urlscan.io logo urlscan.io
SecurityTrails logo

qiwi.com Open in urlscan Pro
91.232.230.126  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clck.ru/sKVYe
Effective URL: https://qiwi.com/n/NBPHACKERS
Submission: On November 18 via api from LU — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 13 domains to perform 27 HTTP transactions. The main IP is 91.232.230.126, located in Russian Federation and belongs to QIWIW-AS QIWI JSC, RU. The main domain is qiwi.com. The Cisco Umbrella rank of the primary domain is 600102.
TLS certificate: Issued by GlobalSign GCC R6 AlphaSSL CA 2023 on March 28th 2024. Valid for: a year.
This is the only time qiwi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a02:6b8::221 13238 (YANDEX YA...)
1 1 213.180.204.232 13238 (YANDEX YA...)
2 104.21.79.229 13335 (CLOUDFLAR...)
1 2a04:4e42:600... 54113 (FASTLY)
1 2 88.212.201.198 39134 (UNITEDNET...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
5 91.232.230.126 57570 (QIWIW-AS ...)
3 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... ()
1 2001:4860:480... ()
27 12
1    2a02:6b8::221 (Moscow, Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
clck.ru
1    213.180.204.232 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: sba.search.yandex.net
sba.yandex.ru
2    104.21.79.229 (None, )

ASN13335 (CLOUDFLARENET, US)
2no.co
1    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    88.212.201.198 (Russian Federation)

ASN39134 (UNITEDNET EDINAYA SET LIMITED LIABILITY COMPANY, RU)
PTR: host198.rax.ru
counter.yadro.ru
2    2607:f8b0:4004:c08::5c (Washington, United States)

ASN15169 (GOOGLE, US)
pay.google.com
1    2607:f8b0:4004:c21::9b (Washington, United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
5    91.232.230.126 (Russian Federation)

ASN57570 (QIWIW-AS QIWI JSC, RU)
PTR: qiwi.com
qiwi.com
3    2607:f8b0:4004:c07::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2607:f8b0:4004:c21::8a (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2607:f8b0:4004:c1d::9d (None, )

ASN- ()
stats.g.doubleclick.net
1    2001:4860:4802:34::181 (None, )

ASN- ()
analytics.google.com
Apex Domain
Subdomains		 Transfer
5 qiwi.com
qiwi.com — Cisco Umbrella Rank: 600102
static-uxfb.qiwi.com Failed
clickstream.qiwi.com Failed
331 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
21 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
355 KB
3 google.com
pay.google.com — Cisco Umbrella Rank: 2834
analytics.google.com
49 KB
2 doubleclick.net
stats.g.doubleclick.net
td.doubleclick.net Failed
910 B
2 yadro.ru
counter.yadro.ru — Cisco Umbrella Rank: 15372
2 KB
2 2no.co
2no.co
25 KB
1 gstatic.com
www.gstatic.com
921 B
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
52 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
2 KB
1 yandex.ru
sba.yandex.ru — Cisco Umbrella Rank: 437177
920 B
1 clck.ru
clck.ru — Cisco Umbrella Rank: 374558
820 B
0 flocktory.com Failed
api.flocktory.com Failed
27 13
Domain Requested by
5 qiwi.com 2no.co
qiwi.com
3 www.google-analytics.com www.googletagmanager.com
2no.co
www.google-analytics.com
3 www.googletagmanager.com qiwi.com
www.googletagmanager.com
www.google-analytics.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 pay.google.com 2no.co
pay.google.com
2 counter.yadro.ru 1 redirects 2no.co
2 2no.co 2no.co
1 analytics.google.com www.googletagmanager.com
1 www.gstatic.com 2no.co
1 pagead2.googlesyndication.com 2no.co
1 cdn.jsdelivr.net 2no.co
1 sba.yandex.ru 1 redirects
1 clck.ru 1 redirects
0 td.doubleclick.net Failed www.googletagmanager.com
0 clickstream.qiwi.com Failed 2no.co
0 static-uxfb.qiwi.com Failed 2no.co
0 api.flocktory.com Failed www.googletagmanager.com
27 17

This site contains no links.

