Report - sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/

Report Overview

Submitted URL
sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/
IP
159.89.215.151
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2023-05-30 12:59:10
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
10
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.getdrip.com	20640	2012-11-04	2018-03-30	2023-05-29	1.6 kB	2.3 kB	54.230.111.106
sleeknotestaticcontent.sleeknote.com	23457	2012-11-25	2020-01-27	2023-05-29	1.6 kB	119 kB	54.230.111.107
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2023-05-29	522 B	1.8 kB	151.101.129.229
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-05-29	358 B	1.9 kB	104.18.20.226
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-29	1.3 kB	5.3 kB	142.250.74.74
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-29	2.5 kB	72 kB	216.58.207.227
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-29	340 B	944 B	54.230.80.227
d14jnfavjicsbe.cloudfront.net	unknown	2008-04-25	2021-01-17	2023-05-29	508 B	30 kB	54.230.245.215
sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com	unknown	unknown	2023-03-07	2023-03-08	6.2 kB	931 kB	159.89.215.151
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-29	3.3 kB	7.0 kB	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-29	1.6 kB	202 kB	142.250.74.168
sleeknotecustomerscripts.sleeknote.com	20415	2012-11-25	2014-12-21	2023-05-29	516 B	1.7 kB	54.230.111.35
tag.getdrip.com	20100	2012-11-04	2013-07-17	2023-05-29	497 B	5.8 kB	54.230.111.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-30 12:58:51	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:51	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:51	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:51	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:51	medium	Client IP	159.89.215.151	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2023-05-30 12:58:52	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:52	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:52	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:52	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1
2023-05-30 12:58:53	medium	Client IP	Internal IP	ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/sandbox%20eval%20code	147 B	2023-04-11	2024-04-19
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-19 16:15:39 Times Seen340942 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-19 16:15:38 Times Seen340448 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_82344396	83 B	2023-05-30	2023-05-30
Pretty URL api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_82344396 IP 54.230.111.106 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 14:59:11 Times Seen1 Hash 556950845ea4ecd6236f04557f6e7b1b 02e608b104322946946c00334d44f037b195ce57 661ac9c1ff86e2484d18e28bc2430c051c5d7458f95971efe67f47c85085977e Loading...

	api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=704f80cd854749f08c71c31de03c4cfe&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_851497002	101 B	2023-05-30	2023-05-30
Pretty URL api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=704f80cd854749f08c71c31de03c4cfe&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_851497002 IP 54.230.111.106 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 14:59:11 Times Seen2 Hash fc42fc6265832d0ae2efc7372088f226 cb5cbdb893cb493f1b3c3f15cad9920a0bd566ef e41ea9f7906c9dda06e846fb41657fcb03da94ba799e85bb95a9a14b17f5ff71 Loading...

	sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js	98 kB	2023-05-22	2023-06-06
Pretty URL sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js IP 54.230.111.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 21:49:17 Last Seen2023-06-06 14:29:53 Times Seen178 Hash 838934604d1ae92e3e326caeaddddad3 6844bbcbb9e2b88b56407f1317784d59bf18973f e9fc8124ccafdea33eab027cbb0cc3c16f7d17ca673ee67db0ae3726420bb6e4 Loading...

	sleeknotestaticcontent.sleeknote.com/production/package-tracker.js	14 kB	2023-04-26	2023-09-07
Pretty URL sleeknotestaticcontent.sleeknote.com/production/package-tracker.js IP 54.230.111.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-26 11:16:45 Last Seen2023-09-07 08:48:03 Times Seen722 Hash 0a8a47db16031429c3a5edfd7ffc3f99 8bce3151d9311f8a0360918b736a10549b84b2b7 3066fce80c674eb04f10fcb4aecb04d173e7a678d82f2e97ff155404b6cc5763 Loading...

	www.googletagmanager.com/gtag/js?id=UA-69935771-28	120 kB	2023-05-30	2023-05-30
Pretty URL www.googletagmanager.com/gtag/js?id=UA-69935771-28 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 14:59:11 Times Seen2 Hash ee6f376dbf626ea7e9eb22e5260e7147 16ef6f82db6db49b3328eceb94074c23af89b60c 133234e0db01892ae7fbca53c77207fee5c97a52bb8ef3e63bfb2dda239fbfdb Loading...

	unknown	263 B	2023-03-13	2023-08-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:22:34 Last Seen2023-08-18 11:05:32 Times Seen410 Hash 06136bf6e80385af988e4a54d3e59846 9da8dc9465543fc7ccdb70eb57b863dd4bd74e91 21aa88e2e84d7fe6869577891e7e60bb91945a788f69dc52c396c2dc17657722 Loading...

