55	Name: __gads Value: ID=4d3667ff6e8c8cd1:T=1706719377:RT=1706719377:S=ALNI_MZmnm2WdsMYruCRJZsK4Gv7_4Hoeg
.bookmp3.ru/	1970-01-21 03:26:55	Name: __gpi Value: UID=00000dbc5efe9232:T=1706719377:RT=1706719377:S=ALNI_MYksawDueFl80Np86Rs_xvPVpsXtQ
.bookmp3.ru/	1970-01-20 22:24:31	Name: __eoi Value: ID=c7461111d1a0dfb8:T=1706719377:RT=1706719377:S=AA-AfjaxNniLFvVuSKwzCW_XTcjz
.doubleclick.net/	1970-01-21 03:41:19	Name: IDE Value: AHWqTUncsEX_69dvQG6xeilumcUSHlK3V_k4IfEZ52jyjm-hvmcnG6G6a7AlEKop
.bookmp3.ru/	1970-01-21 02:50:55	Name: _ym_uid Value: 1706719378352900061
.bookmp3.ru/	1970-01-21 02:50:55	Name: _ym_d Value: 1706719378
.doubleclick.net/	1970-01-20 22:24:31	Name: APC Value: AfxxVi7PFdt3PfRcDZJAXiP-UF8Sf6-a3gd9-5SP5RGsMFBN9jdrXA
.doubleclick.net/	1970-01-20 22:24:31	Name: receive-cookie-deprecation Value: 1
.casalemedia.com/	1970-01-21 02:50:55	Name: CMID Value: Zbp4kWlD78buVd.bOGf.CgAA
.casalemedia.com/	1970-01-20 20:14:55	Name: CMPS Value: 1627
.casalemedia.com/	1970-01-20 20:14:55	Name: CMPRO Value: 1627
.adnxs.com/	1970-01-21 03:41:19	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:14:55	Name: XANDR_PANID Value: URjafKG_q2zdDmEXYDShhQpAjGhGG1RXyJWOIU_ElGGkk780SnU9v-L8_DSnX2UGN2QQe4g46jbeNuPGW_F6DZcJKTk7mHZL7D3z_8PHTvQ.
.adnxs.com/	1970-01-20 20:14:55	Name: uuid2 Value: 4126612799602361139
.mc.yandex.com/	1970-01-20 18:05:19	Name: sync_cookie_csrf Value: 1021440802fake
.adnxs.com/	1970-01-20 20:14:55	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVKiL3.J!]tbPl1M>e)ZlrFUfJ+tGXvX+Qos=]XtnaU@nXp+MW$HdZKnpG]5*Rq3E!P%3If)y3KL9D3I?+[ovhEJ
.mc.yandex.ru/	1970-01-20 18:05:19	Name: sync_cookie_csrf Value: 2062527923fake
.bookmp3.ru/	1970-01-20 18:06:31	Name: _ym_isad Value: 2
.bookmp3.ru/	1970-01-21 03:41:19	Name: _ga Value: GA1.2.556708885.1706719377
.bookmp3.ru/	1970-01-20 18:06:45	Name: _gid Value: GA1.2.909189492.1706719378
.bookmp3.ru/	1970-01-20 18:05:19	Name: _gat Value: 1
.yandex.com/	1970-01-21 02:50:55	Name: yandexuid Value: 4968187281706719377
.yandex.com/	1970-01-21 02:50:55	Name: yuidss Value: 4968187281706719377
.yandex.com/	1970-01-21 03:41:19	Name: i Value: WzzoH82iywG/v7m+ik7cZZbAOsyHYVBBgFfjaYJlGK2pdlWM9qwadsdV4haZRc9tOACnKPHykjf0rsG3axkyBD5EIN4=
.mc.yandex.com/	1970-01-20 18:06:45	Name: sync_cookie_ok Value: synced
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 720665811706719378
.yandex.com/	1970-01-21 02:50:55	Name: ymex Value: 1738255378.yrts.1706719378
.yandex.com/	1970-01-21 02:50:55	Name: bh Value: KgI/MA==
.bookmp3.ru/	1970-01-21 03:41:19	Name: _ga_XR25G8TDFM Value: GS1.2.1706719379.1.0.1706719379.0.0.0
.openx.net/	1970-01-21 02:50:55	Name: i Value: a0573db1-3d2c-4446-8b9d-ae2739c85b10\|1706719379
.teads.tv/	1970-01-21 02:49:28	Name: tt_viewer Value: de1bea39-6ee4-43b5-9daa-dbe24f0eb04f
.bookmp3.ru/	1970-01-20 18:05:21	Name: _ym_visorc Value: w
.neural40.cdnwebcloud.com/	1970-01-21 02:50:55	Name: n_one Value: cb24d28d-c057-11ee-954e-0242ac110002
.bookmp3.ru/	1970-01-21 02:50:55	Name: FCNEC Value: %5B%5B%22AKsRol8VFp2-TGx0aoCbFDt8dGFKOImLGBOQc2Tsh8Ox7NZg5s98PWN_28rg-1-51my5f29L8P17vDJ31DVxDOLQCZJ85on1BnehsWdGG49OL6xwuR1FwzLagEY4V9qG9I0QHEyM65YCJ4UI0Svn1EkywpyPmpXKZg%3D%3D%22%5D%5D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ade.googlesyndication.com
bid.g.doubleclick.net
bucket.cdnwebcloud.com
c.hit.ua
cm.g.doubleclick.net
counter.yadro.ru
csi.gstatic.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
mc.yandex.com
mc.yandex.ru
neural40.cdnwebcloud.com
pagead2.googlesyndication.com
r4---sn-q4flrnld.c.2mdn.net
r4---sn-q4fzene7.c.2mdn.net
s0.2mdn.net
sync.teads.tv
tpc.googlesyndication.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru
xp4stm90bvzr.frontroute.org
142.251.111.154
172.253.115.156
172.253.122.149
172.64.151.101
23.220.121.51
2606:4700:3038::6815:e9df
2607:f8b0:4000:12::9
2607:f8b0:4000:24::9
2607:f8b0:4003:c0c::5e
2607:f8b0:4004:c06::61
2607:f8b0:4004:c06::65
2607:f8b0:4004:c06::94
2607:f8b0:4004:c07::8b
2607:f8b0:4004:c08::84
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c09::64
2607:f8b0:4004:c0b::9a
2607:f8b0:4004:c17::6a
2607:f8b0:4004:c17::9b
2607:f8b0:4004:c1f::9b
2a02:6b8::1:119
35.244.159.8
45.147.197.153
54.192.51.4
54.228.121.187
68.67.160.184
88.212.201.198
89.184.81.35
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d
03a76474d3688f27218b2162729d23eb82b7bf7d1e52abfedc7247030a2a170b
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
08bb8bf8ea037474da111ae1a70781e3210f7a0b29ac2f61cc5e88a3e37b920d
09ee9fc29c86cc3cc144e255635d758db5c98b926d3c67b166aa863bfe56eda1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dc4e71edf70aeb79a7b96ad71c63e3377a8450084584bebde370fc6425beabe
11c19322da0d5ba717f281542aad3d364fde06fd9b0df43c068510951fd0db07
11f7e44a484661f09fb5e952a1623f477a29d1546eda9780bb06547ddfe793dc
12d8aae0cf51d039bfbef1c8f7ec828851423f05c8f9e5d290b2c2e15cd9a8a6
16d9f70ccbbee41b2c8594646dc8587c07ce693655e7c0a97cb24c7577534623
182fc11158c66dbbd0432664c2967f118f3a5e57b7e5fb28822376e8dbe365db
183be4309aa229c11d790bb79b82a6a181a3f76cd009635a145a9d65c9c80766
1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
227614c21f09c5231bd9519d2509242e5effd12521dceac06da95573e587ba14
22e99768051bfffd5038e9ead749c8beab5ed5f1042a82eaa188096b2c63d4a1
243118467b955fa3ffd66248f80e9ec9f2b60b751eeed8c46bd3ddf594b8054e
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b6117d8be17a0ccc8f6e4bcfa591cb576dc1b8396d1c2e6e743927a03163666
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3133a9a9c4724701dbc3677598209583f992651bc8f62010df0a5a71da573088
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
325f25191af82345cc615c820126c663f55ee865ccb8c6f033e11ee57085617a
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3692e6a002123adb2404321010b2f21239c44e22d145e5d31e2663e7ce2d4775
370ce2401aa4dc6e7c26edcf87701fe82dc5b046f093bd4c9cff6064557e7204
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3949bc357609db6e9bc5796a30a25a1865ba837e2cada69a1832b03e0814a51d
39c8b4f1bc8a16c97cadc510b92bf8a22ba696bf62d9bd106221985299fe7ccf
3be3f024c46ff93eb55bb00f599911ef69c7957b19c8c3df9aca743259f35ae3
40430011aa9c10a0a5473d14865b13920c5f0203d7a269cc777e8e2c7eb8564e
425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
45565342518890a25b46dee5e726ad773917bfcc17dab19f4d6455f4a4b9c722
46ee61be0b2b806f4f1f7a2f5083d88982599787022c337811f1a97983f9fe13
47a37cabd33f930dd28119e3ba60cca269770f1b2a774a52bad0a75d8076cd8a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c022e98388f001ddc8593d79cd149b40e2e74868732dee70f6b7f4fdbe46747
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61d101801c1f9fdd8dddd032ea43c62fe911ddc06914c77ac8928b603f34c2e5
67efe0a63d2dff2e09eaabac71dceb658341d5ce38489805e6a9f26b1c67366f
6c78c4638e9b648790707f416784d447c732762c2b2417b33d45234150668904
701b097601ebdc781e3ca79cd15b6fc8a6012d91e28e4031e2a89457d91a00a4
7316c9f4d49e26236b93f844761720c06a1e9a32de4eea83678381e3237e0947
73f6add564f8d8c794d4b1bd49749c1770990b44616591ea59ce7333cf05a574
74130e91791cf3496d353724953e6466d3240ea308838a482dff16cd6c119aa0
744d7b814aedfc0d45ac8606e0c978b48de56c9e1149a9e9da06e7902096f18d
78788a484b77f37f7426b9bd6f15cd74c9ef95a46537de4c6a6f87ecea090d4a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a164985f05eaa421bb7a0121fea2e4d2da0864893b930c568c609638d121763