Subject Issuer Validity Valid
2no.co
WE1		 2024-10-28 -
2025-01-26		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.qiwi.com
GlobalSign GCC R6 AlphaSSL CA 2023		 2024-03-28 -
2025-04-29		 a year crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://qiwi.com/n/NBPHACKERS
Frame ID: 57DFD20C4A2C69FCA8F83D60838BA5D3
Requests: 25 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2F2no.co&mid=
Frame ID: A7AE6457F92ECB4F053377BD5A9F248E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-XG8GE2YYLL&gacid=1567555412.1731970400&gtm=45je4be0v9165109293za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855&z=1919312723
Frame ID: 82D4CBC1C8D33BF0989A5AACD33543A0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

QIWI Кошелек

Page URL History Show full URLs

  1. https://clck.ru/sKVYe HTTP 302
    https://sba.yandex.ru/redirect?url=http%3A%2F%2F2no.co%2FNBPDonate&client=clck&request_id=17319703... HTTP 302
    http://2no.co/NBPDonate HTTP 307
    https://2no.co/NBPDonate Page URL
  2. https://qiwi.com/n/NBPHACKERS Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

27
Requests

78 %
HTTPS

69 %
IPv6

13
Domains

17
Subdomains

12
IPs

3
Countries

837 kB
Transfer

2687 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clck.ru/sKVYe HTTP 302
    https://sba.yandex.ru/redirect?url=http%3A%2F%2F2no.co%2FNBPDonate&client=clck&request_id=1731970396077183-12627346862793192795&sign=895d8c6a5dd03f26e9ea4835aea30cc0 HTTP 302
    http://2no.co/NBPDonate HTTP 307
    https://2no.co/NBPDonate Page URL
  2. https://qiwi.com/n/NBPHACKERS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clck.ru/sKVYe HTTP 302
  • https://sba.yandex.ru/redirect?url=http%3A%2F%2F2no.co%2FNBPDonate&client=clck&request_id=1731970396077183-12627346862793192795&sign=895d8c6a5dd03f26e9ea4835aea30cc0 HTTP 302
  • http://2no.co/NBPDonate HTTP 307
  • https://2no.co/NBPDonate
Request Chain 2
  • https://counter.yadro.ru/hit?t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296 HTTP 302
  • https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
NBPDonate
2no.co/
Redirect Chain
  • https://clck.ru/sKVYe
  • https://sba.yandex.ru/redirect?url=http%3A%2F%2F2no.co%2FNBPDonate&client=clck&request_id=1731970396077183-12627346862793192795&sign=895d8c6a5dd03f26e9ea4835aea30cc0
  • http://2no.co/NBPDonate
  • https://2no.co/NBPDonate
57 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://2no.co/NBPDonate
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.79.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91c1bc26af0076b28a3e3f268f0b251082f1f160fe02577d49a1b3aef11ae67d
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800 max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e4b8927db8142b1-EWR
content-encoding
zstd
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Mon, 18 Nov 2024 22:53:17 GMT
expires
Mon, 18 Nov 2024 22:53:17 +0000
memory
0.5375900268554688
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uS7hmMK4zYT7KDf5TLe8Ium7aBK%2B0EKr1mXx%2BOAHMtVlX61Bc4uOSG7Mmf9xmKhld9nQz8%2BSK5lhNPXmmcGS%2BMF5oA62Vv9nyesXhnpd51li8ScBAnC6J74%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=25334&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4155&recv_bytes=4497&delivery_rate=473&cwnd=12000&unsent_bytes=0&cid=5203fabcb8c52b1a&ts=498&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security
max-age=604800 max-age=31536000
x-frame-options
SAMEORIGIN

