sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/css/style.css
200 OK 6.1 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/css/style.css
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (6092), with no line terminators
Hash 6eda76ddba5d9aec8cddaaa34adf5bab
7e3f514d0cb4d852cb40b6fbc76b21a3234b705c
a47751940dd3ceda998be5b911840515d514e572f56c83da091051174ff34a1f
GET /gdpr/css/style.css HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/css
date: Thu, 01 Jun 2023 05:00:53 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 6092
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
200 OK 1.1 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT
File type ASCII text, with very long lines (1619)
Hash 45f12de4d7b95a193ecdc5cfde664bb9
ee9541cf1a95d2a885f8b143a105caaa08ca9c9d
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
content-encoding: br
accept-ranges: bytes
date: Thu, 01 Jun 2023 05:00:54 GMT
age: 14451
x-served-by: cache-fra-eddf8230099-FRA, cache-bma1655-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1078
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js
200 OK 1.8 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/templates.js
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1809), with no line terminators
Hash 453455584d1bceda36b6831809d7e4ea
b6eac1b0400a248d0da21a5fd352092fcfc1d686
f6e8e301cc9c3d48c483454edb9c51860d814261812d1243775cb8579ef5bd09
GET /gdpr/js/templates.js HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/javascript
date: Thu, 01 Jun 2023 05:00:53 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1809
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 5b53f2fcda25e30bbbf202b507fac96c
1d1cfb1765f42aba83c3b3e89417b228ed9f0b22
6971f9675ef64b91754cc952302f0a4e9d93b0435625536165dde4c7fe71b235
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js
200 OK 4.1 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/js/script.js
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (4086), with no line terminators
Hash dbaf0bb4818528bdde822aa67b62345c
d3def9b27b543d90849188f24e11883aab146df5
c972c022b8fa30c933194d5e7c9ad5e795a5bee79ace85da85307e20213b3797
GET /gdpr/js/script.js HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/javascript
date: Thu, 01 Jun 2023 05:00:53 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 4086
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js
200 OK 1.2 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/gdpr/langs/en.js
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
Hash 3455d58a98162d6fd6c89b848e48097d
f8a1cd935774ab7e85de8dbd14ec39408677450b
11408d630284e94bb4ddaee08b294fd2cb0342bdfcb443f67deb4a062aa55dc5
GET /gdpr/langs/en.js HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/javascript
date: Thu, 01 Jun 2023 05:00:53 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1170
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-69935771-28
200 OK 47 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-69935771-28
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (2271)
Hash f5848236501e66e4d23b70e80a7ce07a
a4b2cf546aa7f1cf0e33c44843d796878b779f3b
910589f6f78a5a24e85e14becdf6105b7f497d2333429a0e9d865a4062b3f8e1
GET /gtag/js?id=UA-69935771-28 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: Thu, 01 Jun 2023 05:00:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47387
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
1.5 kB URL ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
Hash 1382a38474030775caa8c292a66fe3d8
323611d6a2a0bf135df32ef7f713e6b61abc81bf
ec80965d286863bc640980e9d9a07cf9cc926f6199ccb6edd09666ea1858fa0d
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "3E69E965255DFF1B1D9E5A7D97D63A674F4CFC7A"
Expires: Thu, 01 Jun 2023 16:00:00 UTC
Last-Modified: Thu, 01 Jun 2023 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Thu, 01 Jun 2023 05:00:54 GMT
Via: 1.1 varnish
Age: 823
X-Served-By: cache-bma1643-BMA
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1685595654.177941,VS0,VE0
www.googletagmanager.com/gtm.js?id=GTM-N24X7V9
200 OK 71 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N24X7V9