7a577f525ac39151dddeefdae10fd698cc0712bac37af3f66f1043dc4e1db34f
7de3c256573f84f9661292bbb0f6ee7060f4f5e4558305705fa31b2bc93c0c27
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
86093643e6702819f7c126fa0defb39fb1c4cc4070a1494a96a9210fbcdd68d2
8b6eb8ec16863d55b01ca4eedf4d7efb445df1ae935d00f6fb81ce1ac63e2a46
8f6eabe4823cc0f6a9e0ecbfe0aa590539d20ec27f541c00f1cd6e8a376bf1d3
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
92cb00582f66db2a752a204b662cc0860a94d2cd945eacdad5778abe7414ac5d
9365d263a6cb13e45b4241bba77c68d8b3629cacce4d3895abdfea1467e8bfb9
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9d5032c8e28febe586af0986664dbd2425b604bb431b0d2c54c4c95f503559a7
9da6de1aef1fa34d5e7eafd29d8e2db02c2e3cad512a7f100520b830fd6da113
9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f
9df8cd495861ffd4f3bf6b8454f714e83b40a0da5f6035123a1a0bc46babe8e7
9f80af13b5a1a227cda5f6e7596cc5d9e5d40a792472318e29e7515575c45d60
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a09a0085dc56e1597c7b5ec47d7e9ab250ed5e5e3d98f4a5a8100310775b5ac7
a615d1d6069751bb64dd7dffa0649987c7aee3f41efc3d846048053164eafa5b
a61735542ef93f832ab8321f9670a83ff11f58b5e122b2fb014199e32de05312
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a94755ecd90a113ceb5ffbb9a9834639bbf215711895074c4181eb309929ca25
afcd6ebf6cf7124e138218f69982d6c9ca1820345967c9263d243dbf5631d204
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2fee28dabf26003309184f3568a304c27e078ed3d9c0f2a75092dbf91b862ed
b9db30db84c353b393ebed43c0803e40d62453ec010584b9449a28f0348cd01b
bad8a82f42143fceeb15160a9b4809aa36745e08d09296e8530576bbfe5fc10e
bb09dc5040b062b175a5dea308c664866f136f55d43c296b8f06d738414ee56b
bc4540a14193a6537e0c03127bbf19848e6226bd437f2550d18f1f385c55eccb
c4899ce1ff0e432e9b6f5c7d9de44bad497f54d384fdfa02746ea5bc2ba0391e
c6f8aad2c2e01e81032eb3ce744f73450e33b1718dd95ee9cb968e76b8512f59
cb41205d5e75b52d0ef138410bc83de75905acf5dcd64cbc0aecb1703c3378ac
cb53c642930f6a69164eb7afdec72b48ae78bc72260409b8a98c15ace8cc7df4
cbbd6285bb18a8c92cc59574c958877754850f795f0f4dad205c79fd21d1d467
cea0c881f37fd3f492b1917ce42a88e0f95d7392ec970cb9646d721f7bf7fb87
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d3c50c8aab2ad723983b74c7c17d2bc5fe4e35931532221f5303bd1361898532
d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe
db0d17ee9c24794dc313d2588c0c19bccccb2f7439a0dcb6be8cc985df84baf3
dc3ac6a88d9a6fbd010b40a4db865f05876dd8e4e635d065474b2464e8005372
ddc19916cc2f25ba1826040610726bc13581a898c28bd3f9b0aad19b70241f39
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e300f975ef7c4891958823595fc7bb225d79b494f0157bd036497acaf47cebb0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e8183507b37f3df80ea253b144745ed58784f5b4465b5216fbf9e314df592d06
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb9458547563f51c8bf0a9bfe10c7165a14e284a50686853ffdee6bed92d98a7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f919c02713441d1502a5297ec6201783ecf8070a47d5df866a78ca2fb83bc865

www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru Open in urlscan Pro 45.147.197.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

196 Requests

91 %HTTPS

57 %IPv6

20 Domains

32 Subdomains

28 IPs

5 Countries

8060 kBTransfer

14856 kBSize

42 Cookies

11 Outgoing links

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.youla.www.sberbank.sber.sber.spbjy8fnrfcod7p.pers-1.bookmp3.ru Open in urlscan Pro
45.147.197.153 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

91 %
HTTPS

57 %
IPv6

20
Domains

32
Subdomains

28
IPs

5
Countries

8060 kB
Transfer

14856 kB
Size

42
Cookies

196 HTTP transactions
4 data transactions