Redirect headers

Location
https://2no.co/NBPDonate
Non-Authoritative-Reason
HttpsUpgrades
polyfill.min.js
cdn.jsdelivr.net/npm/promise-polyfill@8/dist/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://2no.co/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"1132-XysC4a2Vt+mONL0o6U+bsaeRjIc"
age
14663
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Mon, 18 Nov 2024 22:53:17 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220140-FRA, cache-lga21926-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
1560
x-jsd-version
8.3.0
hit
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit?t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296
  • https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296
445 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
HTTP/1.1
Server
88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET EDINAYA SET LIMITED LIABILITY COMPANY, RU),
Reverse DNS
host198.rax.ru
Software
nginx/1.17.9 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://2no.co/

Response headers

Strict-Transport-Security
max-age=86400
Cache-control
no-cache
Pragma
no-cache
Connection
keep-alive
Expires
Sun, 19 Nov 2023 21:00:00 GMT
Access-Control-Allow-Origin
*
Content-Length
445
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Date
Mon, 18 Nov 2024 22:53:19 GMT
Content-Type
image/gif
Server
nginx/1.17.9

Redirect headers

Strict-Transport-Security
max-age=86400
Cache-control
no-cache
Location
https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//2no.co/redirect-2;hBranded%20Short%20Domain;0.5109101257848296
Pragma
no-cache
Connection
keep-alive
Expires
Sun, 19 Nov 2023 21:00:00 GMT
Content-Length
32
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Date
Mon, 18 Nov 2024 22:53:18 GMT
Content-Type
text/html
Server
nginx/1.17.9
pay.js
pay.google.com/gp/p/js/ 		165 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d5d232fd55d59585903f7023cc9c224fa6e88772ec112ce5028b8e11a3b4d604
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-OOtSVSlfdDmEJk_Dtjb3Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://2no.co/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 18 Nov 2024 22:53:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
date
Mon, 18 Nov 2024 22:53:18 GMT
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjStDikmLw0ZBiWF4qxbBkphSDxNeXTGpA7JQ-gzUAiFtvnmOdDMRzA86zhmeeZzVee57VEYiT_p1nLQBiQ4VLrPZA_CvvEqtqzyVWYyB-qnyZtUjiCmsDEAtxc9zrer-TTaDjQx-_knZSfmF8Zl5xSWJeSVJpZVpRfl5Jal5KcWpRWWpRvJGBkYmhoaGFnoFxfIEBAFctO6Q"
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-OOtSVSlfdDmEJk_Dtjb3Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
cache-control
private, max-age=600
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'unsafe-inline' 'unsafe-eval' blob: data:;report-uri /_/InstantbuyFrontendHttp/cspreport/fine-allowlist
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		156 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c21::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d41d989a2f13007427a70c583101c367c35461aac057d047f667fe1ac2d49b59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://2no.co/

Response headers

content-encoding
br
etag
12960373315640062469
x-content-type-options
nosniff
expires
Mon, 18 Nov 2024 22:53:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Mon, 18 Nov 2024 22:53:18 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53332
x-xss-protection
0
server
cafe
payframe
pay.google.com/gp/p/ui/ Frame A7AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2F2no.co&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vb61tCkMDs4LVcN0TgmH1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2no.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-vb61tCkMDs4LVcN0TgmH1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Mon, 18 Nov 2024 22:53:18 GMT
expires
Mon, 18 Nov 2024 22:53:18 GMT
origin-trial
AssDE6uDpaVUq9mb8HyrCnDR4hxNa3P1PQl8E0huFRpGw4MFWswRwyuk1E68LufiBFMulCrRk3VCexIRW39eYwoAAABMeyJvcmlnaW4iOiJodHRwczovL3BheS5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5fQ==
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjStDikmLw0ZBiWF4qxbBkphSDxNeXTGpA7JQ-gzUAiFtvnmOdDMRzA86zhmeeZzVee57VEYiT_p1nLQBiQ4VLrPZA_CvvEqtqzyVWYyB-qnyZtUjiCmsDEAvxcNzrer-TTWDHr_OrGZW0k_IL4zPziksS80qSSivTivLzSlLzUopTi8pSi-KNDIxMDA0NLfQMjOMLDAC3nzy9"
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
NBPDonate
2no.co/ 		92 B
770 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://2no.co/NBPDonate
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.79.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://2no.co/NBPDonate
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