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type Unicode text, UTF-8 text, with very long lines (11769)
Hash 824dcc0d9105749212e6c612ee2e7c4d
5960f74a73d0a5b19ab2e8b235dafee702bb8648
6616be09ba0565854f49c2fd228f4aa6f17cfcc15472f42a388633ab57e8f37a
GET /gtm.js?id=GTM-N24X7V9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: Thu, 01 Jun 2023 05:00:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71218
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css
200 OK 897 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 897 kB (897289 bytes)
Hash 8a93e102c5c9ad3f61fa00dbc1c0bfb1
ae728e564d4dd1fae89c3cf993dda157c410b6ae
3ddf2cb578216a0e9b917347552661e840ef8cca3f322402fd746529663aa2df
GET /dist/styles.css HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=1209600
content-type: text/css
date: Thu, 01 Jun 2023 05:00:53 GMT
last-modified: Fri, 26 May 2023 11:53:53 GMT
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 897289
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 5b53f2fcda25e30bbbf202b507fac96c
1d1cfb1765f42aba83c3b3e89417b228ed9f0b22
6971f9675ef64b91754cc952302f0a4e9d93b0435625536165dde4c7fe71b235
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c
200 OK 83 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type ASCII text, with very long lines (4372)
Hash 6c58c3c9e7058ad77faa7a40767bb11d
68752b1345791f9ac34a4e05049704985902a064
bdaa14f41796fa9364ddeb61395fb453ac3355fad8f628ec66b9f9520410a25a
GET /gtag/js?id=G-SWXNNMMKPQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: Thu, 01 Jun 2023 05:00:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 83159
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
472 B IP
Hash 582908ff8bc13bc9b5422491129d8b0e
8deb8d1987e09761ca90108160cc262f1ee8dffa
daa1cabdc684ac8d98c86cd6aa983b52bb982052a8a7b6632f565a606c85a8b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/td?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0
204 No Content 0 B URL GET HTTP/3 www.googletagmanager.com/td?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /td?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 01 Jun 2023 05:00:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.googleapis.com/css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap
200 OK 1.7 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT
Hash 28b5544469130de56b0077afa698de58
7c3fabdd5df88fdd5f56fb245ac165580c8742b1
06d24880fe15f50c4831f407488ce5b02c7959173d39180f5861b3b99e4e1c6c
GET /css2?family=Lato:wght@400;700&family=Montserrat:wght@400;500;700&family=Muli&family=Mulish&family=Noto+Serif&family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&family=Raleway:wght@400;800;900&family=Source+Sans+Pro:wght@400;600&family=Source+Serif+Pro&family=Work+Sans:wght@400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Jun 2023 05:00:54 GMT
date: Thu, 01 Jun 2023 05:00:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Mulish:wght@900&display=swap
200 OK 2.2 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Mulish:wght@900&display=swap
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT
File type gzip compressed data, max compression\012- data
Hash ab0495951cf3d7adf090926ed230ae41
50a5823125b8e0c6b92c4595fc956777f1e03599
4be3bcda635b1f811f3ddcfafa91e3383617773af5dc74697e8909077543d0f4
GET /css2?family=Mulish:wght@900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Jun 2023 05:00:54 GMT
date: Thu, 01 Jun 2023 05:00:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init&eid=0&tc=14&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdgalast&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init&eid=0&tc=14&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdgalast&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init&eid=0&tc=14&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdgalast&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:54 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
472 B IP
Hash fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2
200 OK 20 kB URL GET HTTP/2 fonts.gstatic.com/s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 19980, version 1.0\012- data
Hash 98704f42d118d52a4979dc08df276440
0066115b1dfedfe4cb6294fbdc73f921e6062ab9