	d14jnfavjicsbe.cloudfront.net/client.js	88 kB	2023-03-13	2024-02-23
Pretty URL d14jnfavjicsbe.cloudfront.net/client.js IP 54.230.245.215 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:58:58 Last Seen2024-02-23 13:34:16 Times Seen476 Hash 8b8f177000920554bd1e9f7a15ece130 1dd9616b23debc85b387f1d95d722e2301324412 3e2398560f005ff2adf94aa45f2f5134d652c00ee3d94be0698b956b624199f1 Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js	4.1 kB	2023-03-13	2023-08-18
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:22:34 Last Seen2023-08-18 11:05:32 Times Seen731 Hash dbaf0bb4818528bdde822aa67b62345c d3def9b27b543d90849188f24e11883aab146df5 c972c022b8fa30c933194d5e7c9ad5e795a5bee79ace85da85307e20213b3797 Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js	1.2 kB	2023-03-13	2023-08-18
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:22:34 Last Seen2023-08-18 11:05:32 Times Seen722 Hash 3455d58a98162d6fd6c89b848e48097d f8a1cd935774ab7e85de8dbd14ec39408677450b 11408d630284e94bb4ddaee08b294fd2cb0342bdfcb443f67deb4a062aa55dc5 Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/	0 B	2023-03-07	2024-04-19
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 16:36:11 Times Seen36963198 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	sleeknotecustomerscripts.sleeknote.com/87524.js	2.7 kB	2023-03-13	2023-08-18
Pretty URL sleeknotecustomerscripts.sleeknote.com/87524.js IP 54.230.111.35 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:51:03 Last Seen2023-08-18 11:05:33 Times Seen692 Hash d0795b85c1efcdd878f436de3271a7d0 77bb42833de3c6427576bdd299893ec6ded41817 32068555973b31463686e942e1ba010d5002af3d3dab3c70bebcb111f0ec24e9 Loading...

	sleeknotestaticcontent.sleeknote.com/core.js#DripOnsite	5.1 kB	2023-04-26	2023-06-13
Pretty URL sleeknotestaticcontent.sleeknote.com/core.js#DripOnsite IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-26 11:16:46 Last Seen2023-06-13 15:13:21 Times Seen215 Hash 58ba84e58fa7ae7f3c364db6a49d9bb3 b047cd1fee664e59286e65cf57e57acaaaabb612 60cdcefd04356bef9c14e738d4644d796c197bcd72177cc7050bc6fd97785d35 Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/	393 B	2023-04-07	2023-08-18
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 08:46:09 Last Seen2023-08-18 11:05:32 Times Seen323 Hash e550ea11bd39ec4333f8f7a24dff7000 f544e40834aef2ed064298d5e4eb3e0f01276a63 44f8a8a75424485a6cca8c3200536ecf34c08bfd60d552a33ec425a0b97734f4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N24X7V9	203 kB	2023-05-30	2023-05-30
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N24X7V9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 14:59:11 Times Seen2 Hash c2d73744a36764ecb31ca12f1d9cb064 1612021f3d9474a48c737d05356439c2f173443b 38fff2eade67e7fa9b9256b708d0404ab4b7af04eaaf5b70473e00cd2e25a84b Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js	1.8 kB	2023-03-13	2023-08-18
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:22:34 Last Seen2023-08-18 11:05:32 Times Seen720 Hash 453455584d1bceda36b6831809d7e4ea b6eac1b0400a248d0da21a5fd352092fcfc1d686 f6e8e301cc9c3d48c483454edb9c51860d814261812d1243775cb8579ef5bd09 Loading...

	www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c	239 kB	2023-05-30	2023-05-30
Pretty URL www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 14:59:11 Times Seen2 Hash 4d612b261e98e6a8b8ec4a5077f60ae3 4eba2dd6162b333aaced8b9d68e795cb2db85548 f57fb7259ce359f9e697dd9ca471c2c4307793e1e6a66cb50b77c9b87c5a482d Loading...

	tag.getdrip.com/2607659.js	5.3 kB	2023-05-30	2023-05-30
Pretty URL tag.getdrip.com/2607659.js IP 54.230.111.109 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 14:59:11 Last Seen2023-05-30 15:12:54 Times Seen2 Hash 6d471409d418ccb27dcbd5ad1fd6130a d8fd4258d728e53e05c358738062eab7958e327a ee276f88a9af16993e457c53998dd01fb01d9109f26adb929bcc9d9abfb79faa Loading...

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/	0 B	2023-03-07	2024-04-19
Pretty URL sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ IP 159.89.215.151 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 16:36:11 Times Seen36963198 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js	2.0 kB	2023-03-07	2024-04-18
Pretty URL cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:43 Last Seen2024-04-18 12:18:54 Times Seen3996 Hash 45f12de4d7b95a193ecdc5cfde664bb9 ee9541cf1a95d2a885f8b143a105caaa08ca9c9d 39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b Loading...