strict-transport-security
max-age=604800, max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NKQVKDQh2LoarjLVPjrgN%2FIBGhiwOznp0XV%2FGFdb9ROTfsQG4j3%2FOfGdJgnQA6jUu5jyBS5aD9Yxt1Sa62vdS3eoT5Bp4EKH924%2F0ESHFH4CPkI544YvN4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e4b8930783742b1-EWR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=15440&sent=51&recv=60&lost=0&retrans=0&sent_bytes=30117&recv_bytes=50936&delivery_rate=1038299&cwnd=20400&unsent_bytes=0&cid=5203fabcb8c52b1a&ts=1667&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
text/html; charset=UTF-8
server
cloudflare
priority
u=1,i
x-frame-options
SAMEORIGIN
light_square_gpay.svg
www.gstatic.com/instantbuy/svg/ 		2 KB
921 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c76f766ed128ff1c05cbab4f53e470751b475152992a770d42273047bc1708c5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://2no.co/

Response headers

content-encoding
br
age
183879
report-to
{"group":"instantbuy-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/instantbuy-eng"}]}
x-content-type-options
nosniff
expires
Sun, 16 Nov 2025 19:48:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 19:48:39 GMT
last-modified
Fri, 03 Mar 2023 17:58:00 GMT
content-type
image/svg+xml
vary
Accept-Encoding
content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="instantbuy-eng"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
894
x-xss-protection
0
server
sffe
Primary Request NBPHACKERS
qiwi.com/n/ 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qiwi.com/n/NBPHACKERS
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.232.230.126 , Russian Federation, ASN57570 (QIWIW-AS QIWI JSC, RU),
Reverse DNS
qiwi.com
Software
nginx /
Resource Hash
893512c7e247d6e96100f2b8ec03405d07d771d37096320aa802365fc1eed16b

Request headers

Referer
https://2no.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36

Response headers

cache-control
private, max-age=0, must-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 22:53:19 GMT
etag
W/"6735ff94-2ec7"
last-modified
Thu, 14 Nov 2024 13:48:04 GMT
server
nginx
vary
Accept-Encoding
gtm.js
www.googletagmanager.com/ 		483 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W4FJZS
Requested by
Host: qiwi.com
URL: https://qiwi.com/n/NBPHACKERS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b41d64aa6a1f79adeab8f1c09fde537b26b2bf4009b5a4e29e54fa0875c62b9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 18 Nov 2024 22:53:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 18 Nov 2024 22:13:27 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
128300
x-xss-protection
0
server
Google Tag Manager
qwaa-routes.js
qiwi.com/qcms/wallet/ 		3 KB
740 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qiwi.com/qcms/wallet/qwaa-routes.js
Requested by
Host: qiwi.com
URL: https://qiwi.com/n/NBPHACKERS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.232.230.126 , Russian Federation, ASN57570 (QIWIW-AS QIWI JSC, RU),
Reverse DNS
qiwi.com
Software
nginx /
Resource Hash
9b2d512023a0f48b9c92da0219fcd7e72c45c4534b070c0a270193588dc69df1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/n/NBPHACKERS

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=1800, public, must-revalidate
content-encoding
gzip
etag
W/"669f9eac-be4"
x-content-type-options
nosniff
expires
Mon, 18 Nov 2024 23:23:19 GMT
access-control-allow-origin
*
date
Mon, 18 Nov 2024 22:53:19 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=utf-8
last-modified
Tue, 23 Jul 2024 12:14:36 GMT
server
nginx
vary
Accept-Encoding
manifest.67b4d99eed41199d8102.js
qiwi.com/static/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qiwi.com/static/manifest.67b4d99eed41199d8102.js
Requested by
Host: qiwi.com
URL: https://qiwi.com/n/NBPHACKERS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.232.230.126 , Russian Federation, ASN57570 (QIWIW-AS QIWI JSC, RU),
Reverse DNS
qiwi.com
Software
nginx /
Resource Hash
6d6b56f850f982f6832af1fcf39d4a77c2555cd26cd7c4050c00b18a2a569779