547a2c05a1b8744633148a704ddba5adac238c5cbaf05bbd25606827a372b019
GET /s/sourceserifpro/v15/neIQzD-0qpwxpaWvjeD0X88SAOeauXQ-oA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 13:50:12 GMT
expires: Thu, 30 May 2024 13:50:12 GMT
cache-control: public, max-age=31536000
age: 54642
last-modified: Wed, 27 Apr 2022 15:45:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
200 OK 13 kB URL GET HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:16:39 GMT
expires: Thu, 30 May 2024 00:16:39 GMT
cache-control: public, max-age=31536000
age: 103455
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
200 OK 13 kB URL GET HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 May 2023 17:39:39 GMT
expires: Sun, 26 May 2024 17:39:39 GMT
cache-control: public, max-age=31536000
age: 386475
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
200 OK 23 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 20:15:31 GMT
expires: Wed, 29 May 2024 20:15:31 GMT
cache-control: public, max-age=31536000
age: 117923
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.js&eid=1&tc=14&tr=1gct&epr=1G.2G&ti=1gct&u=AAAAAAAAAAAAAIA&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.js&eid=1&tc=14&tr=1gct&epr=1G.2G&ti=1gct&u=AAAAAAAAAAAAAIA&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.js&eid=1&tc=14&tr=1gct&epr=1G.2G&ti=1gct&u=AAAAAAAAAAAAAIA&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:54 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtag.config&eid=2&tc=14&u=AAAAAAAAAAAAAIA&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtag.config&eid=2&tc=14&u=AAAAAAAAAAAAAIA&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtag.config&eid=2&tc=14&u=AAAAAAAAAAAAAIA&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:54 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&e=gtm.init&eid=0&tc=14&tr=5ogt1pdatav2.5ccdgafirst.5setproductsettings.5ogtgooglesignals.5ccdgaregscope.5ccdemdownload.5ccdemoutboundclick.5ccdempageview&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview&u=AAAAAAAAAAAAAIA&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&e=gtm.init&eid=0&tc=14&tr=5ogt1pdatav2.5ccdgafirst.5setproductsettings.5ogtgooglesignals.5ccdgaregscope.5ccdemdownload.5ccdemoutboundclick.5ccdempageview&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview&u=AAAAAAAAAAAAAIA&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&e=gtm.init&eid=0&tc=14&tr=5ogt1pdatav2.5ccdgafirst.5setproductsettings.5ogtgooglesignals.5ccdgaregscope.5ccdemdownload.5ccdemoutboundclick.5ccdempageview&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview&u=AAAAAAAAAAAAAIA&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:54 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
472 B IP
Hash fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 05:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sleeknotecustomerscripts.sleeknote.com/87524.js
200 OK 1.1 kB URL GET HTTP/2 sleeknotecustomerscripts.sleeknote.com/87524.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.sleeknote.com
Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E
ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (2671), with no line terminators
Hash d0795b85c1efcdd878f436de3271a7d0
77bb42833de3c6427576bdd299893ec6ded41817
32068555973b31463686e942e1ba010d5002af3d3dab3c70bebcb111f0ec24e9
GET /87524.js HTTP/1.1
Host: sleeknotecustomerscripts.sleeknote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 1074
last-modified: Wed, 08 Feb 2023 13:12:04 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 96riHVWG.h_17D_4wDulhp7NODiLZJPy
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Jun 2023 05:00:55 GMT
cache-control: max-age=60
etag: "abdcf6babc9bbac009ee7a5a8a1c447c"
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JyeJt0q-t0TbpvK8hCl9B0h-2ZrzlNqsk2VF7hwCMlRTJrSo2bXCZw==
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/favicon-16x16.png
200 OK 1.2 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/favicon-16x16.png
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash a86978c1bf63a0950f991c940d6fa0e7
e7d3cc1ad625e2ad191fdd092cdb8c89564f1567
bf05a27240af0fa968c7394905fc2e6d9dfa51edec38a926efba4c8bf0399db9
GET /favicon/favicon-16x16.png HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA; _ga_SWXNNMMKPQ=GS1.1.1685595654.1.0.1685595654.0.0.0; _ga=GA1.1.1406732349.1685595654
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: image/png
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1235
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/apple-touch-icon.png
200 OK 10 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/favicon/apple-touch-icon.png
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash 47001c105674123e5c9dfbde7046c21b
246d6dab45d06803db4ab8238642fbd012b3d343
64debab32dbe30ee2fd60a3b0fa011b6adf36b34af07656cedbb4b1c9d055c20
GET /favicon/apple-touch-icon.png HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA; _ga_SWXNNMMKPQ=GS1.1.1685595654.1.0.1685595654.0.0.0; _ga=GA1.1.1406732349.1685595654
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: image/png
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 10180
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
471 B URL ocsp.r2m01.amazontrust.com/
IP
Hash 0becf87f02ae5a7027a1742358110ee2
0d38123abfe0c318bc4a8ca84376bcfb8549b48c
85c004a6b59bfda14b8a32469e97d792f40b8075483aadac9acd7f049bedefda
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 01 Jun 2023 05:00:54 GMT
Last-Modified: Thu, 01 Jun 2023 04:42:44 GMT
Server: ECAcc (nya/7946)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HK1Dd8DoCubEDZ669B4bskmLi4NmjnYaTRrnvSNdi79WeKh-PZMDNA==
Age: 1090
d14jnfavjicsbe.cloudfront.net/client.js
200 OK 29 kB URL GET HTTP/2 d14jnfavjicsbe.cloudfront.net/client.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash a16d53cdcebbe49e0315c89f10c94f30
d527c98e48b500f64c02f01296d89de32e564529
9197a4e29bff62d1a91b12c57d0c3ac58a75294581de35005cb09cfe43b7d121
GET /client.js HTTP/1.1
Host: d14jnfavjicsbe.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
last-modified: Thu, 19 Jan 2023 17:30:45 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-md5sum: i48XcACSBVS9Hp96FezhMA==
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Jun 2023 04:59:52 GMT
cache-control: max-age=300
etag: W/"8b8f177000920554bd1e9f7a15ece130"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4AHA6sqIGpSFHB5Fv4t3CWpAswGvYuUGytprg_SaOI4KsG_6Up5Zzw==
age: 63
X-Firefox-Spdy: h2
api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=9045f1dd2e3749859f7891dd001ccdcc&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_233142017
200 OK 101 B URL GET HTTP/2 api.getdrip.com/client/track?url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=9045f1dd2e3749859f7891dd001ccdcc&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_233142017
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.getdrip.com
Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8
ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash d959009d167e79c58b40fdeb67ecec93
10118d8c8e26510cc9849bed9c1d7154f496574f
9a2299bd46b020995c2bc5cb9b4545de63a3d1780f47c31f3623008ae5b3e79b
GET /client/track?url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&visitor_uuid=9045f1dd2e3749859f7891dd001ccdcc&_action=Visited%20a%20page&source=drip&drip_account_id=2607659&callback=Drip_233142017 HTTP/1.1
Host: api.getdrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 101
date: Thu, 01 Jun 2023 05:00:55 GMT
x-amzn-requestid: 6ac77680-6c11-4836-b28b-36f3a8f32f69
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-runtime: 0.055790
strict-transport-security: max-age=63072000; includeSubDomains
x-amzn-remapped-content-length: 101
x-frame-options: SAMEORIGIN
x-amzn-remapped-connection: keep-alive
x-download-options: noopen
x-request-id: fbd5050b-3b1c-49bc-a3a7-34544f20f14d
x-amz-apigw-id: F0rhNE_moAMF0jg=
vary: Accept
cache-control: max-age=0, private, must-revalidate
x-amzn-remapped-server: nginx
x-content-type-options: nosniff
etag: W/"9a2299bd46b020995c2bc5cb9b4545de"
x-amzn-remapped-date: Thu, 01 Jun 2023 05:00:55 GMT
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VXu1kw-SrcMEr0BBIsuNiFIdG6XgdCE2kkS8jwtt_1T1Z9IY-t5zfQ==
X-Firefox-Spdy: h2