HTTP Transactions (39)

	URL	IP	Response	Size
	cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js	151.101.129.229	200 OK	1.1 kB
URL GET HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js IP 151.101.129.229:443 ASN #54113 FASTLY Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT File type ASCII text, with very long lines (1619) Size 1.1 kB (1078 bytes) Hash 45f12de4d7b95a193ecdc5cfde664bb9 ee9541cf1a95d2a885f8b143a105caaa08ca9c9d 39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b HTTP Headers GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=604800, s-maxage=43200 cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload content-type: application/javascript; charset=utf-8 x-jsd-version: 2.2.1 x-jsd-version-type: version etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0" content-encoding: br accept-ranges: bytes date: Tue, 30 May 2023 12:58:52 GMT age: 43129 x-served-by: cache-fra-eddf8230099-FRA, cache-bma1620-BMA x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 1078 X-Firefox-Spdy: h2

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js	159.89.215.151	200 OK	1.8 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type HTML document, ASCII text, with very long lines (1809), with no line terminators Size 1.8 kB (1809 bytes) Hash 453455584d1bceda36b6831809d7e4ea b6eac1b0400a248d0da21a5fd352092fcfc1d686 f6e8e301cc9c3d48c483454edb9c51860d814261812d1243775cb8579ef5bd09 HTTP Headers GET /gdpr/js/templates.js HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: application/javascript date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 1809 X-Firefox-Spdy: h2`

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js	159.89.215.151	200 OK	1.2 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type Unicode text, UTF-8 text Size 1.2 kB (1170 bytes) Hash 3455d58a98162d6fd6c89b848e48097d f8a1cd935774ab7e85de8dbd14ec39408677450b 11408d630284e94bb4ddaee08b294fd2cb0342bdfcb443f67deb4a062aa55dc5 HTTP Headers GET /gdpr/langs/en.js HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: application/javascript date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 1170 X-Firefox-Spdy: h2`

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js	159.89.215.151	200 OK	4.1 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type ASCII text, with very long lines (4086), with no line terminators Size 4.1 kB (4086 bytes) Hash dbaf0bb4818528bdde822aa67b62345c d3def9b27b543d90849188f24e11883aab146df5 c972c022b8fa30c933194d5e7c9ad5e795a5bee79ace85da85307e20213b3797 HTTP Headers GET /gdpr/js/script.js HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: application/javascript date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 4086 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ca8cca05e813856677c0ba3133770742 688ee02bc307e73cef39bb1f1747b3e8845cecef 9f6e94f2196a935cb4dfe085aa6a3528a310faf58816e949dca6130e6dc8a41a HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:52 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/css/style.css	159.89.215.151	200 OK	6.1 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/css/style.css IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type ASCII text, with very long lines (6092), with no line terminators Size 6.1 kB (6092 bytes) Hash 6eda76ddba5d9aec8cddaaa34adf5bab 7e3f514d0cb4d852cb40b6fbc76b21a3234b705c a47751940dd3ceda998be5b911840515d514e572f56c83da091051174ff34a1f HTTP Headers GET /gdpr/css/style.css HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: text/css date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 6092 X-Firefox-Spdy: h2`

	ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4	104.18.20.226		1.5 kB
URL ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4 IP 104.18.20.226:0 ASN #13335 CLOUDFLARENET File type data Size 1.5 kB (1462 bytes) Hash f150a26179a104df7eb37dee22336854 77e116ee409625b589aa030bca8be0de6e61948d 3f1326e7641de71f0d5d9e5b422e590a2333be6e3ea12c2613e054f1ae8dd3ee HTTP Headers `POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1 Host: ocsp.globalsign.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Tue, 30 May 2023 12:58:52 GMT Content-Type: application/ocsp-response Transfer-Encoding: chunked Connection: keep-alive Etag: "226E095532D46498EF2F1D0D3ACF444FEFB75F1A" Expires: Tue, 30 May 2023 23:00:00 GMT Last-Modified: Tue, 30 May 2023 11:00:00 UTC Cache-Control: s-maxage=3600, public, no-transform, must-revalidate CF-Cache-Status: HIT Age: 3440 Vary: Accept-Encoding Server: cloudflare CF-RAY: 7cf726b00b330b51-OSL`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ca8cca05e813856677c0ba3133770742 688ee02bc307e73cef39bb1f1747b3e8845cecef 9f6e94f2196a935cb4dfe085aa6a3528a310faf58816e949dca6130e6dc8a41a HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:52 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.googletagmanager.com/gtag/js?id=UA-69935771-28	142.250.74.168	200 OK	47 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-69935771-28 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51 ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT File type ASCII text, with very long lines (2271) Size 47 kB (46897 bytes) Hash ee6f376dbf626ea7e9eb22e5260e7147 16ef6f82db6db49b3328eceb94074c23af89b60c 133234e0db01892ae7fbca53c77207fee5c97a52bb8ef3e63bfb2dda239fbfdb HTTP Headers GET /gtag/js?id=UA-69935771-28 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Tue, 30 May 2023 12:58:52 GMT expires: Tue, 30 May 2023 12:58:52 GMT cache-control: private, max-age=900 last-modified: Tue, 30 May 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 46897 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtm.js?id=GTM-N24X7V9	142.250.74.168	200 OK	71 kB
URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N24X7V9 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51 ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT File type Unicode text, UTF-8 text, with very long lines (11769) Size 71 kB (70643 bytes) Hash c2d73744a36764ecb31ca12f1d9cb064 1612021f3d9474a48c737d05356439c2f173443b 38fff2eade67e7fa9b9256b708d0404ab4b7af04eaaf5b70473e00cd2e25a84b HTTP Headers `GET /gtm.js?id=GTM-N24X7V9 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Tue, 30 May 2023 12:58:52 GMT expires: Tue, 30 May 2023 12:58:52 GMT cache-control: private, max-age=900 last-modified: Tue, 30 May 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 70643 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css	159.89.215.151	200 OK	897 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 897 kB (897289 bytes) Hash 8a93e102c5c9ad3f61fa00dbc1c0bfb1 ae728e564d4dd1fae89c3cf993dda157c410b6ae 3ddf2cb578216a0e9b917347552661e840ef8cca3f322402fd746529663aa2df HTTP Headers GET /dist/styles.css HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: max-age=1209600 content-type: text/css date: Tue, 30 May 2023 12:58:52 GMT last-modified: Fri, 26 May 2023 11:53:53 GMT server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 897289 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ca8cca05e813856677c0ba3133770742 688ee02bc307e73cef39bb1f1747b3e8845cecef 9f6e94f2196a935cb4dfe085aa6a3528a310faf58816e949dca6130e6dc8a41a HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:52 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash b85157c1ca7989c7bf757e43d01632f7 e32bb00f069d897e00c56cec96155d2c351b5d67 e30b4636b7524d0ebbfa9ad57b4d5d9188420ff139437bf8664920391569286f HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash b85157c1ca7989c7bf757e43d01632f7 e32bb00f069d897e00c56cec96155d2c351b5d67 e30b4636b7524d0ebbfa9ad57b4d5d9188420ff139437bf8664920391569286f HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.googleapis.com/css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap	142.250.74.74	200 OK	2.2 kB
URL GET HTTP/2 fonts.googleapis.com/css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap IP 142.250.74.74:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT File type gzip compressed data, max compression\012- data Size 2.2 kB (2155 bytes) Hash 72291c67784c4d5cc3d0b1b3eba8382b 54d8d37c1f0532105d50880436aaef4032f50346 b1298cf09dfef0ba7338223cc52a9f8566f36403be51b038ac716c6be6e15cb6 HTTP Headers GET /css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 30 May 2023 12:58:53 GMT date: Tue, 30 May 2023 12:58:53 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c	142.250.74.168	200 OK	83 kB
URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51 ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT File type ASCII text, with very long lines (4372) Size 83 kB (82754 bytes) Hash 4d612b261e98e6a8b8ec4a5077f60ae3 4eba2dd6162b333aaced8b9d68e795cb2db85548 f57fb7259ce359f9e697dd9ca471c2c4307793e1e6a66cb50b77c9b87c5a482d HTTP Headers GET /gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Tue, 30 May 2023 12:58:53 GMT expires: Tue, 30 May 2023 12:58:53 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 82754 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/src/assets/images/error-404..svg	159.89.215.151	200 OK	1.6 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/src/assets/images/error-404..svg IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text Size 1.6 kB (1613 bytes) Hash c688f3c53a9d2a5256772b75099a477f 63300bc2681624868d980f9df1ed7da471c5c3d4 b21cc6a7ac6041054bd45c478714c537703f0d2f8c668a6b600c28cb6410a5c0 HTTP Headers GET /dist/src/assets/images/error-404..svg HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: image/svg+xml date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 1613 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 95fb9634ddcd95a261bb9a2757a6ae8e e30d5b20450fdd6588dd8034ef0acbe38159a0bf 65f215904c284124663185e58f9c710e2050afe21509684a22ce96c09a425bf4 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 95fb9634ddcd95a261bb9a2757a6ae8e e30d5b20450fdd6588dd8034ef0acbe38159a0bf 65f215904c284124663185e58f9c710e2050afe21509684a22ce96c09a425bf4 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 95fb9634ddcd95a261bb9a2757a6ae8e e30d5b20450fdd6588dd8034ef0acbe38159a0bf 65f215904c284124663185e58f9c710e2050afe21509684a22ce96c09a425bf4 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 95fb9634ddcd95a261bb9a2757a6ae8e e30d5b20450fdd6588dd8034ef0acbe38159a0bf 65f215904c284124663185e58f9c710e2050afe21509684a22ce96c09a425bf4 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.gstatic.com/s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2	216.58.207.227	200 OK	20 kB
URL GET HTTP/2 fonts.gstatic.com/s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6 ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT File type Web Open Font Format (Version 2), TrueType, length 19980, version 1.0\012- data Size 20 kB (19980 bytes) Hash 98704f42d118d52a4979dc08df276440 0066115b1dfedfe4cb6294fbdc73f921e6062ab9 547a2c05a1b8744633148a704ddba5adac238c5cbaf05bbd25606827a372b019 HTTP Headers GET /s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 19980 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Wed, 24 May 2023 13:50:11 GMT expires: Thu, 23 May 2024 13:50:11 GMT cache-control: public, max-age=31536000 age: 515322 last-modified: Wed, 27 Apr 2022 15:45:12 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2	216.58.207.227	200 OK	13 kB
URL GET HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6 ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data Size 13 kB (13036 bytes) Hash 0ad032b3d07aaf33b160ac4799dda40f 06b931e0d0bf37f5037d9e66d6feedfddd21c0ba c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 HTTP Headers GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 13036 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sat, 27 May 2023 17:39:39 GMT expires: Sun, 26 May 2024 17:39:39 GMT cache-control: public, max-age=31536000 age: 242354 last-modified: Wed, 27 Apr 2022 16:04:42 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2	216.58.207.227	200 OK	23 kB
URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6 ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data Size 23 kB (23040 bytes) Hash de69cf9e514df447d1b0bb16f49d2457 2ac78601179c3a63ba3f3f3081556b12ddcaf655 c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 HTTP Headers GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 23040 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 23 May 2023 20:15:31 GMT expires: Wed, 22 May 2024 20:15:31 GMT cache-control: public, max-age=31536000 last-modified: Tue, 02 May 2023 15:07:25 GMT content-type: font/woff2 age: 578602 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2	216.58.207.227	200 OK	13 kB
URL GET HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6 ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data Size 13 kB (13052 bytes) Hash 7cf79fbd1df848510d7352274efc2401 5540b5a26cc7dfe25294c4eabe011e2c6cd60143 bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a HTTP Headers GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 13052 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Wed, 24 May 2023 00:16:39 GMT expires: Thu, 23 May 2024 00:16:39 GMT cache-control: public, max-age=31536000 age: 564134 last-modified: Wed, 27 Apr 2022 16:09:03 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	sleeknotecustomerscripts.sleeknote.com/87524.js	54.230.111.35	200 OK	1.1 kB
URL GET HTTP/2 sleeknotecustomerscripts.sleeknote.com/87524.js IP 54.230.111.35:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.sleeknote.com Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (2671), with no line terminators Size 1.1 kB (1074 bytes) Hash d0795b85c1efcdd878f436de3271a7d0 77bb42833de3c6427576bdd299893ec6ded41817 32068555973b31463686e942e1ba010d5002af3d3dab3c70bebcb111f0ec24e9 HTTP Headers GET /87524.js HTTP/1.1 Host: sleeknotecustomerscripts.sleeknote.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/javascript; charset=utf-8 content-length: 1074 last-modified: Wed, 08 Feb 2023 13:12:04 GMT x-amz-server-side-encryption: AES256 content-encoding: gzip x-amz-version-id: 96riHVWG.h_17D_4wDulhp7NODiLZJPy accept-ranges: bytes server: AmazonS3 date: Tue, 30 May 2023 12:58:53 GMT cache-control: max-age=60 etag: "abdcf6babc9bbac009ee7a5a8a1c447c" x-cache: Hit from cloudfront via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: yl9v3OpM9xzcTYdPq7BmQWUzygZDB9D2Nj7JX4h1tc4e_uw9hHJ0Dw== age: 51 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 95fb9634ddcd95a261bb9a2757a6ae8e e30d5b20450fdd6588dd8034ef0acbe38159a0bf 65f215904c284124663185e58f9c710e2050afe21509684a22ce96c09a425bf4 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 30 May 2023 12:58:53 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/favicon-16x16.png	159.89.215.151	200 OK	1.2 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/favicon-16x16.png IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Size 1.2 kB (1235 bytes) Hash a86978c1bf63a0950f991c940d6fa0e7 e7d3cc1ad625e2ad191fdd092cdb8c89564f1567 bf05a27240af0fa968c7394905fc2e6d9dfa51edec38a926efba4c8bf0399db9 HTTP Headers GET /favicon/favicon-16x16.png HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2; _ga_SWXNNMMKPQ=GS1.1.1685451532.1.0.1685451533.0.0.0; _ga=GA1.1.1329502275.1685451533 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: image/png date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 1235 X-Firefox-Spdy: h2`