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/n/NBPHACKERS

Response headers

cache-control
private, max-age=0, must-revalidate
content-encoding
gzip
etag
W/"6735ff94-1fcd"
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 14 Nov 2024 13:48:04 GMT
vendor.522dbc50daa670f4136e.js
qiwi.com/static/ 		1004 KB
280 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qiwi.com/static/vendor.522dbc50daa670f4136e.js
Requested by
Host: qiwi.com
URL: https://qiwi.com/n/NBPHACKERS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.232.230.126 , Russian Federation, ASN57570 (QIWIW-AS QIWI JSC, RU),
Reverse DNS
qiwi.com
Software
nginx /
Resource Hash
ddfc5a7cc73a233af2c143eb7452ac24da2aef26c2ea010dc446660989858478

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/n/NBPHACKERS

Response headers

cache-control
private, max-age=0, must-revalidate
content-encoding
gzip
etag
W/"6735ff94-fafee"
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Thu, 14 Nov 2024 13:48:04 GMT
index.465e2142819fba23a0cd.js
qiwi.com/static/ 		0
0
MuseoSans_300_normal.9ca14accae2a6b987bb5fc0000236572.woff
qiwi.com/static/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://qiwi.com/static/MuseoSans_300_normal.9ca14accae2a6b987bb5fc0000236572.woff
Requested by
Host: qiwi.com
URL: https://qiwi.com/n/NBPHACKERS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.232.230.126 , Russian Federation, ASN57570 (QIWIW-AS QIWI JSC, RU),
Reverse DNS
qiwi.com
Software
nginx /
Resource Hash
f98c9d6f3e9e7141bcb43e5ab6ee6d9414bcdf3b7889ae33e78c58a1f0b1bae3

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Origin
https://qiwi.com
Referer
https://qiwi.com/n/NBPHACKERS

Response headers

cache-control
private, max-age=0, must-revalidate
etag
"6735ff94-a5a8"
accept-ranges
bytes
content-length
42408
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
application/font-woff
last-modified
Thu, 14 Nov 2024 13:48:04 GMT
server
nginx
js
www.googletagmanager.com/gtag/ 		300 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-M9PW8YS3DF&l=dataLayer&cx=c&gtm=45He4be0v6600459za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W4FJZS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a71ebd4a8a2aa5b68dcfef36c05d4b23ac2b4c563bcffa1171c0f4550896d8a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 18 Nov 2024 22:53:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
104666
x-xss-protection
0
server
Google Tag Manager
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-M9PW8YS3DF&gtm=45je4be0v884855327z86600459za200zb6600459&_p=1731970399641&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855&cid=1567555412.1731970400&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731970399&sct=1&seg=0&dl=https%3A%2F%2Fqiwi.com%2Fn%2FNBPHACKERS&dr=https%3A%2F%2F2no.co%2F&dt=QIWI%20%D0%9A%D0%BE%D1%88%D0%B5%D0%BB%D0%B5%D0%BA&en=page_view&_fv=1&_nsi=1&_ss=2&tfd=952
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M9PW8YS3DF&l=dataLayer&cx=c&gtm=45He4be0v6600459za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://qiwi.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:20 GMT
content-type
text/plain
server
Golfe2
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: 2no.co
URL: https://2no.co/NBPDonate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