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.load&eid=12&tc=14&epr=1G.2G&u=AgAAAAAAAAAAAIA&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.load&eid=12&tc=14&epr=1G.2G&u=AgAAAAAAAAAAAIA&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.load&eid=12&tc=14&epr=1G.2G&u=AgAAAAAAAAAAAIA&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:56 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sleeknotestaticcontent.sleeknote.com/core.js
200 OK 5.1 kB URL GET HTTP/2 sleeknotestaticcontent.sleeknote.com/core.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.sleeknote.com
Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E
ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (5262), with no line terminators
Hash c53bfdf7753c7e287bdc34d6341d34ee
c969a0b7ee6600d3acd0e5f7fe042d41a9c277d4
513b8788b0807a06922e50b4dbdc3e65ec9916158ccef555e1b5718e5cfca018
GET /core.js HTTP/1.1
Host: sleeknotestaticcontent.sleeknote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
last-modified: Mon, 22 May 2023 13:54:44 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 5H1fv2G__6_dIn0aD9fkrpDqS2iLYyat
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Jun 2023 05:00:32 GMT
cache-control: no-cache
etag: W/"58ba84e58fa7ae7f3c364db6a49d9bb3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Sy79FVs_soSXDW6c6MeFb58qtfj2o6a2l966APkEpIntOfbpy2Zqxw==
age: 24
X-Firefox-Spdy: h2
sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js
200 OK 98 kB URL GET HTTP/3 sleeknotestaticcontent.sleeknote.com/production/package-core-boot.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.sleeknote.com
Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E
ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 838934604d1ae92e3e326caeaddddad3
6844bbcbb9e2b88b56407f1317784d59bf18973f
e9fc8124ccafdea33eab027cbb0cc3c16f7d17ca673ee67db0ae3726420bb6e4
GET /production/package-core-boot.js HTTP/1.1
Host: sleeknotestaticcontent.sleeknote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript
alt-svc: h3=":443"; ma=86400
age: 74
last-modified: Mon, 22 May 2023 13:54:42 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: AyKVK718FBsB8iKvPaHD2zjd_TnZXRS8
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Jun 2023 04:59:47 GMT
cache-control: no-cache
etag: W/"838934604d1ae92e3e326caeaddddad3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JsH8sUSdlX6kAy1mElsPh_F68g_1yCdfRFZVs1xxKzg0uK1OOweZwQ==
sleeknotestaticcontent.sleeknote.com/production/package-tracker.js
200 OK 14 kB URL GET HTTP/3 sleeknotestaticcontent.sleeknote.com/production/package-tracker.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.sleeknote.com
Fingerprint50:66:77:92:47:1B:8E:70:4D:A3:75:3D:A4:97:9D:EA:F0:F1:22:5E
ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 06 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (13926), with no line terminators
Hash 0a8a47db16031429c3a5edfd7ffc3f99
8bce3151d9311f8a0360918b736a10549b84b2b7
3066fce80c674eb04f10fcb4aecb04d173e7a678d82f2e97ff155404b6cc5763
GET /production/package-tracker.js HTTP/1.1
Host: sleeknotestaticcontent.sleeknote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript
alt-svc: h3=":443"; ma=86400
age: 47
last-modified: Mon, 22 May 2023 13:54:42 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: xoAFNHQ4yAC_AQ7s5I38oKW8nrGJEmLi
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Jun 2023 05:00:09 GMT
cache-control: no-cache
etag: W/"0a8a47db16031429c3a5edfd7ffc3f99"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 781gL1DBwLtLtZzxhMusNoxrR3q_n_gtqsgw_nRJgOUu4sOyexIGkg==
tag.getdrip.com/2607659.js
200 OK 5.3 kB URL GET HTTP/2 tag.getdrip.com/2607659.js
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.getdrip.com
Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8
ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (5823), with no line terminators
Hash 725a8e2a4c51abc5bff0568db7885115
b9d5d1b24a3a2f93d3925c82fc6149dccb305f60
384f807bd86de9cac640a3cca048c88c7d212f896a1945250b8ded3c8a8b33b7
GET /2607659.js HTTP/1.1
Host: tag.getdrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 01 Jun 2023 04:26:16 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Jun 2023 05:00:49 GMT
etag: W/"a4897670540ded906f3d436dd0ae6abd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3xx6fK-CgZfzWP2sa2iigtghV6oxACFI6w7dlsUl-18-5z28uruz3A==
age: 6
X-Firefox-Spdy: h2