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/apple-touch-icon.png	159.89.215.151	200 OK	10 kB
URL GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/apple-touch-icon.png IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data Size 10 kB (10180 bytes) Hash 47001c105674123e5c9dfbde7046c21b 246d6dab45d06803db4ab8238642fbd012b3d343 64debab32dbe30ee2fd60a3b0fa011b6adf36b34af07656cedbb4b1c9d055c20 HTTP Headers GET /favicon/apple-touch-icon.png HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2; _ga_SWXNNMMKPQ=GS1.1.1685451532.1.0.1685451533.0.0.0; _ga=GA1.1.1329502275.1685451533 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK accept-ranges: bytes cache-control: no-cache, no-store, max-age=0, must-revalidate content-type: image/png date: Tue, 30 May 2023 12:58:52 GMT expires: 0 last-modified: Fri, 26 May 2023 11:53:53 GMT pragma: no-cache server: Caddy, Cowboy strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block content-length: 10180 X-Firefox-Spdy: h2`

	ocsp.r2m01.amazontrust.com/	54.230.80.227		471 B
URL ocsp.r2m01.amazontrust.com/ IP 54.230.80.227:0 ASN #16509 AMAZON-02 File type data Size 471 B (471 bytes) Hash 49e999b4c211b8e48faffb2a13fef09c c0c7a0306f59963ed8194940fe8ed125488529fe 2b1edc25d9d1ca8e3857c46e011f77a95dbd6a421f2f8e509ae453ef1dddb81f HTTP Headers `POST / HTTP/1.1 Host: ocsp.r2m01.amazontrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Accept-Ranges: bytes Cache-Control: 'max-age=7200' Date: Tue, 30 May 2023 12:58:53 GMT Last-Modified: Tue, 30 May 2023 12:32:23 GMT Server: ECAcc (bsa/EB2E) X-Cache: Miss from cloudfront Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: zJopF_LblV_C0aGUfRNxqd2r8r_Y0PJMyKd0B0nFAzpz8sFePFgpvA== Age: 1590`

	d14jnfavjicsbe.cloudfront.net/client.js	54.230.245.215	200 OK	29 kB
URL GET HTTP/2 d14jnfavjicsbe.cloudfront.net/client.js IP 54.230.245.215:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.cloudfront.net FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 29 kB (29106 bytes) Hash 07a0370ecad8dd6e902139a33d3cc420 c5d90204c6b1d4bc0e5ae1bd0ce1f7515bdf0d84 3b34c73522873ccb8c468af5aaf84d54f766bf5e26016c04985dd9e19d431673 HTTP Headers `GET /client.js HTTP/1.1 Host: d14jnfavjicsbe.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/javascript last-modified: Thu, 19 Jan 2023 17:30:45 GMT x-amz-server-side-encryption: AES256 x-amz-meta-md5sum: i48XcACSBVS9Hp96FezhMA== server: AmazonS3 content-encoding: gzip date: Tue, 30 May 2023 12:55:23 GMT cache-control: max-age=300 etag: W/"8b8f177000920554bd1e9f7a15ece130" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: hzdxGau58mlVLeWSEXg1u4zvXeYKF2sysVvS6DmCjwG9-ZnvBnvkZg== age: 297 X-Firefox-Spdy: h2

	api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=704f80cd854749f08c71c31de03c4cfe&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_851497002	54.230.111.106	200 OK	101 B
URL GET HTTP/2 api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=704f80cd854749f08c71c31de03c4cfe&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_851497002 IP 54.230.111.106:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.getdrip.com Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8 ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 101 B (101 bytes) Hash fc42fc6265832d0ae2efc7372088f226 cb5cbdb893cb493f1b3c3f15cad9920a0bd566ef e41ea9f7906c9dda06e846fb41657fcb03da94ba799e85bb95a9a14b17f5ff71 HTTP Headers GET /client/track?url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=704f80cd854749f08c71c31de03c4cfe&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_851497002 HTTP/1.1 Host: api.getdrip.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK content-type: text/javascript; charset=utf-8 content-length: 101 date: Tue, 30 May 2023 12:58:54 GMT x-amzn-requestid: 09f7c341-d588-45bc-9b0a-99f8c64c8832 referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-xss-protection: 1; mode=block x-runtime: 0.068340 strict-transport-security: max-age=63072000; includeSubDomains x-amzn-remapped-content-length: 101 x-frame-options: SAMEORIGIN x-amzn-remapped-connection: keep-alive x-download-options: noopen x-request-id: 6df2140a-8d53-4b22-a537-39dbfef25a8e x-amz-apigw-id: FvLqQGK-oAMFSVQ= vary: Accept cache-control: max-age=0, private, must-revalidate x-amzn-remapped-server: nginx x-content-type-options: nosniff etag: W/"e41ea9f7906c9dda06e846fb41657fcb" x-amzn-remapped-date: Tue, 30 May 2023 12:58:54 GMT x-cache: Miss from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 54KA_zTQSnh2cGxOWjEEtCy4pt9E--Fp2r6mo-s3hye8jDAX9xyEvA== X-Firefox-Spdy: h2

	sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js	54.230.111.107	200 OK	98 kB
URL GET HTTP/3 sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js IP 54.230.111.107:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.sleeknote.com Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 98 kB (97938 bytes) Hash 838934604d1ae92e3e326caeaddddad3 6844bbcbb9e2b88b56407f1317784d59bf18973f e9fc8124ccafdea33eab027cbb0cc3c16f7d17ca673ee67db0ae3726420bb6e4 HTTP Headers GET /production/package-core-boot.js HTTP/1.1 Host: sleeknotestaticcontent.sleeknote.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK content-type: text/javascript alt-svc: h3=":443"; ma=86400 age: 92 last-modified: Mon, 22 May 2023 13:54:42 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: AyKVK718FBsB8iKvPaHD2zjd_TnZXRS8 server: AmazonS3 content-encoding: gzip date: Tue, 30 May 2023 12:57:23 GMT cache-control: no-cache etag: W/"838934604d1ae92e3e326caeaddddad3" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: Rsq806UCkPd1mJKHrfS1LN9_-7V5QHMolOZ8NxDZsB7Nc1d7CLUnww==

	fonts.googleapis.com/css2?family=Mulish:wght@900&display=swap	142.250.74.74	200 OK	1.9 kB
URL GET HTTP/2 fonts.googleapis.com/css2?family=Mulish:wght@900&display=swap IP 142.250.74.74:443 ASN #15169 GOOGLE Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT File type ASCII text, with very long lines (1895), with no line terminators Size 1.9 kB (1850 bytes) Hash 7725beac6663ef52d4f6e7fcbcfcee3d 7921008a0502f723e99efba9c55d14cd6f6683df 29f2fb33b4c7e50800de1a680dad476e8f7fc3316d521fd4319d0c9ad7d70d1a HTTP Headers GET /css2?family=Mulish:wght@900&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Tue, 30 May 2023 12:58:53 GMT date: Tue, 30 May 2023 12:58:53 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/	159.89.215.151	200 OK	3.4 kB
URL User Request GET HTTP/2 sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ IP 159.89.215.151:443 ASN #14061 DIGITALOCEAN-ASN Certificate IssuerZeroSSL Subject Fingerprint8F:AF:AC:54:CE:C1:39:A9:D2:F0:7D:C3:53:E4:5C:D9:BA:62:50:A3 ValiditySun, 07 May 2023 00:00:00 GMT - Sat, 05 Aug 2023 23:59:59 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3603), with no line terminators Size 3.4 kB (3420 bytes) Hash 8f2e554be35abf23bf31521c2eb17ec8 37adbd79a7c54385de05103f3bb8af3e5261d550 3461557870340be53032f9078e2cf864edd106601635092ea0b377b524897630 HTTP Headers GET / HTTP/1.1 Host: sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK cache-control: no-cache, no-store, max-age=0, must-revalidate content-language: en-US content-type: text/html;charset=UTF-8 date: Tue, 30 May 2023 12:58:51 GMT expires: 0 pragma: no-cache server: Caddy, Cowboy set-cookie: JSESSIONID=C9826DC24B9256BBA426C1102A2050F2; Max-Age=21600; Expires=Tue, 30-May-2023 18:58:52 GMT; Path=/; Secure; HttpOnly strict-transport-security: max-age=31536000 ; includeSubDomains via: 1.1 vegur x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 1; mode=block X-Firefox-Spdy: h2

	tag.getdrip.com/2607659.js	54.230.111.109	200 OK	5.3 kB
URL GET HTTP/2 tag.getdrip.com/2607659.js IP 54.230.111.109:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.getdrip.com Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8 ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT File type ASCII text, with very long lines (5823), with no line terminators Size 5.3 kB (5332 bytes) Hash 6c5025219e6c99dbf7fc5781d26b36ac 84739c83579bf1edda226221d0a77090eb75662f 5efda171cd7251eb2336be3956d1a1bcdd9598287846caf21a6e1fa7103e5435 HTTP Headers `GET /2607659.js HTTP/1.1 Host: tag.getdrip.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/javascript last-modified: Tue, 30 May 2023 12:27:51 GMT x-amz-server-side-encryption: AES256 server: AmazonS3 content-encoding: gzip date: Tue, 30 May 2023 12:58:53 GMT etag: W/"6d471409d418ccb27dcbd5ad1fd6130a" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 79farO_BfngSdqPe9I8e31ZcQMPERD3AwX4zy2GbYEjJe5jTBhK7QQ== age: 52 X-Firefox-Spdy: h2`