content-encoding
gzip
age
6364
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Mon, 18 Nov 2024 23:07:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 21:07:17 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
loader.js
api.flocktory.com/v2/ 		0
0
widget.js
static-uxfb.qiwi.com/widget/ 		0
0
collect
www.google-analytics.com/j/ 		15 B
38 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1459377515&t=pageview&_s=1&dl=https%3A%2F%2Fqiwi.com%2Fn%2F***&dr=https%3A%2F%2F2no.co%2F&ul=en-us&de=UTF-8&dt=QIWI%20%D0%9A%D0%BE%D1%88%D0%B5%D0%BB%D0%B5%D0%BA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiAADDAAAACgUI~&jid=1006322445&gjid=1742617098&cid=1567555412.1731970400&tid=UA-5597139-18&_gid=908689832.1731970402&_slc=1&gtm=45He4be0n71W4FJZSv6600459za200&cd2=&cd7=&cd8=1&cd9=1&cd10=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F111.0.5563.19%20Safari%2F537.36&cd13=WEB%20v4.127.2&cd14=desktop&cd17=&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081484&z=1008339365
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c21::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f0156efc419ac2e03beba51352ce10d45ae828de7c5e81eddc0264d93f95f332
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Content-Type
text/plain
Referer
https://qiwi.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:22 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://qiwi.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
save
clickstream.qiwi.com/rest/statistic/qw/site/ 		0
0
collect
stats.g.doubleclick.net/j/ 		1 B
641 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-5597139-18&cid=1567555412.1731970400&jid=1006322445&gjid=1742617098&_gid=908689832.1731970402&_u=YCDAiAADDAAAAGgUI~&z=502742915
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9d -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Content-Type
text/plain
Referer
https://qiwi.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:22 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://qiwi.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
js
www.googletagmanager.com/gtag/ 		399 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XG8GE2YYLL&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4e7bf0f059080c7aac696f3dbb740d7d47ee857ff9739a2bf524d59d4582687f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 18 Nov 2024 22:53:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
129187
x-xss-protection
0
server
Google Tag Manager
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-XG8GE2YYLL&gtm=45je4be0v9165109293za200&_p=1731970399641&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855&ul=en-us&sr=1600x1200&cid=1567555412.1731970400&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fqiwi.com%2Fn%2F***&dr=https%3A%2F%2F2no.co%2F&dt=QIWI%20%D0%9A%D0%BE%D1%88%D0%B5%D0%BB%D0%B5%D0%BA&sid=1731970402&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_8=1&ep.ua_dimension_9=1&ep.ua_dimension_10=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F111.0.5563.19%20Safari%2F537.36&ep.ua_dimension_13=WEB%20v4.127.2&ep.ua_dimension_14=desktop&tfd=3280
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XG8GE2YYLL&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://qiwi.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:22 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
269 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-XG8GE2YYLL&cid=1567555412.1731970400&gtm=45je4be0v9165109293za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XG8GE2YYLL&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9d -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.19 Safari/537.36
Referer
https://qiwi.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://qiwi.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 22:53:22 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 82D4 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
qiwi.com
URL
https://qiwi.com/static/index.465e2142819fba23a0cd.js
Domain
api.flocktory.com
URL
https://api.flocktory.com/v2/loader.js?site_id=1531
Domain
static-uxfb.qiwi.com
URL
https://static-uxfb.qiwi.com/widget/widget.js
Domain
clickstream.qiwi.com
URL
https://clickstream.qiwi.com/rest/statistic/qw/site/save
Domain
td.doubleclick.net
URL
https://td.doubleclick.net/td/ga/rul?tid=G-XG8GE2YYLL&gacid=1567555412.1731970400&gtm=45je4be0v9165109293za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855&z=1919312723

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer function| gtmFallback object| elems object| STATE string| PUBLIC_URL string| STATIC_URL object| CONFIG object| ROUTES object| p object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal string| GoogleAnalyticsObject function| gaTracker object| _uxsSettings

13 Cookies

Domain/Path Name / Value
.clck.ru/ Name: _yasc
Value: pbw/D/FDjCaVyVameTY1Lsgn1xpwu1snAwreBEjOiPskoMyRMAl7mcuO+G/jl25U
.yandex.ru/ Name: _yasc
Value: O1iN8rJjb6yUxPXeDt7XkD4gqZGpnUXYi0GIn+1GGTaWOgAnIZZxs8b16eZZvpH8lw==
.yandex.ru/ Name: i
Value: mR8Lgnr1cjhev7/MAJNjHKupfF4gOtxQpnPXoCuwXJ2ePZMNxHfhLFqZqD+JoNppI8qu7NhbD8iDxJGvMEz+DsDXafY=
.yandex.ru/ Name: yandexuid
Value: 1774320951731970397
.yandex.ru/ Name: yashr
Value: 1613351241731970397
2no.co/ Name: 3899101595808133
Value: 3
2no.co/ Name: clhf03028ja
Value: 5.181.234.133
2no.co/ Name: unikey
Value: unikey_11d0d1a4713e4b6d60e956ea157d3eade12e90aea84a8ccb1690f0257003eb2d
.google.com/ Name: NID
Value: 519=uitVhDIbUKQSIzc7hM0GDelKyZbDL3QS1cXyzTrdhaQsekfwxGRO1ovcs9SsyYYZWYjtv7cFGojkZNnL2wdfvcoAPI4m9q0FYZTfQRA8J-3zTFOxS_VrZlQvYmPo-_Hfoxfql6dlpFhMR8l1ovloJC0DRe_XB4g60s5uwC5MLuAG_RAelgRCsgAM
.yadro.ru/ Name: FTID
Value: 1dEyLU2f9tuv1dEyLU001FD1
.yadro.ru/ Name: VID
Value: 2FepTA2EQBOv1dEyLV001PjH
.qiwi.com/ Name: _ga
Value: GA1.1.1567555412.1731970400
.qiwi.com/ Name: _ga_M9PW8YS3DF
Value: GS1.1.1731970399.1.0.1731970400.0.0.0

5 Console Messages

Source Level URL
Text
rendering warning URL: https://2no.co/NBPDonate
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0901D00C41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
other warning URL: https://2no.co/NBPDonate
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://2no.co/NBPDonate
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://2no.co/NBPDonate
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://2no.co/NBPDonate
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800 max-age=31536000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2no.co
analytics.google.com
api.flocktory.com
cdn.jsdelivr.net
clck.ru
clickstream.qiwi.com
counter.yadro.ru
pagead2.googlesyndication.com
pay.google.com
qiwi.com
sba.yandex.ru
static-uxfb.qiwi.com
stats.g.doubleclick.net
td.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
api.flocktory.com
clickstream.qiwi.com
qiwi.com
static-uxfb.qiwi.com
td.doubleclick.net
104.21.79.229
2001:4860:4802:34::181
213.180.204.232
2607:f8b0:4004:c07::61
2607:f8b0:4004:c08::5c
2607:f8b0:4004:c1b::5e
2607:f8b0:4004:c1d::9d
2607:f8b0:4004:c21::8a
2607:f8b0:4004:c21::9b
2a02:6b8::221
2a04:4e42:600::485
88.212.201.198
91.232.230.126
4e7bf0f059080c7aac696f3dbb740d7d47ee857ff9739a2bf524d59d4582687f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d6b56f850f982f6832af1fcf39d4a77c2555cd26cd7c4050c00b18a2a569779
893512c7e247d6e96100f2b8ec03405d07d771d37096320aa802365fc1eed16b
91c1bc26af0076b28a3e3f268f0b251082f1f160fe02577d49a1b3aef11ae67d
9b2d512023a0f48b9c92da0219fcd7e72c45c4534b070c0a270193588dc69df1
a71ebd4a8a2aa5b68dcfef36c05d4b23ac2b4c563bcffa1171c0f4550896d8a0
b41d64aa6a1f79adeab8f1c09fde537b26b2bf4009b5a4e29e54fa0875c62b9c
c76f766ed128ff1c05cbab4f53e470751b475152992a770d42273047bc1708c5
d41d989a2f13007427a70c583101c367c35461aac057d047f667fe1ac2d49b59
d5d232fd55d59585903f7023cc9c224fa6e88772ec112ce5028b8e11a3b4d604
ddfc5a7cc73a233af2c143eb7452ac24da2aef26c2ea010dc446660989858478
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab
f0156efc419ac2e03beba51352ce10d45ae828de7c5e81eddc0264d93f95f332
f98c9d6f3e9e7141bcb43e5ab6ee6d9414bcdf3b7889ae33e78c58a1f0b1bae3