www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0
200 OK 0 B URL GET HTTP/3 www.googletagmanager.com/a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?id=G-SWXNNMMKPQ&cv=1&v=3&t=t&pid=1344610736&rv=35v0&es=1&e=gtm.init_consent&eid=-1&tc=14&dl=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&tdp=G-SWXNNMMKPQ;81061948;1;2;0&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 01 Jun 2023 05:00:54 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
200 OK 3.4 kB URL User Request GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
IP
ASN #14061 DIGITALOCEAN-ASN
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3603), with no line terminators
Hash 1b7a6a505727008af6d36e30839a2ea9
c761455970929609ca0e19827309358c6e548073
33ef94834b3c6a8e44db9ac9da622885910fc5cf0f3bf7d29109a4f9c76fbc5a
GET / HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-language: en-US
content-type: text/html;charset=UTF-8
date: Thu, 01 Jun 2023 05:00:53 GMT
expires: 0
pragma: no-cache
server: Caddy, Cowboy
set-cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA; Max-Age=21600; Expires=Thu, 01-Jun-2023 11:00:53 GMT; Path=/; Secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/src/assets/images/error-404..svg
200 OK 1.6 kB URL GET HTTP/2 sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/src/assets/images/error-404..svg
IP
ASN #14061 DIGITALOCEAN-ASN
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerZeroSSL
Subject
FingerprintA7:12:92:08:D4:D4:9E:7B:8B:AF:F8:26:47:0B:DD:88:C5:DE:89:A7
ValidityFri, 05 May 2023 00:00:00 GMT - Thu, 03 Aug 2023 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1740), with no line terminators
Hash 708aa88c535179d2504d741878a49332
933fdc7774f923d76e2aff5e88e7f83bb877a749
7cacc21e339c9586840151462076b92d4b8904a155de55887f09b822a2768f3c
GET /dist/src/assets/images/error-404..svg HTTP/1.1
Host: sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/dist/styles.css
Cookie: JSESSIONID=255C91F901C1FCA3770B81B56D9383CA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: image/svg+xml
date: Thu, 01 Jun 2023 05:00:54 GMT
expires: 0
last-modified: Fri, 26 May 2023 11:53:53 GMT
pragma: no-cache
server: Caddy, Cowboy
strict-transport-security: max-age=31536000 ; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1613
X-Firefox-Spdy: h2
api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_546214407
200 OK 84 B URL GET HTTP/2 api.getdrip.com/client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_546214407
IP
Requested by https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Certificate IssuerAmazon
Subject*.getdrip.com
Fingerprint3E:57:50:A6:D1:A1:2E:AF:A3:74:E3:E3:F5:0E:42:F8:C9:9F:C8:C8
ValidityFri, 24 Feb 2023 00:00:00 GMT - Sat, 27 Jan 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 01641039946da60ff5ce9ec333e1f8d7
e7411bcb2d0353d381f9d89d4b92ac2ecae9ecf8
ddd9ffc3e90486d5a453699d14110039e925fbdaf7c93ff4d0ed8e38b96fb902
GET /client/events/visit?drip_account_id=2607659&referrer=&url=https%3A%2F%2Fsberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com%2F&domain=sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_546214407 HTTP/1.1
Host: api.getdrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sberbank.sber.avito.avito.avito.avito.blablacar.sber.covid19lockdownblog.blog.demo.com.decodingplaces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 84
date: Thu, 01 Jun 2023 05:00:55 GMT
x-amzn-requestid: a512b9bb-614f-49b7-a5ed-cab5d4ce3546
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-runtime: 0.013455
strict-transport-security: max-age=63072000; includeSubDomains
x-amzn-remapped-content-length: 84
x-frame-options: SAMEORIGIN
x-amzn-remapped-connection: keep-alive
x-download-options: noopen
x-request-id: 4cbdcaa8-672d-406d-8c4c-90951cc4b7db
x-amz-apigw-id: F0rhKGL7oAMFfzA=
vary: Accept
cache-control: max-age=0, private, must-revalidate
x-amzn-remapped-server: nginx
x-content-type-options: nosniff
etag: W/"05ae59e62643e500c1b7b90f5b4a40a3"
x-amzn-remapped-date: Thu, 01 Jun 2023 05:00:55 GMT
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RVX90Z2BRs6a7ZpCN2JQRJGhRJ-oPLj4wzpH3B_-lbKIpbxuMlKM8Q==
X-Firefox-Spdy: h2
159.89.215.151
142.250.74.40
0.0.0.0