	api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_82344396	54.230.111.106	200 OK	83 B
URL GET HTTP/2 api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_82344396 IP 54.230.111.106:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.getdrip.com Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8 ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 83 B (83 bytes) Hash 7e3cf1c9f9059ec64a0bef54bbe0dc29 7c29694d982031da78757cc9e3950350bb6bc8ce e9b937cb19ac7053ab4e36de6b6b05afd4a95c7041aa4101a20ae8ba5832346b HTTP Headers GET /client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_82344396 HTTP/1.1 Host: api.getdrip.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/javascript; charset=utf-8 content-length: 83 date: Tue, 30 May 2023 12:58:53 GMT x-amzn-requestid: 2bcaaade-9463-4a7e-b765-c87bee5b48fa referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-xss-protection: 1; mode=block x-runtime: 0.011990 strict-transport-security: max-age=63072000; includeSubDomains x-amzn-remapped-content-length: 83 x-frame-options: SAMEORIGIN x-amzn-remapped-connection: keep-alive x-download-options: noopen x-request-id: c2f1389d-c098-419b-a964-574f8378d72d x-amz-apigw-id: FvLqNH_dIAMFVXg= vary: Accept cache-control: max-age=0, private, must-revalidate x-amzn-remapped-server: nginx x-content-type-options: nosniff etag: W/"661ac9c1ff86e2484d18e28bc2430c05" x-amzn-remapped-date: Tue, 30 May 2023 12:58:53 GMT x-cache: Miss from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: _QPVPL4Zh2-YICwpIG7Ycb9TCOHCXPF6E4Vx8d5CCR0e4OAChMMAgw== X-Firefox-Spdy: h2

	sleeknotestaticcontent.sleeknote.com/core.js	54.230.111.107	200 OK	5.1 kB
URL GET HTTP/2 sleeknotestaticcontent.sleeknote.com/core.js IP 54.230.111.107:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.sleeknote.com Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (5262), with no line terminators Size 5.1 kB (5124 bytes) Hash c53bfdf7753c7e287bdc34d6341d34ee c969a0b7ee6600d3acd0e5f7fe042d41a9c277d4 513b8788b0807a06922e50b4dbdc3e65ec9916158ccef555e1b5718e5cfca018 HTTP Headers `GET /core.js HTTP/1.1 Host: sleeknotestaticcontent.sleeknote.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/javascript last-modified: Mon, 22 May 2023 13:54:44 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: 5H1fv2G__6_dIn0aD9fkrpDqS2iLYyat server: AmazonS3 content-encoding: gzip date: Tue, 30 May 2023 12:58:12 GMT cache-control: no-cache etag: W/"58ba84e58fa7ae7f3c364db6a49d9bb3" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: QpSYRKrEwFkhdjjSAk38Rj8rloIp7Lv-6VyMsyC56_8Q-BKRsnggBQ== age: 44 X-Firefox-Spdy: h2

	sleeknotestaticcontent.sleeknote.com/production/package-tracker.js	54.230.111.107	200 OK	14 kB
URL GET HTTP/3 sleeknotestaticcontent.sleeknote.com/production/package-tracker.js IP 54.230.111.107:443 ASN #16509 AMAZON-02 Requested by https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Certificate IssuerAmazon Subject.sleeknote.com Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (13926), with no line terminators Size 14 kB (13926 bytes) Hash 0a8a47db16031429c3a5edfd7ffc3f99 8bce3151d9311f8a0360918b736a10549b84b2b7 3066fce80c674eb04f10fcb4aecb04d173e7a678d82f2e97ff155404b6cc5763 HTTP Headers GET /production/package-tracker.js HTTP/1.1 Host: sleeknotestaticcontent.sleeknote.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sberbank.blablacar.avito.avito.sberbank.blablacar.avito.covid19lockdownblog.blog.demo.com.decodingplaces.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK content-type: text/javascript alt-svc: h3=":443"; ma=86400 age: 80 last-modified: Mon, 22 May 2023 13:54:42 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: xoAFNHQ4yAC_AQ7s5I38oKW8nrGJEmLi server: AmazonS3 content-encoding: gzip date: Tue, 30 May 2023 12:57:35 GMT cache-control: no-cache etag: W/"0a8a47db16031429c3a5edfd7ffc3f99" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: RushTUxhVxZ87VxMG1gqbUZrYT1W1Zfi4DhQ-DThC_084WDcCnwXzQ==

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL