healythbilling.gq Open in urlscan Pro
2606:4700:3031::681b:b5ef Public Scan

Go To Rescan
Add Verdict Report

URL:
https://healythbilling.gq/
Submission: On May 05 via automatic, source certstream-suspicious (May 5th 2020, 1:42:05 pm UTC)

Summary HTTP 183 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 34 IPs in 7 countries across 27 domains to perform 183 HTTP transactions. The main IP is 2606:4700:3031::681b:b5ef, located in United States and belongs to CLOUDFLARENET, US. The main domain is healythbilling.gq.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 5th 2020. Valid for: 5 months.

This is the only time healythbilling.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2606:4700:303... 2606:4700:3031::681b:b5ef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
34	35.201.89.39 35.201.89.39	15169 (GOOGLE) (GOOGLE)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
3 6	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.100.138.62 95.100.138.62	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
9	2.20.143.91 2.20.143.91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a03:2880:f22... 2a03:2880:f22d:c4:face:b00c:0:43fe	32934 (FACEBOOK) (FACEBOOK)
1 3	2a03:2880:f22... 2a03:2880:f22d:e5:face:b00c:0:4420	32934 (FACEBOOK) (FACEBOOK)
3	2a01:4f8:110:... 2a01:4f8:110:5005::2	24940 (HETZNER-AS) (HETZNER-AS)
1	2600:9000:207... 2600:9000:2070:9c00:15:efbc:e300:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
16	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE)
17	2a02:26f0:10c... 2a02:26f0:10c:382::3b8c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.240.50.85 35.240.50.85	15169 (GOOGLE) (GOOGLE)
1	2600:9000:209... 2600:9000:2093:6e00:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.224.123 104.111.224.123	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	34.98.97.158 34.98.97.158	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	95.142.20.17 95.142.20.17	20645 (PUREPEAK-ASN) (PUREPEAK-ASN)
3	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
183	34

27 2606:4700:3031::681b:b5ef (United States)

ASN13335 (CLOUDFLARENET, US)

healythbilling.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 35.201.89.39 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 39.89.201.35.bc.googleusercontent.com

media.bttry.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:815::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.138.62 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-138-62.deploy.static.akamaitechnologies.com

tag.aticdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.20.143.91 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-20-143-91.deploy.static.akamaitechnologies.com

files.missbloom.gr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.capital.gr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.missbloom.gr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f22d:c4:face:b00c:0:43fe (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

platform.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f22d:e5:face:b00c:0:4420 (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a01:4f8:110:5005::2 (Heidelberg, Germany)

ASN24940 (HETZNER-AS, DE)

www.vidads.gr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:9c00:15:efbc:e300:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a02:26f0:10c:382::3b8c (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

widget.yallarec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img9-api.yallarec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.240.50.85 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 85.50.240.35.bc.googleusercontent.com

app.exitbee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:6e00:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.224.123 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-224-123.deploy.static.akamaitechnologies.com

logws1312.ati-host.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.97.158 (United States)

ASN15169 (GOOGLE, US)
PTR: 158.97.98.34.bc.googleusercontent.com

cdn.exitbee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.142.20.17 (Israel)

ASN20645 (PUREPEAK-ASN, IL)
PTR: ip-95-142-20-17.purepeak.com

api.yallarec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	bttry.net media.bttry.net	85 KB
27	healythbilling.gq healythbilling.gq	908 KB
22	doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net	122 KB
19	ampproject.org cdn.ampproject.org	485 KB
18	yallarec.com widget.yallarec.com api.yallarec.com img9-api.yallarec.com	244 KB
16	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	341 KB
8	missbloom.gr files.missbloom.gr www.missbloom.gr	76 KB
6	google.com 3 redirects www.google.com	349 B
4	instagram.com 2 redirects platform.instagram.com www.instagram.com	5 KB
4	googleapis.com fonts.googleapis.com ajax.googleapis.com imasdk.googleapis.com	120 KB
3	criteo.net static.criteo.net	30 KB
3	vidads.gr www.vidads.gr	84 KB
2	facebook.com www.facebook.com	456 B
2	ati-host.net 1 redirects logws1312.ati-host.net	1 KB
2	exitbee.com app.exitbee.com cdn.exitbee.com	33 KB
2	facebook.net connect.facebook.net	152 KB
2	agkn.com js.agkn.com d.agkn.com	3 KB
2	googletagservices.com www.googletagservices.com	42 KB
2	cloudflare.com cdnjs.cloudflare.com	7 KB
2	google.de www.google.de adservice.google.de	433 B
2	google-analytics.com ssl.google-analytics.com www.google-analytics.com	35 KB
1	criteo.com bidder.criteo.com	147 B
1	onesignal.com cdn.onesignal.com	3 KB
1	capital.gr www.capital.gr	25 KB
1	aticdn.net tag.aticdn.net	20 KB
1	googleadservices.com www.googleadservices.com	11 KB
0	qds.ninja Failed t.qds.ninja Failed
183	27

	Domain	Requested by
34	media.bttry.net	healythbilling.gq
27	healythbilling.gq	healythbilling.gq
19	cdn.ampproject.org	securepubads.g.doubleclick.net
16	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net healythbilling.gq
15	img9-api.yallarec.com	healythbilling.gq
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net healythbilling.gq tpc.googlesyndication.com
7	files.missbloom.gr	healythbilling.gq
6	www.google.com	3 redirects healythbilling.gq
6	googleads.g.doubleclick.net	www.googleadservices.com pagead2.googlesyndication.com healythbilling.gq
4	pagead2.googlesyndication.com	healythbilling.gq pagead2.googlesyndication.com securepubads.g.doubleclick.net cdn.exitbee.com
3	static.criteo.net	widget.yallarec.com
3	www.vidads.gr	healythbilling.gq www.vidads.gr
3	www.instagram.com	1 redirects healythbilling.gq www.instagram.com
2	www.facebook.com	healythbilling.gq connect.facebook.net
2	logws1312.ati-host.net	1 redirects healythbilling.gq
2	connect.facebook.net	healythbilling.gq connect.facebook.net
2	widget.yallarec.com	healythbilling.gq widget.yallarec.com
2	www.googletagservices.com	healythbilling.gq pagead2.googlesyndication.com
2	cdnjs.cloudflare.com	healythbilling.gq
2	fonts.googleapis.com	healythbilling.gq
1	imasdk.googleapis.com	www.vidads.gr
1	bidder.criteo.com	static.criteo.net
1	api.yallarec.com	widget.yallarec.com
1	cdn.exitbee.com	app.exitbee.com
1	ajax.googleapis.com	widget.yallarec.com
1	d.agkn.com	js.agkn.com
1	app.exitbee.com	healythbilling.gq
1	www.missbloom.gr	healythbilling.gq
1	adservice.google.de	www.googletagservices.com
1	www.google-analytics.com	healythbilling.gq
1	cdn.onesignal.com	healythbilling.gq
1	js.agkn.com	healythbilling.gq
1	www.capital.gr	healythbilling.gq
1	platform.instagram.com	1 redirects
1	tag.aticdn.net	healythbilling.gq
1	www.google.de	healythbilling.gq
1	ssl.google-analytics.com	healythbilling.gq
1	www.googleadservices.com	healythbilling.gq
0	t.qds.ninja Failed	healythbilling.gq
183	39

This site contains links to these domains. Also see Links.

Domain
www.braunoni.nl
www.ideal.nl
www.americanexpress.com
www.webutation.net
www.comodo.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-05-05` - `2020-10-09`	5 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
media.bttry.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-02` - `2021-04-01`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
tag.aticdn.net GeoTrust RSA CA 2018	`2020-03-09` - `2021-05-08`	a year	crt.sh
capital.gr Let's Encrypt Authority X3	`2020-04-20` - `2020-07-19`	3 months	crt.sh
*.www.instagram.com DigiCert SHA2 High Assurance Server CA	`2020-03-07` - `2020-06-05`	3 months	crt.sh
ssl2.nemohq.gr Let's Encrypt Authority X3	`2020-04-27` - `2020-07-26`	3 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2018-06-21` - `2020-09-16`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh
*.yallarec.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-16` - `2021-03-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-04-15` - `2020-07-14`	3 months	crt.sh
app.exitbee.com SSL.com RSA SSL subCA	`2019-07-08` - `2020-10-04`	a year	crt.sh
*.ati-host.net DigiCert SHA2 Secure Server CA	`2020-03-23` - `2021-05-22`	a year	crt.sh
cdn.exitbee.com GTS CA 1D2	`2020-04-24` - `2020-07-23`	3 months	crt.sh
*.criteo.net DigiCert ECC Secure Server CA	`2020-03-30` - `2020-06-28`	3 months	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-03-30` - `2020-06-28`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-04-07` - `2020-06-30`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://healythbilling.gq/
Frame ID: 5B1783A2649B87DF60326BD49027E366
Requests: 60 HTTP requests in this frame

Frame: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Frame ID: 3579D8AF5743A99BB5729930D4E1E1B7
Requests: 84 HTTP requests in this frame

Frame: https://d.agkn.com/iframe/8613/?che=467498549&gdpr=&gdpr_consent=&ref=&bpid=atticagreece&c=%7B%22bpid%22%3A%22atticagreece%22%2C%22loc%22%3A%22https%3A%2F%2Fhealythbilling.gq%2F%22%2C%22gdpr%22%3A%22%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Frame ID: DDFA7851F8025747511EE25BA6EF34AB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200430/r20190131/zrt_lookup.html
Frame ID: 629C651AA16E67E41A971698CE3BD80F
Requests: 1 HTTP requests in this frame

Frame: https://www.instagram.com/p/BJwAgHvAlt9/embed/captioned/?cr=1&v=7&rd=https%3A%2F%2Fhealythbilling.gq&rp=%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto
Frame ID: BF480E1D8C2745D4005D936D90AC6CF1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?output=html&adk=1812271804&adf=3279755397&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhealythbilling.gq%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588686108432&bpp=13&bdt=508&idt=131&shv=r20200430&cbv=r20190131&ptt=9&saldr=aa&nras=1&correlator=1229884438714&frm=23&ife=1&pv=2&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&ga_fc=0&ga_cid=955855319.1588686108&iag=3&icsg=2199839768611&nhd=1&dssz=57&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&isw=0&ish=0&ifk=19644707&scr_x=0&scr_y=0&eid=21065532%2C21066085&oid=3&pvsid=629442068964899&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8212&bc=31&ifi=12&uci=c.qbqskyzcwwty&fsb=1&dtd=144
Frame ID: 7C322F8B9E1C21AE05B976E0092C7034
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js
Frame ID: 6EA9146B352DF007746CCD4C215D89C4
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 60F8AFEF7F6F5828EF033468E01E1510
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js
Frame ID: 7CACD2FCB2F89EA48BF52580B68D7BDD
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js
Frame ID: 3BF375E83A3EB174F63BC0D5B2BD6483
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

183
Requests

99 %
HTTPS

71 %
IPv6

27
Domains

39
Subdomains

34
IPs

7
Countries

2833 kB
Transfer

8304 kB
Size

5
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.braunoni.nl/?tracker=bu_footer

Search URL Search Domain Scan URL

URL: http://www.ideal.nl/

Search URL Search Domain Scan URL

URL: https://www.americanexpress.com/

Search URL Search Domain Scan URL

URL: http://www.webutation.net/go/review/batterychampion.com

Search URL Search Domain Scan URL

URL: https://www.comodo.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://platform.instagram.com/en_US/embeds.js HTTP 301
https://www.instagram.com/embed.js HTTP 302
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/bf4a12bd69f3.js

Request Chain 110

https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref= HTTP 302
https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref=&Rdt=On

Request Chain 159

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 173

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 185

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

183 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
healythbilling.gq/ 79 KB
16 KB 156ms
95ms Document
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3174003a7f82a954d93d77cb0164bbfce6139b9640bb2276337d8f1d6c599eda

Request headers

:method: GET
:authority: healythbilling.gq
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 05 May 2020 13:41:47 GMT
content-type: text/html
set-cookie: __cfduid=d833345ebf5d396b59bfd86ebcc1f0d5d1588686107; expires=Thu, 04-Jun-20 13:41:47 GMT; path=/; domain=.healythbilling.gq; HttpOnly; SameSite=Lax
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58eae18b6e1d05d0-FRA
content-encoding: br
cf-request-id: 0286ab4b1f000005d0b4216200000001

GET
H2 200 css
fonts.googleapis.com/ 3 KB
586 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nobile:regular,italic,bold,bolditalic&subset=latin

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2277998eda0b623970599925bfe2360cee97cf17b4449b67866171b139272bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 May 2020 13:41:47 GMT
server: ESF
date: Tue, 05 May 2020 13:41:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 May 2020 13:41:47 GMT

GET
H2 200 style.css.php
healythbilling.gq/_BWF/css/ 90 KB
18 KB 114ms
111ms Stylesheet
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/css/style.css.php
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c4430a40963aebf64baaad3ac8e744f44e9037459a9edf8c0d6640c3384d127

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 10 Feb 2019 16:02:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html
status: 200
cf-ray: 58eae18c28ac05d0-FRA
cf-request-id: 0286ab4b95000005d0b421e200000001

GET
H2 200 css
fonts.googleapis.com/ 2 KB
639 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:700

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4272c8c7662c261bcc8e0b264aae83a7797aeb4bf4daf17780872c07f7d9601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 May 2020 13:41:47 GMT
server: ESF
date: Tue, 05 May 2020 13:41:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 May 2020 13:41:47 GMT

GET
H2 200 batterystyle.css.php
healythbilling.gq/css/ 151 KB
28 KB 109ms
106ms Stylesheet
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/css/batterystyle.css.php
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d1669b8e04aabf7547e96dfe1f693dacb413ee8a22570ba5bb6af9b79c749e0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html
status: 200
cf-ray: 58eae18c28af05d0-FRA
cf-request-id: 0286ab4b95000005d0b421f200000001

GET
H2 200 thickbox.css
healythbilling.gq/_BWF/css/ 184 KB
33 KB 172ms
169ms Stylesheet
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/css/thickbox.css
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6db43921deeeb1f6361287b5dd649f2f3257159273baf212a1c296f1b9976c80

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28b005d0-FRA
cf-request-id: 0286ab4b95000005d0b4220200000001

GET
H2 200 jquery.js Show response
healythbilling.gq/_BWF/js/jquery/ 151 KB
28 KB 162ms
160ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/jquery/jquery.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d1669b8e04aabf7547e96dfe1f693dacb413ee8a22570ba5bb6af9b79c749e0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28b105d0-FRA
cf-request-id: 0286ab4b95000005d0b4221200000001

GET
H2 200 jquery.json.js Show response
healythbilling.gq/_BWF/js/jquery/json/ 90 KB
18 KB 166ms
164ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/jquery/json/jquery.json.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c4430a40963aebf64baaad3ac8e744f44e9037459a9edf8c0d6640c3384d127

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28b205d0-FRA
cf-request-id: 0286ab4b95000005d0b4222200000001

GET
H2 200 jquery.blink.js Show response
healythbilling.gq/_BWF/js/jquery/blink/ 45 KB
11 KB 164ms
161ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/jquery/blink/jquery.blink.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9787bba49c28fdf31c7c4d791e1ab0153855f7a3db826a7a741dadca6c6f889b

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28b405d0-FRA
cf-request-id: 0286ab4b95000005d0b4223200000001

GET
H2 200 functions.js Show response
healythbilling.gq/js/ 151 KB
27 KB 159ms
156ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/js/functions.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d1669b8e04aabf7547e96dfe1f693dacb413ee8a22570ba5bb6af9b79c749e0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28b705d0-FRA
cf-request-id: 0286ab4b95000005d0b4224200000001

GET
H2 200 functions.js Show response
healythbilling.gq/_BWF/js/ 109 KB
70 KB 158ms
156ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/functions.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0dce747ceddc5f5730f9ed252d75750076e0d17d5ce87ca3e1852ebc1fb91e7a

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28bc05d0-FRA
cf-request-id: 0286ab4b95000005d0b4225200000001

GET
H2 200 rsh.js Show response
healythbilling.gq/_BWF/js/RSH0.6FINAL/ 103 KB
11 KB 167ms
165ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/RSH0.6FINAL/rsh.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd43fb8026b5bfd2818af5faaea893f008dc56555377296264611f94534c0dec

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28bd05d0-FRA
cf-request-id: 0286ab4b95000005d0b4226200000001

GET
H2 200 overlib.js Show response
healythbilling.gq/_BWF/js/overlib/ 110 KB
39 KB 164ms
163ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/overlib/overlib.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3681c54b41bbaba74dde376a6db966614cc49c08676c2dc86e852f655a8ead26

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28be05d0-FRA
cf-request-id: 0286ab4b95000005d0b4227200000001

GET
H2 200 ajax.js Show response
healythbilling.gq/_BWF/js/ 164 KB
36 KB 204ms
202ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/ajax.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f86fbdb246ed4aae95c0629673b34970ec295017aa2c4f3fde9b047f1008af3

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28c005d0-FRA
cf-request-id: 0286ab4b95000005d0b4228200000001

GET
H2 200 thickbox.js Show response
healythbilling.gq/_BWF/js/ 292 KB
57 KB 164ms
162ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/thickbox.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 354d4c7d0db4d65289bdf9d1ba2cda998bfbf9666b43857362342081ff73e073

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28c205d0-FRA
cf-request-id: 0286ab4b95000005d0b4229200000001

GET
H2 200 shopBrowser.js Show response
healythbilling.gq/js/ 225 KB
43 KB 162ms
160ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/js/shopBrowser.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71bc645c0ef027553895571ae650f8975eb98a95229de17853287348b8d03c43

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28c705d0-FRA
cf-request-id: 0286ab4b95000005d0b422a200000001

GET
H2 200 jquery.easyTooltip.js Show response
healythbilling.gq/_BWF/js/jquery/custom/ 211 KB
37 KB 224ms
222ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/_BWF/js/jquery/custom/jquery.easyTooltip.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 116890c2f62f32153ab0f046b698c6204086c35a9678a3d3ba219e681f517fdf

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28c905d0-FRA
cf-request-id: 0286ab4b95000005d0b422b200000001

GET
H2 200 jquery.filterProperties.js Show response
healythbilling.gq/js/ 221 KB
39 KB 166ms
164ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/js/jquery.filterProperties.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f98230fa1a47181b2cee5b6e6395e6d3365a7e1b434b4b23115d4811199a441e

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18c28cc05d0-FRA
cf-request-id: 0286ab4b95000005d0b422c200000001

GET
H2 200 cur_eur.png
media.bttry.net/bc/default/ 785 B
1 KB 70ms
27ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/cur_eur.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e82140e00682d9813ca35e051bd9c4bd835e6ef45e737d992c6200fcb2d1d062

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AAANsUkBTTuIZXUGxXhUKKKKdXydvE9hBm4JbPnqAU5I9Y-1o8QHTJF2Hx3vLqRuH9jd18q5BeF01k_iKjgoHCDUmlY
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 785
last-modified: Thu, 19 Mar 2020 14:44:16 GMT
server: UploadServer
etag: "d7a8ac89b1542920e0d6ce5179647297"
x-goog-hash: crc32c=dk81cg==, md5=16isibFUKSDg1s5ReWRylw==
x-goog-generation: 1584629056373809
cache-control: public, max-age=3600
x-goog-stored-content-length: 785
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 flag_10.png
media.bttry.net/bc/default/flags/ 896 B
1 KB 62ms
25ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/flags/flag_10.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a67a515b86c5e3287772536739ef3db00abecf9e64890050aeef45476f2e46d9

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1535610434
age: 414
x-guploader-uploadid: AEnB2Urni-vjqcSBdTQipXfcibi-fU7DjdZyhzoEOpiyJDB58lMTpYxyoOm0usWjBf1u77o8mtMNE-RKLMrycimMoTZaqFg58w
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 896
last-modified: Thu, 30 Aug 2018 06:30:44 GMT
server: UploadServer
etag: "0f0bad99cb95b85eacc25f8af4b282bf"
x-goog-hash: crc32c=9FhiSA==, md5=DwutmcuVuF6swl+K9LKCvw==
x-goog-generation: 1535610644812305
cache-control: public, max-age=3600
x-goog-stored-content-length: 896
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 flag_1.png
media.bttry.net/bc/default/flags/ 2 KB
2 KB 83ms
46ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/flags/flag_1.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2370fa1c4ce822f1701b0b79f3549bc3e1624299deda76b83204bb5d98a63520

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1556711824
age: 0
x-guploader-uploadid: AEnB2Ur0dxDJcmNKLpQtedV-QMKR-hd1e56ItkxYYjBz3GJl9Cea2EakobHOGabK1S10CPuxj5UojVq79a-4Px1nqURF-jrOwl7e8i5kpVeFX5iua351E7Q
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1822
last-modified: Wed, 01 May 2019 12:00:24 GMT
server: UploadServer
etag: "29d824e148a655bc23ffee9b2fe9de03"
x-goog-hash: crc32c=lY9tIA==, md5=Kdgk4UimVbwj/+6bL+neAw==
x-goog-generation: 1556712024289312
cache-control: public, max-age=3600
x-goog-stored-content-length: 1822
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 batteryChampion.png
media.bttry.net/bc/default/ 16 KB
16 KB 107ms
70ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/batteryChampion.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3cfc447d79c686a9b41b459120048fa119834909e9a10f6b34bf4e98bf73cde3

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AAANsUlsaCyvxMVWm5UQWzwKIC4i2T0ERx0cBqKg2VjF1Fr6jjMivPxpQdyper3Ywdyn26T5kNWqwhHyD83S8xULYaTWvW9OHQ
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 16544
last-modified: Thu, 19 Mar 2020 14:44:15 GMT
server: UploadServer
etag: "8f95884c78933c0d84e86571fbe9484e"
x-goog-hash: crc32c=3afDpg==, md5=j5WITHiTPA2E6GVx++lITg==
x-goog-generation: 1584629055614398
cache-control: public, max-age=3600
x-goog-stored-content-length: 16544
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 spacer.gif
media.bttry.net/bc/default/ 43 B
310 B 108ms
71ms Image
image/gif 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/spacer.gif
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1556711824
age: 0
x-guploader-uploadid: AEnB2Uo1lGbwALo1fX2FH-2knFJXVA4EizYVJ0BXog-IIMUMrzkQmLqA-eVuHhfAIhTlYF5VBfx_RuF7Y2E66TPBKwuK8OnOiw
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 43
last-modified: Wed, 01 May 2019 12:02:45 GMT
server: UploadServer
etag: "0d23d0b62908b75e89014ac3f864484e"
x-goog-hash: crc32c=mWqd3w==, md5=DSPQtikIt16JAUrD+GRITg==
x-goog-generation: 1556712165089487
cache-control: public, max-age=3600
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 magnifier.png
media.bttry.net/bwf/img/icons/fugue/large_24/ 1 KB
1 KB 62ms
26ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fugue/large_24/magnifier.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 02a2a582f91034dcd86daa5f1aabdafdf74df4e316988d9f802251a38e675943

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1519206891
age: 707
x-guploader-uploadid: AEnB2UrFlvh93aO0AGZoJxWmmBWqhJAl0_V94wVzDuSkx03VOsbJVSv1gWlEk4xstg2chGj43UzizzTrBFYlX2m7hOc0DhVxEewzIKM1nx0mMf-wU8LcuGo
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1136
last-modified: Mon, 12 Mar 2018 15:17:24 GMT
server: UploadServer
etag: "f3073cc39749bc4c7b8f44b5cfe662b6"
x-goog-hash: crc32c=Fvw3ow==, md5=8wc8w5dJvEx7j0S1z+Zitg==
content-language: en
x-goog-generation: 1520867844938582
cache-control: public, max-age=3600
x-goog-stored-content-length: 1136
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 2batteries_small.png
media.bttry.net/bc/default/ 1 KB
1 KB 97ms
76ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/2batteries_small.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4e4e025f1fd085e74bbb81c14a62aa98fd9a2df26707104c6690a7e23f284983

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2UoZJ3s5jup5Ak0odOM0mqbIBPZB5cTkHjaQemwDQGvuoMjERABA2z2z26pV22D-jVHRaXSiZefvfmMK1gd50O9L60hTy0UY6zLI_33VVQIXBM6Y7U0
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1265
last-modified: Thu, 19 Mar 2020 14:44:15 GMT
server: UploadServer
etag: "49f11bc89508b1baa0d562e2855d8699"
x-goog-hash: crc32c=F1QS3Q==, md5=SfEbyJUIsbqg1WLihV2GmQ==
x-goog-generation: 1584629055299545
cache-control: public, max-age=3600
x-goog-stored-content-length: 1265
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 worldFreeShipping.png
media.bttry.net/bc/default/ 6 KB
6 KB 47ms
26ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/worldFreeShipping.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ebaffa61ea537fdb59f1889b9a23caaf04b54b7fe2315076cf276d56b3810211

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AEnB2Uos5gj7Wwt6YCD4ovNl2N5D7B4yp2IdHd-5xEAx2olax9BWZw_6O8tEFeAU-L-COwnSpvx-vviuV_Y5cAZ5XNrjrtQv4A
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 6247
last-modified: Thu, 19 Mar 2020 14:44:28 GMT
server: UploadServer
etag: "39f059e883b269b1708f7dada4be7ac5"
x-goog-hash: crc32c=O6wY1A==, md5=OfBZ6IOyabFwj32tpL56xQ==
x-goog-generation: 1584629068238478
cache-control: public, max-age=3600
x-goog-stored-content-length: 6247
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 14DaysGuarantee.png
media.bttry.net/bc/default/ 8 KB
8 KB 68ms
48ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/14DaysGuarantee.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d7753e4328060a3206f267948df18ef6877dbae61fe766e2dd2540d9e3ddeff5

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2Uq6U50powLocMEsN_0EZORs4FBG_J5B44K7RfFgkea4s_Tj9LMWhKckVTkw0nXVreQzmpft_NlLSTZt0fjld7LwtXdmoDOuEUg_n8PRm9M7VvCelSU
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 8392
last-modified: Thu, 19 Mar 2020 14:44:15 GMT
server: UploadServer
etag: "cf249b1f490d54344d977658e59a625a"
x-goog-hash: crc32c=wiVNqg==, md5=zySbH0kNVDRNl3ZY5ZpiWg==
x-goog-generation: 1584629055297655
cache-control: public, max-age=3600
x-goog-stored-content-length: 8392
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 balloon-quotation.png
media.bttry.net/bwf/img/icons/fugue/ 713 B
976 B 54ms
34ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fugue/balloon-quotation.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 80a2dca83596dbc451b434ea792e71e8446079c054cfcc931cd11110c8d514c2

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1519206889
age: 707
x-guploader-uploadid: AAANsUlpcZ16UvgB60ENt4pHR4JXAhJS7tP1Eh1pRUNGmDIge5XgW2pm7igFn8LK0r_BVbIK2hYDO7qYDjc8bh7eXx6nwWnFFg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 713
last-modified: Mon, 12 Mar 2018 15:16:54 GMT
server: UploadServer
etag: "016628893cc5eca066940b5ecffaeb35"
x-goog-hash: crc32c=7T9gGg==, md5=AWYoiTzF7KBmlAtez/rrNQ==
content-language: en
x-goog-generation: 1520867814601114
cache-control: public, max-age=3600
x-goog-stored-content-length: 713
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 star-small.png
media.bttry.net/bwf/img/icons/fugue/ 447 B
714 B 47ms
26ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fugue/star-small.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d6561694d19e515bb3b8e05d64108927bda3bb4fdeb2c24550a57c833a7dce7e

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1519206893
age: 707
x-guploader-uploadid: AAANsUnO_cDWU7AopKWXU8IpGMuWEWCZwgW4YLeKQTHRwys5aFGC1Vab78OOehN2lqfSQLUimapq6XwrdNTgpHSs_OeSfhSzAQ
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 447
last-modified: Mon, 12 Mar 2018 15:17:48 GMT
server: UploadServer
etag: "e2254c0527d6dc96c3911abe0e65acd1"
x-goog-hash: crc32c=VO3IqA==, md5=4iVMBSfW3JbDkRq+DmWs0Q==
content-language: en
x-goog-generation: 1520867868924599
cache-control: public, max-age=3600
x-goog-stored-content-length: 447
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 star-small-empty.png
media.bttry.net/bwf/img/icons/fugue/ 417 B
675 B 65ms
44ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fugue/star-small-empty.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 307edec4d6dcd391354b72bb79930ba9644a7f7be0ade6bbd00d4b52c6228557

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1519206893
age: 0
x-guploader-uploadid: AAANsUmfF9kvQdg4unOB3Slha4UN0XdbrURgj6GTRhXrghI9KxlC-oCmX6z652dgyj2f6MhGCXXL5BLd6cnp7-hTK3w
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 417
last-modified: Mon, 12 Mar 2018 15:17:48 GMT
server: UploadServer
etag: "dcf87322fba25a7b3b0e31091b613798"
x-goog-hash: crc32c=8khf8w==, md5=3PhzIvuiWns7DjEJG2E3mA==
content-language: en
x-goog-generation: 1520867868757308
cache-control: public, max-age=3600
x-goog-stored-content-length: 417
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 whiteArrowButton.png
media.bttry.net/bc/default/ 274 B
507 B 54ms
33ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/whiteArrowButton.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9def588411f9cff8d4d7c86b8ce63f388b6c7aa1a967e603885255954508c12e

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AAANsUnMx2zIYrYw4IPnJWDuc06c5fdagjoxs2W5t6grCM5nv4dv0dK95p88xQ9a972fDPKluwgSIu8wGgg2pwE1Ws2HlZXN4A
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 274
last-modified: Thu, 19 Mar 2020 14:44:28 GMT
server: UploadServer
etag: "9131728476b62d118b96950f9cfedb57"
x-goog-hash: crc32c=ba+pXA==, md5=kTFyhHa2LRGLlpUPnP7bVw==
x-goog-generation: 1584629068003911
cache-control: public, max-age=3600
x-goog-stored-content-length: 274
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 spacer.gif
healythbilling.gq/_BWF/images/ 30 KB
30 KB 191ms
188ms Image
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://healythbilling.gq/_BWF/images/spacer.gif
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18def3f05d0-FRA
cf-request-id: 0286ab4cae000005d0b424e200000001

GET
H2 200 toshiba.gif
healythbilling.gq/images/logo/ 39 KB
39 KB 146ms
143ms Image
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://healythbilling.gq/images/logo/toshiba.gif
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18def4105d0-FRA
cf-request-id: 0286ab4cae000005d0b424f200000001

GET
H2 200 cross-button.png
media.bttry.net/bwf/img/icons/fugue/ 588 B
857 B 81ms
78ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fugue/cross-button.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ba564a775f9962591e29f794d906d4a50886420c4b7142f8f49be0abbb690547

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1519206890
age: 0
x-guploader-uploadid: AAANsUk4shcmmx9LRslo--dDMftIGKAnCda4Ph1Cns4UmMhyOEqRWzNiuuGwooPYP-DaZbU7FD0wgm5PpWaRr0sWl1c
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 588
last-modified: Mon, 12 Mar 2018 15:17:07 GMT
server: UploadServer
etag: "b94da2d715c62e91c9de77ae8cdf4e6f"
x-goog-hash: crc32c=mF5pQw==, md5=uU2i1xXGLpHJ3neujN9Obw==
content-language: en
x-goog-generation: 1520867827114942
cache-control: public, max-age=3600
x-goog-stored-content-length: 588
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 CS-TOA85DB_sm.jpg
media.bttry.net/bc/img/ 2 KB
2 KB 68ms
65ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/CS-TOA85DB_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d5589c48740a96d3909b148c602e8117ffb724a0cee0bb681254a321adcc9757

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714239
age: 0
x-guploader-uploadid: AEnB2UrD-xnESYMZjFPSfaTRVTcnue3t4vIybySDBfhWaEaEljBKxxqrjIKjNpP64J3vrqfPbL0FStaB4hjtcD4RV2iukEtBzU3k4ya4WR7ZQ4Hj9L1-0w0
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2249
last-modified: Wed, 18 Mar 2020 13:36:00 GMT
server: UploadServer
etag: "bbf90bceb5ca3a2c502dd53b87d27f1b"
x-goog-hash: crc32c=MwK+Aw==, md5=u/kLzrXKOixQLdU7h9J/Gw==
x-goog-generation: 1584538560819550
cache-control: public, max-age=3600
x-goog-stored-content-length: 2249
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 great_deal_small_left.png
media.bttry.net/bc/default/ 866 B
1 KB 61ms
58ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/great_deal_small_left.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e1201286aed7296c9e415d05041eee9386f4440ba185306e5a33d28eb3f17fb6

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2UrC4FNxCefqZ80eM7NHWsviAh83NrGts9BKRHwEaSt9DMS-WlYWJ7mPUPBjf-MJu4foNw4ITGl3hSXGDPwpCB1lm5OiAg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 866
last-modified: Thu, 19 Mar 2020 14:44:18 GMT
server: UploadServer
etag: "73c680fd71ce99d3b3470ac47ebacb1a"
x-goog-hash: crc32c=pFHUDA==, md5=c8aA/XHOmdOzRwrEfrrLGg==
x-goog-generation: 1584629058274610
cache-control: public, max-age=3600
x-goog-stored-content-length: 866
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 great_deal_small_right.png
media.bttry.net/bc/default/ 865 B
1 KB 57ms
54ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/great_deal_small_right.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: bb65203588b9e02f2351e851e143944e2a17444dd4bb4b8511b971ee7ed4a3c1

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2UqyhpYrmQEQW_lDH9EQH5FwcXJ6zA-ZaBEfsF6iOnLY0dDS1NlM0ZbtlhDaw9xbZz7KK9Pa9VMD8ied_5_nk4vt8wh36g
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 865
last-modified: Thu, 19 Mar 2020 14:44:18 GMT
server: UploadServer
etag: "eef599a65a5191b7450129882c76d439"
x-goog-hash: crc32c=kw9B9g==, md5=7vWZplpRkbdFASmILHbUOQ==
x-goog-generation: 1584629058301162
cache-control: public, max-age=3600
x-goog-stored-content-length: 865
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 information_yellow.png
media.bttry.net/bwf/img/icons/fff/custom/ 3 KB
4 KB 35ms
32ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bwf/img/icons/fff/custom/information_yellow.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 295b6ed1a0b03c369592514d0fd383f35fe40fa783a627b4ddbef7c2f3db4aae

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1516805117
age: 414
x-guploader-uploadid: AAANsUnRt5RUd0k8SyHFMF8efvt2ETrWdaLD-Rqp1tyKhEX0Qlr3os5sRfIwgtswWG5Ol4G3AW_LYixRnO41rurfJaHuxn9PIw
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 3446
last-modified: Mon, 12 Mar 2018 15:16:24 GMT
server: UploadServer
etag: "7d107fefb778112483d0e7d3ac1a6966"
x-goog-hash: crc32c=AiPW3A==, md5=fRB/77d4ESSD0OfTrBppZg==
content-language: en
x-goog-generation: 1520867784436782
cache-control: public, max-age=3600
x-goog-stored-content-length: 3446
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 stock_level_leftborder.png
media.bttry.net/bc/default/ 103 B
338 B 35ms
32ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/stock_level_leftborder.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4ae5b5b9ae3cb4fd88d808ad63ae5fa5b0d70ca52d61fff03c79e5770d9d244e

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 707
x-guploader-uploadid: AAANsUlGq189IZBt8q12DsIwi-b5liOQGb5anr20qFIPOD5ZyJHrtox1O0SE616PrNkJgbAW2x04eiNzgTAR073GOw
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 103
last-modified: Thu, 19 Mar 2020 14:44:27 GMT
server: UploadServer
etag: "5de62e8df3247a2203ea36ca7525bc13"
x-goog-hash: crc32c=7LXm+w==, md5=XeYujfMkeiID6jbKdSW8Ew==
x-goog-generation: 1584629067651163
cache-control: public, max-age=3600
x-goog-stored-content-length: 103
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 stock_level_high.png
media.bttry.net/bc/default/ 229 B
511 B 34ms
32ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/stock_level_high.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 067a3ecb54e06ee1453c9e242e85dfa5036246da2f077ef8096fdd771ffb3d41

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 707
x-guploader-uploadid: AEnB2UpAduQ6fUOCN0gZitUZcKd7kjXwfxPjj0-IMpOlpS5B1u6T_DTmtfd8nVjBttiMStGOvxiTyZawkCy6ZYw5ovL1v-VyQDFeI2_og4hcsxN6O3jaxWk
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 229
last-modified: Thu, 19 Mar 2020 14:44:27 GMT
server: UploadServer
etag: "47799b7ca9bb4c9cec45a80129d3011e"
x-goog-hash: crc32c=y/yPsw==, md5=R3mbfKm7TJzsRagBKdMBHg==
x-goog-generation: 1584629067637688
cache-control: public, max-age=3600
x-goog-stored-content-length: 229
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 CS-TOA85HB_sm.jpg
media.bttry.net/bc/img/ 2 KB
2 KB 58ms
55ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/CS-TOA85HB_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42063271076329b5ad69b9a7d2e801e18c20d6e1e03f0ffc3d61658e1cea51d8

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714239
age: 0
x-guploader-uploadid: AAANsUkwmdOpAgqN7wW2dEbt3Pf5KFYOWLOlX5Zvk4ISffWeGHomn6QOehpGNFrs6PeKGQNq_pAd6bVTUsIFAMZMai4
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1811
last-modified: Wed, 18 Mar 2020 13:36:01 GMT
server: UploadServer
etag: "32047efdeffdbf28fb0b75b8ae7553b0"
x-goog-hash: crc32c=E0bIOQ==, md5=MgR+/e/9vyj7C3W4rnVTsA==
x-goog-generation: 1584538561073677
cache-control: public, max-age=3600
x-goog-stored-content-length: 1811
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 CS-TOA85NB_sm.jpg
media.bttry.net/bc/img/ 2 KB
2 KB 56ms
53ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/CS-TOA85NB_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 55e692708e28268536c64334fabe3187bf601dbe3591dc8257c73da849b3fbbe

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714239
age: 0
x-guploader-uploadid: AAANsUl0mW1TCiVHhRgwyi97GS4Jrm_b1dl8qcvtEpm-jnLsU-PE70OoqU5Ok4AkII-nK-gmDb5Kznb8VTvuQqxon5md4wCv5A
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1838
last-modified: Wed, 18 Mar 2020 13:36:01 GMT
server: UploadServer
etag: "77dd01dd70d0c814f737277cc42a1a7d"
x-goog-hash: crc32c=szwdBA==, md5=d90B3XDQyBT3Nyd8xCoafQ==
x-goog-generation: 1584538561675459
cache-control: public, max-age=3600
x-goog-stored-content-length: 1838
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 EY-PB18000_sm.jpg
media.bttry.net/bc/img/ 3 KB
3 KB 33ms
31ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/EY-PB18000_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 48c61978230bb64a1472f73bcf4c2fad396fbf7f8e3dc5aae7fe770c99e5858a

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714251
age: 414
x-guploader-uploadid: AEnB2UpwGXBgpmwHlYtPMPpBAxte6cdD1-0qpsASzDUuwKT6KAPVnNtMpSA1moFyzNg39q6BT-oXuXBHVACt3mWYwRhB2uNvKZfQ2q9bmk8TLz72ct21YyU
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2635
last-modified: Wed, 18 Mar 2020 13:50:35 GMT
server: UploadServer
etag: "a74de6a29fedf5d98663f9e5920058e2"
x-goog-hash: crc32c=/MyyJQ==, md5=p03mop/t9dmGY/nlkgBY4g==
x-goog-generation: 1584539435656426
cache-control: public, max-age=3600
x-goog-stored-content-length: 2635
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 EY-ADPT-19-3.42-01_sm.jpg
media.bttry.net/bc/img/ 2 KB
3 KB 73ms
70ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/EY-ADPT-19-3.42-01_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e54c065e5c0434144f63c35da8668f35dba4ec6523c0763fd02502b8b488af77

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714245
age: 0
x-guploader-uploadid: AAANsUmNm2FEHMDnhH8zPMJqpreD9HfYe_Fo1Ke0W89M9PVpKtb_W4ovuL_g1uUpv7NCWORIlc-aNxzCzuNQ3t4kSkU
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2325
last-modified: Wed, 18 Mar 2020 13:43:09 GMT
server: UploadServer
etag: "9286394f383e9065a724237b75e0c545"
x-goog-hash: crc32c=CYlEAw==, md5=koY5Tzg+kGWnJCN7deDFRQ==
x-goog-generation: 1584538989326160
cache-control: public, max-age=3600
x-goog-stored-content-length: 2325
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 EY-ADPT-TOSHIBA-05_sm.jpg
media.bttry.net/bc/img/ 2 KB
2 KB 55ms
53ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/EY-ADPT-TOSHIBA-05_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4606591fcbef0e7159e97787733085f29ed9778f16ed753eb16807b3e37450a9

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714245
age: 0
x-guploader-uploadid: AAANsUk5NIN45Qwti8HXxKizH0SUxe7MyzO0Tmdfg-Q9jA0vO-aT099-D1yAOvqIvLsfAbiUJ0T-CrO-ikZ67Dc1J6CKxI1RXA
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2219
last-modified: Wed, 18 Mar 2020 13:44:07 GMT
server: UploadServer
etag: "65533bddfe130795a5ab34fb997b311c"
x-goog-hash: crc32c=+Zdf6A==, md5=ZVM73f4TB5WlqzT7mXsxHA==
x-goog-generation: 1584539047708612
cache-control: public, max-age=3600
x-goog-stored-content-length: 2219
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 EY-ADPT-UN-90W-NW_sm.jpg
media.bttry.net/bc/img/ 3 KB
3 KB 41ms
39ms Image
image/jpeg 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/img/EY-ADPT-UN-90W-NW_sm.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 98c3feec591853344152b320038dd586fd8c1f5f267eb4300b91b6b1fd304835

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1582714245
age: 414
x-guploader-uploadid: AAANsUks61PX7s2Vde32l9K__phMhd50N2c2biYnzU7BrfM7bblBBciJ7rb5dg6y7R5o5ouzI1OtmqRTDTe0aECqqf96LbMGDQ
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2796
last-modified: Wed, 18 Mar 2020 13:44:12 GMT
server: UploadServer
etag: "ed6f4ea05cdb18252fe89c212eb484b3"
x-goog-hash: crc32c=55vfpQ==, md5=7W9OoFzbGCUv6JwhLrSEsw==
x-goog-generation: 1584539052756968
cache-control: public, max-age=3600
x-goog-stored-content-length: 2796
accept-ranges: bytes
content-type: image/jpeg
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 footer_braunoni_logo.png
media.bttry.net/bc/default/ 2 KB
2 KB 41ms
38ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_braunoni_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f730b125dba2c70150b5081864d1f2b1fcb82ee2b957e82b09ca88a4d49fe235

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 707
x-guploader-uploadid: AEnB2UoZlQy1sQ1PrQ7q9SQCw0zXHbWS_AfM6PAul-wf01RAIJq5Kbu8rW_RXuwu70kt08AubS_vLDGwkIQe6y5qSg_KzpB_GQ
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1795
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "afb59bb4f7bfbb56cf6e3929c7d1decf"
x-goog-hash: crc32c=tFufmg==, md5=r7WbtPe/u1bPbjkpx9Hezw==
x-goog-generation: 1584629057624449
cache-control: public, max-age=3600
x-goog-stored-content-length: 1795
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 footer_safe_shop_logo.png
media.bttry.net/bc/default/ 1 KB
1 KB 75ms
73ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_safe_shop_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cad05fbd50ad73ef6ffadb4d21b9469ccd36187a84e754adc8813d076496c712

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2UofhP482N39sE_4700yeorcXOBUAbO9VXdvIr65ZPIc28LYjEaWzYxs0Phw4IR9T_kdOaX1l71JSc8k0AUm87Pnvar0MA
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1269
last-modified: Thu, 19 Mar 2020 14:44:18 GMT
server: UploadServer
etag: "62d23780acbfe8eadfe66d11bf572fa8"
x-goog-hash: crc32c=F1CCTA==, md5=YtI3gKy/6Orf5m0Rv1cvqA==
x-goog-generation: 1584629058007892
cache-control: public, max-age=3600
x-goog-stored-content-length: 1269
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 footer_paypal_logo.png
media.bttry.net/bc/default/ 2 KB
2 KB 40ms
38ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_paypal_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ed94f3d7ab703c830897b6aeacf0552c17022418a27bf8a75e4a7e79f4d53337

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AEnB2UrXGsqBifk8exCrPnq6y4K8H0NXgPYwhwoneSHQ-podCDGR1kJEqyZhuj8fo1Osd5gy8NrOxvoIEkLCoD1b4eDQGkS_1Q
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1787
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "f2c9384c8d489ea0dd817feb5db25c8a"
x-goog-hash: crc32c=j9yKSg==, md5=8sk4TI1InqDdgX/rXbJcig==
x-goog-generation: 1584629057992860
cache-control: public, max-age=3600
x-goog-stored-content-length: 1787
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 footer_ideal_logo.png
media.bttry.net/bc/default/ 4 KB
4 KB 74ms
71ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_ideal_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1e432288e1cd200e8288626b30f941b2d5ab2f448b8a038525e39e1762599c7d

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AEnB2UpB62h99y-08iw4CG2pNww3YNQIUAUQ2OdLjdxcJsAPFTD07ZawSabSDeoDHuFPE6DPJvl9F6V94oZL5jBemfOZvI7j1Q
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 3826
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "f88a4e1a9107e985a694f0f28e9fe945"
x-goog-hash: crc32c=OoMJ5w==, md5=+IpOGpEH6YWmlPDyjp/pRQ==
x-goog-generation: 1584629057703173
cache-control: public, max-age=3600
x-goog-stored-content-length: 3826
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 footer_visa_logo.png
media.bttry.net/bc/default/ 2 KB
3 KB 71ms
69ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_visa_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b060d6de3d04a1bba9c296bcf276c22f5c7c11c2b518eec8d4b5de27621adcc9

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 0
x-guploader-uploadid: AAANsUmQuaS_0HHhc5912zBO5TWB0heGmRfNE_i4b46pz85FrmOFqH-6_2-WgfLfFdTKpIDVoJQ305cTY-ZA7y-qluBXuo0WbA
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2428
last-modified: Thu, 19 Mar 2020 14:44:18 GMT
server: UploadServer
etag: "fdff9e8cb25acc76879a679babfc137c"
x-goog-hash: crc32c=egg4bA==, md5=/f+ejLJazHaHmmebq/wTfA==
x-goog-generation: 1584629058101977
cache-control: public, max-age=3600
x-goog-stored-content-length: 2428
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:41:47 GMT

GET
H2 200 footer_american_express_logo.png
media.bttry.net/bc/default/ 1 KB
2 KB 40ms
37ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_american_express_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 892316701618fbba42284d0b2ee3a17de27665b90ee546d056ab488488880ce7

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AAANsUlsclxf_S1fM3AJp-ktYM7KeNDDNBhlRr3GnYpjjq60FiGWFdXhWOko3VboqwS_RTk_w8nXw2mDnILcPt0gCpdjYY9pfg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1423
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "a42a975e50def352b11ae6a47ea9c981"
x-goog-hash: crc32c=j4ebrA==, md5=pCqXXlDe81KxGuakfqnJgQ==
x-goog-generation: 1584629057465870
cache-control: public, max-age=3600
x-goog-stored-content-length: 1423
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 webutation_logo.png
healythbilling.gq/images/ 46 KB
46 KB 150ms
149ms Image
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://healythbilling.gq/images/webutation_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18def4305d0-FRA
cf-request-id: 0286ab4cae000005d0b4250200000001

GET
H2 200 footer_comodo_logo.png
media.bttry.net/bc/default/ 2 KB
2 KB 39ms
37ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_comodo_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 32d2cc697180b5c80c5b052230fb0143fcfd9bb27b785e113bc9b24a361cb033

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:30:00 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 707
x-guploader-uploadid: AEnB2UozgpjTM2jMA9eRLz3xkm9ORpBoqi2oRbiwKqifMjHtVnHJRFDagaZlEoAt6WMI8QOEeJgZbNswSxKF-IWoRJozKzV33A
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 1810
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "29a6d304a6e407609b493f90453813e2"
x-goog-hash: crc32c=08iDIw==, md5=KabTBKbkB2CbST+QRTgT4g==
x-goog-generation: 1584629057691004
cache-control: public, max-age=3600
x-goog-stored-content-length: 1810
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:30:00 GMT

GET
H2 200 footer_mastercard_logo.png
media.bttry.net/bc/default/ 2 KB
2 KB 38ms
36ms Image
image/png 35.201.89.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.bttry.net/bc/default/footer_mastercard_logo.png
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.89.39 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 39.89.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: aec4431a4a7b2bf1d6dfd6d317cd6c71e4406ebad989a08c934fcad420bbba6a

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:34:53 GMT
x-goog-meta-goog-reserved-file-mtime: 1584628880
age: 414
x-guploader-uploadid: AEnB2UrmClIEGyRj4PL9EDNG_KqoIz5y21KeLIqrp2tONe38zh9HkdDLu70PlBVO8RZc-eaHeK9khvZoj7tKEgmXeuwQsy3rqcIWdJLRS3NaoS6t7olgpFo
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2108
last-modified: Thu, 19 Mar 2020 14:44:17 GMT
server: UploadServer
etag: "87788e1bc98cd9eb962db68951c64963"
x-goog-hash: crc32c=ixYDMA==, md5=h3iOG8mM2euWLbaJUcZJYw==
x-goog-generation: 1584629057785268
cache-control: public, max-age=3600
x-goog-stored-content-length: 2108
accept-ranges: bytes
content-type: image/png
expires: Tue, 05 May 2020 14:34:53 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 27 KB
11 KB 76ms
35ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

c48a1f2ab3c9eb6bcc05f52651ab520fa44beb2814691436f0880832f082aa5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 10674
x-xss-protection: 0
server: cafe
etag: 3193678312498068985
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 May 2020 13:41:47 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 18ms
5ms Script
text/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 5196
date: Tue, 05 May 2020 12:15:11 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Tue, 05 May 2020 14:15:11 GMT

GET
H2 200 blank.php Show response
healythbilling.gq/ Frame 3579 49 KB
14 KB 91ms
89ms Document
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 127f0e63cfe81a8cfe83a77408f6e1de24decee3f28a36a53f253808f323288c

Request headers

:method: GET
:authority: healythbilling.gq
:scheme: https
:path: /blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d833345ebf5d396b59bfd86ebcc1f0d5d1588686107
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/

Response headers

status: 200
date: Tue, 05 May 2020 13:41:47 GMT
content-type: text/html
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58eae18def3d05d0-FRA
content-encoding: br
cf-request-id: 0286ab4cae000005d0b424d200000001

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995133542/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995133542/?random=1588686107899&cv=9&fst=1588686107899&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Fhealythbilling.gq%2F&tiba=%CE%A0%CE%B1%CF%81%CE%B1%CF%80%CE%BF%CF%8D%CE%BB%CE%B9%CE%B1%20%CE%B3%CE%B9%CE%B1%CF%87%CE%BD%CE%AF%20%CE%BC%CE%B5%20%CF%87%CE%BF%CE%B9%CF%81%CE%B9%CE%BD%CF%8C&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

566a0f11a235dd20f6e4ad0af08e1f81cb6a901c8788095ccde3a07f5553499d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1045
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/995133542/ 42 B
122 B 19ms
18ms Image
image/gif 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995133542/?random=1588686107899&cv=9&fst=1588683600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Fhealythbilling.gq%2F&tiba=%CE%A0%CE%B1%CF%81%CE%B1%CF%80%CE%BF%CF%8D%CE%BB%CE%B9%CE%B1%20%CE%B3%CE%B9%CE%B1%CF%87%CE%BD%CE%AF%20%CE%BC%CE%B5%20%CF%87%CE%BF%CE%B9%CF%81%CE%B9%CE%BD%CF%8C&fmt=3&is_vtc=1&random=426164423&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 13:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/995133542/ 42 B
110 B 22ms
21ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995133542/?random=1588686107899&cv=9&fst=1588683600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Fhealythbilling.gq%2F&tiba=%CE%A0%CE%B1%CF%81%CE%B1%CF%80%CE%BF%CF%8D%CE%BB%CE%B9%CE%B1%20%CE%B3%CE%B9%CE%B1%CF%87%CE%BD%CE%AF%20%CE%BC%CE%B5%20%CF%87%CE%BF%CE%B9%CF%81%CE%B9%CE%BD%CF%8C&fmt=3&is_vtc=1&random=426164423&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 13:41:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 579d0.single.include.4e2fc8.css
healythbilling.gq/wp-content/cache/minify/ Frame 3579 292 KB
57 KB 145ms
141ms Stylesheet
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/wp-content/cache/minify/579d0.single.include.4e2fc8.css
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 354d4c7d0db4d65289bdf9d1ba2cda998bfbf9666b43857362342081ff73e073

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18ea9f705d0-FRA
cf-request-id: 0286ab4d2b000005d0b425d200000001

GET
H2 200 579d0.default.include.3de91f.js Show response
healythbilling.gq/wp-content/cache/minify/ Frame 3579 89 KB
17 KB 150ms
146ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/wp-content/cache/minify/579d0.default.include.3de91f.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea971e5cb5a3987e3d2ece4a6309f14292e9ebbe10995cba45e8f26a4c78c280

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18ea9fa05d0-FRA
cf-request-id: 0286ab4d2b000005d0b425f200000001

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ Frame 3579 4 KB
1 KB 20ms
16ms Stylesheet
text/css 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 16180334
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 0286ab4d2b0000062907b47200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:18:36 GMT
server: cloudflare
etag: W/"5afd48ec-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 58eae18eaa8a0629-FRA
expires: Sun, 25 Apr 2021 13:41:47 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ Frame 3579 19 KB
6 KB 21ms
18ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 24645243
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 0286ab4d2c0000062907b48200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:18:32 GMT
server: cloudflare
etag: W/"5afd48e8-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 58eae18eaa8d0629-FRA
expires: Sun, 25 Apr 2021 13:41:47 GMT

GET
H2 200 style.css
healythbilling.gq/wp-content/themes/mb17s/css/ Frame 3579 121 KB
24 KB 137ms
133ms Stylesheet
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/wp-content/themes/mb17s/css/style.css?v=20180727
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60bea2223eda9fc733bf398d8939321f65f32e127503b6deae6782627b2df3b3

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18ea9f805d0-FRA
cf-request-id: 0286ab4d2b000005d0b425e200000001

GET
H/1.1 200
OK smarttag.js Show response
tag.aticdn.net/ Frame 3579 69 KB
20 KB 92ms
28ms Script
application/javascript 95.100.138.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.aticdn.net/smarttag.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.138.62 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-138-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4b46551fc304afbde9c6b0107d6ea79163b7e6ef976866f984a1d58245a58ef3

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: hcuWY96BECZ3M6siOEAGn0vhRCr82wD7
Content-Encoding: gzip
Last-Modified: Wed, 15 Apr 2020 15:51:24 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS50-C1
x-amz-server-side-encryption: AES256
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=600
Date: Tue, 05 May 2020 13:41:48 GMT
Connection: keep-alive
Content-Length: 20279
X-Amz-Cf-Id: Yr4CJPCawZruM971YjBoe1HlB_lPHm4H6_L3YWaShdlBrwy65OPDBQ==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 3579 43 KB
15 KB 65ms
42ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d2de8b980f51c0a47e21204241ebac96125e8b086f082e3a5e66cc229c3c25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "506 / 90 of 1000 / last-modified: 1588631372"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 14518
x-xss-protection: 0
expires: Tue, 05 May 2020 13:41:47 GMT

GET
H2 200 main.js Show response
healythbilling.gq/wp-content/themes/mb17s/js/ Frame 3579 46 KB
11 KB 114ms
111ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/wp-content/themes/mb17s/js/main.js?v=20180727
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b5d99382b23e66b4b75184be0f84fa51959b85d0db9785ee2a7e5a0b3e837e7

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18ea9fd05d0-FRA
cf-request-id: 0286ab4d2c000005d0b4260200000001

GET
H2 200 missbloom-logo-p.svg
healythbilling.gq/wp-content/themes/mb17s/images/logo/ Frame 3579 64 KB
64 KB 148ms
148ms Image
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://healythbilling.gq/wp-content/themes/mb17s/images/logo/missbloom-logo-p.svg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18fee0705d0-FRA
cf-request-id: 0286ab4df2000005d0b4279200000001

GET
H2 200 Screenshot_1-6.jpg
files.missbloom.gr/2016/09/ Frame 3579 68 KB
68 KB 95ms
40ms Image
image/jpeg 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://files.missbloom.gr/2016/09/Screenshot_1-6.jpg

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a2-20-143-91.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0ae5e1fde1f00b885a6f0f95e666fb9023d06aaaaeb8b4a37724a8ec1609ac24

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=86400
last-modified: Mon, 05 Sep 2016 10:31:56 GMT
server: nginx
etag: "57cd499c-10f17"
content-type: image/jpeg
status: 200
cache-control: max-age=8640000
date: Tue, 05 May 2020 13:41:48 GMT
accept-ranges: bytes
content-length: 69399
expires: Thu, 13 Aug 2020 13:41:48 GMT

GET
H2

200

bf4a12bd69f3.js Show response
www.instagram.com/static/bundles/es6/EmbedSDK.js/ Frame 3579
Redirect Chain

https://platform.instagram.com/en_US/embeds.js
https://www.instagram.com/embed.js
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/bf4a12bd69f3.js

15 KB
5 KB

6ms
6ms

Script
text/javascript

2a03:2880:f22d:e5:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/bf4a12bd69f3.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 555d5d3bcf88de2650acc3de969c2453da3c9c53fdd7491c23bb3bd09e12a129

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 20:28:10 GMT, Mon, 04 May 2020 20:28:10 GMT, Tue, 05 May 2020 13:41:48 GMT
x-fb-trip-id: 1679558926
status: 200
etag: "bf4a12bd69f3"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
edge-control: max-age=1209600, no-transform
cache-control: public,max-age=31536000,immutable
content-encoding: br
content-length: 4925

Redirect headers

status: 302
date: Tue, 05 May 2020 13:41:48 GMT, Tue, 05 May 2020 13:41:48 GMT
x-fb-trip-id: 1679558926
cache-control: max-age=21600
location: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/bf4a12bd69f3.js
content-type: text/html; charset=utf-8

GET
H2 404 4553_DOYKISA_NOMIKOY_1982016-200x200.jpg
files.missbloom.gr/2016/09/ Frame 3579 0
0 126ms
72ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/2016/09/4553_DOYKISA_NOMIKOY_1982016-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 404 gb-200x200.jpg
files.missbloom.gr/2016/09/ Frame 3579 0
0 129ms
75ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/2016/09/gb-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 va_content.vast.js Show response
www.vidads.gr/scripts/ Frame 3579 291 KB
76 KB 76ms
12ms Script
application/javascript 2a01:4f8:110:5005::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.vidads.gr/scripts/va_content.vast.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:110:5005::2 Heidelberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: f70ad153801756c3955f63469a9bc8a3a7112e1fca7156bf72448b77d8155246

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
last-modified: Mon, 04 Nov 2019 14:18:29 GMT
server: nginx/1.16.1
etag: "48ac3-59685fd6653e4-gzip"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-route: http1
accept-ranges: bytes
expires: Tue, 05 May 2020 14:41:48 GMT

GET
H2 404 64508-lily%20james-smile-200x200.jpg
files.missbloom.gr/pics/ Frame 3579 0
0 188ms
134ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/pics/64508-lily%20james-smile-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 404 67238-ABACA_521931_091-200x200.jpg
files.missbloom.gr/pics/ Frame 3579 0
0 117ms
64ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/pics/67238-ABACA_521931_091-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 404 25031-jon-hamm-default-200x200.jpg
files.missbloom.gr/pics/ Frame 3579 0
0 140ms
87ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/pics/25031-jon-hamm-default-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 404 IMG_9544-200x200.jpg
files.missbloom.gr/2016/05/ Frame 3579 0
0 73ms
73ms Image
text/html 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://files.missbloom.gr/2016/05/IMG_9544-200x200.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 preloadBar.gif
www.capital.gr/Content2017/images/ Frame 3579 25 KB
25 KB 78ms
24ms Image
image/gif 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.capital.gr/Content2017/images/preloadBar.gif
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.5 /
Resource Hash: cf0eac8ca56caaadf4fc1e4ec8081f0ba14c59d22bf12f766d59845078950e86

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
last-modified: Tue, 04 Dec 2018 16:43:52 GMT
server: Microsoft-IIS/8.5
etag: "691c58af08bd41:0"
content-type: image/gif
status: 200
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 25323

GET
H2 200 tag.js Show response
js.agkn.com/prod/v0/ Frame 3579 3 KB
3 KB 52ms
14ms Script
application/javascript 2600:9000:2070:9c00:15:efbc:e300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.agkn.com/prod/v0/tag.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2070:9c00:15:efbc:e300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc82de33871a9ed40a5379ed264dd0456d9bf58839286b913231648f527bc72b

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 16:27:43 GMT
via: 1.1 259359d7ff61dd984af98fc0a1b513fa.cloudfront.net (CloudFront)
last-modified: Tue, 22 Oct 2019 20:22:52 GMT
server: AmazonS3
age: 76449
etag: "f53f55cbab099be3a970b446a66c496a"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: HAM50-C3
accept-ranges: bytes
content-length: 3167
x-amz-cf-id: IhzEEduVvTFMxAwUAOOcCLTHNEh8-8mYwfq24FccNF2fGDfDGO97vg==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3579 108 KB
39 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3c5433c5237bdee8916f690027627601478436a7b74a076a4e1139ed4b6385f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 39709
x-xss-protection: 0
server: cafe
etag: 16899015880576610006
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 May 2020 13:41:48 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ Frame 3579 8 KB
3 KB 40ms
14ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f29c510c4b21638d69fb6e6513fcb03ded2d50e2347644ddb214fd760a9372c

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 1690
etag: W/"9d9aed5a8d74707da3c47d0230168852"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 58eae1918c8b324c-FRA
cf-request-id: 0286ab4ef00000324c230c8200000001
expires: Wed, 06 May 2020 01:41:48 GMT

GET
H2 200 wp-embed.min.js Show response
healythbilling.gq/wp-includes/js/ Frame 3579 184 KB
34 KB 126ms
126ms Script
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://healythbilling.gq/wp-includes/js/wp-embed.min.js?ver=4.9.7
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f1cd85f3c850fbd76f4711e721888a7fa580fe3f97fdf663c9518ea269f3d55

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 10 Feb 2019 16:02:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae18fddc205d0-FRA
cf-request-id: 0286ab4de5000005d0b4278200000001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 3579 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 3793
date: Tue, 05 May 2020 12:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18174
expires: Tue, 05 May 2020 14:38:35 GMT

GET
H2 200 pubads_impl_2020042703.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3579 238 KB
86 KB 76ms
30ms Script
text/javascript 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

4c74bec793cc176f171cbb519ab9927380038f7069aacaa914d97a4b1036c966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 17:43:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87710
x-xss-protection: 0
expires: Tue, 05 May 2020 13:41:48 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ Frame 3579 113 B
323 B 16ms
15ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=healythbilling.gq

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 108
x-xss-protection: 0

GET 482
t.qds.ninja/t/ Frame 3579 0
0

GET
H2 200 xtcore.js Show response
www.missbloom.gr/ Frame 3579 19 KB
8 KB 44ms
35ms Script
application/javascript 2.20.143.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.missbloom.gr/xtcore.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.143.91 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-143-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 05a0114a707e2c9a3e39211eea7befe543363802db6cca43191b8fa51d8f6cd5

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
last-modified: Thu, 26 Nov 2015 09:49:24 GMT
server: nginx
etag: "5656d5a4-4ae0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 7522
expires: Tue, 19 May 2020 13:41:48 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 420 B
870 B 54ms
54ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_skin&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108306&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=2314&adks=3307054402&ucis=yjn4i74uip4j&ifi=1&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=21&icsg=49836&std=0&csl=63&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x2299&msz=0x1&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

16a6972372c975d647148472baa8531899c6d7f5971a928b99e120fc1ebf7853

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 228
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 3579 0
0 25ms
6ms Other
text/html 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 421 B
538 B 62ms
62ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_prest&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108322&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=2315&adks=1273862343&ucis=lmtj3yp6w5ds&ifi=2&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=22&icsg=49836&std=0&csl=81&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x2300&msz=1x-1&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

c2b34ef4300ee8fe663b0cd371dc99fd579ee20adcf22ccc395f926baebedfb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 431 B
548 B 259ms
258ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2CMB_300X50_MOBILE&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x50&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108327&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=2316&adks=2017065100&ucis=80lutnz5ze58&ifi=3&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=24&icsg=49836&std=0&csl=71&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x2350&msz=0x50&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b4ba5ff51f87dd39efdc4d0d0b1e2f4ab506b5e8581873857fb31369f48a02c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 431 B
550 B 456ms
455ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C940x200%7C960x250%7C970x70%7C970x200%7C970x60%7C970x90%7C990x90%7C990x250%7C970x250%7C970x310%7C1000x250%7C1000x300&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108331&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=2366&adks=248121373&ucis=u64fhb86ft1p&ifi=4&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=25&icsg=49836&std=0&csl=70&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x90&msz=0x90&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef91066bb0a34a74a253a18b14052a593810c02de41070203dca4c88a5274b38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 425 B
535 B 540ms
540ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_button&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x150%7C300x100%7C300x120%7C300x110&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108337&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=4057&adks=1522238017&ucis=la9jp6qh22pd&ifi=5&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=27&icsg=49836&std=0&csl=65&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x150&msz=0x150&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

514f559d90a1369f5d8ed3a5de1849954a2a8a34863c3fb929433e46322abaf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 40 KB
11 KB 740ms
739ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_300*250A&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108342&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=4207&adks=1354387185&ucis=r2dd2qn8n4mb&ifi=6&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=28&icsg=49836&std=0&csl=74&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x250&msz=0x250&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ee39460d134b8358b01e6f8d5dc3451724f80891d9e0f89a1d3eebb31c498f36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10391
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 443 B
562 B 887ms
886ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2CInRead_infeed_Missbloom_AdX&enc_prev_ius=%2F0%2F1&prev_iu_szs=192x256%7C256x192%7C144x256%7C320x50%7C256x256%7C300x250%7C320x180%7C300x100%7C320x250%7C256x144%7C640x480&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108352&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=5549&adks=2055048688&ucis=lvb1mmthcblg&ifi=7&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=29&icsg=49836&std=0&csl=81&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x1316&msz=0x256&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=7

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ffd0ec7f4d038be2d4664315932543be5c420b4d29ed23300d6966474c29363c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK _yalla_loader.js Show response
widget.yallarec.com/ Frame 3579 80 KB
20 KB 52ms
9ms Script
application/javascript 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.yallarec.com/_yalla_loader.js
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: fd4a9a59038ee47b48dedd0c2c9e85e9f00b8f371777f17446c8a56d3b20d6e1

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 May 2020 10:53:30 GMT
Server: nginx
ETag: W/"5eaea2aa-13e4d"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 20567
Expires: Tue, 05 May 2020 15:41:48 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 40 KB
10 KB 1050ms
1048ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_300*250B&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108365&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=9897&adks=3543098062&ucis=6w45ipql8ey4&ifi=8&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=36&icsg=797376&std=0&csl=74&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x250&msz=0x250&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=8

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5d9a130a4a934e2208016c166f83770b83b4e64e488689633acaa1518f78963c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10391
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 40 KB
10 KB 2250ms
2249ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_300*250C&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108372&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=10147&adks=1034747580&ucis=g0h0xjgt56or&ifi=9&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=37&icsg=797376&std=0&csl=74&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x250&msz=0x250&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=9

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d2faea3478c0a11376f9799ca143967ef61452cb055391e41a609e79a2f3819f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10301
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 428 B
313 B 1358ms
1357ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_textlink&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x200%7C300x150%7C300x100%7C300x120%7C300x110&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108379&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=10397&adks=926066986&ucis=jx5lts7hs2wc&ifi=10&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=38&icsg=797376&std=0&csl=68&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x200&msz=0x200&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=10

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

6f98e4ba8fced7ee8b536130f17ce3c905d3d7504f5455e1ce972e46ec8a4465

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 332 B
231 B 1608ms
1608ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2Cmissbloom_728x90_bottom&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x200%7C990x250%7C970x250%7C1000x250%7C1x1&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie=ID%3Dcba0bd00775297c1%3AT%3D1588686108%3AS%3DALNI_Mb_k1LLZTTAEEx6mqkZJq-8fASVLQ&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108400&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=15357&adks=1019512580&ucis=ttjw7xxtr03s&ifi=11&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=39&icsg=797376&std=0&csl=77&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x90&msz=0x90&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=11

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

9d8ebb8a1c4946dd02276f9f525da75fe9e7ab403e31ce416faea351adb5a180

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 153
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 3579 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 missbloom-logo-p.svg
healythbilling.gq/wp-content/themes/mb17s/images/logo/ Frame 3579 64 KB
64 KB 13ms
12ms Image
text/html 2606:4700:3031::681b:b5ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://healythbilling.gq/wp-content/themes/mb17s/images/logo/missbloom-logo-p.svg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:b5ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Feb 2019 16:02:05 GMT
server: cloudflare
age: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=14400
cf-ray: 58eae1918b3d05d0-FRA
cf-request-id: 0286ab4ef5000005d0b428b200000001

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 3579 131 KB
32 KB 22ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 31766
x-xss-protection: 0
pragma: public
x-fb-debug: RKLyOPBcq1JiFVAJLWzdqfecK7KYdwE3pkVOAjtAtiffrR7j1A9POHHJflTWcxx+Iue+xXfdIUYUXJYb7dti4Q==
x-fb-trip-id: 1850256238
x-frame-options: DENY
date: Tue, 05 May 2020 13:41:48 GMT, Tue, 05 May 2020 13:41:48 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3579 315 B
213 B 1594ms
1594ms XHR
text/plain 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=629442068964899&correlator=1074853327157166&output=ldjh&impl=fif&adsid=NT&vrg=2020042703&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200505&iu_parts=3346429%2CMB_Inread_Video&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=page%3Dros%252Ccelebrities%252Ccelebs-now%252Co-erotas-ine-akoma-zontanos-anamesa-stou%252C176722%26pagetype%3Darticle%26tags%3D&cookie=ID%3Db0eebeec1b237f0b%3AT%3D1588686108%3AS%3DALNI_MYN1zvtt1fHHlhKUno03_8q_kNi6A&cookie_enabled=1&cdm=healythbilling.gq&bc=31&abxe=1&lmt=1549814525&dt=1588686108416&dlt=1588686107924&idt=354&frm=23&biw=1585&bih=1200&oid=3&adxs=16&adys=19415&adks=343001862&ucis=pgczx8xz5gee&ifi=12&ifk=19644707&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&ref=https%3A%2F%2Fhealythbilling.gq%2F&top=https%3A%2F%2Fhealythbilling.gq%2F&dssz=48&icsg=12758018&std=0&csl=81&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x19399&msz=1x-1&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf%2CAKB7eCKavm0y-7DFBxajSnt_l1rf&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&fws=256&ohw=0&btvi=12

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

74a7d250bfc7e511014346ae86723868dfe3ca6c28f88361990fe536b20ae8e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 exitbee.js Show response
app.exitbee.com/c/366/ Frame 3579 10 KB
2 KB 117ms
33ms Script
application/javascript 35.240.50.85
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.exitbee.com/c/366/exitbee.js

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.240.50.85 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

85.50.240.35.bc.googleusercontent.com

Software

nginx/1.17.7 / Express

Resource Hash

57522635ee152ac3c2dc8c2809165a3c028dde92fbeca59602015b849a4e31ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
etag: W/"291d-b/nX+mDCogMCduXtyRvhEHTwVOU"
server: nginx/1.17.7
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 /
d.agkn.com/iframe/8613/ Frame DDFA 0
0 24ms
23ms Document
text/html 2600:9000:2093:6e00:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.agkn.com/iframe/8613/?che=467498549&gdpr=&gdpr_consent=&ref=&bpid=atticagreece&c=%7B%22bpid%22%3A%22atticagreece%22%2C%22loc%22%3A%22https%3A%2F%2Fhealythbilling.gq%2F%22%2C%22gdpr%22%3A%22%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Requested by: Host: js.agkn.com
URL: https://js.agkn.com/prod/v0/tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2093:6e00:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash

Request headers

:method: GET
:authority: d.agkn.com
:scheme: https
:path: /iframe/8613/?che=467498549&gdpr=&gdpr_consent=&ref=&bpid=atticagreece&c=%7B%22bpid%22%3A%22atticagreece%22%2C%22loc%22%3A%22https%3A%2F%2Fhealythbilling.gq%2F%22%2C%22gdpr%22%3A%22%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Response headers

status: 200
content-type: text/html;charset=UTF-8
content-length: 481
cache-control: no-cache, must-revalidate
date: Tue, 05 May 2020 13:41:47 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pragma: no-cache
server: Apache-Coyote/1.1
set-cookie: ab=0001%3AHf1ouSmxummoMJrlRp9MQ2FdRtFQYrvL;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure u=C|0AEAmRCmcJkQpnAAAAAAAAg1RAQCADVIBAIA;Path=/;Domain=agkn.com;Max-Age=31536000;SameSite=None;Secure
x-cache: Miss from cloudfront
via: 1.1 ddf1a4286ca5a84e441f34f1b121a3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: Hz_taPFy3fqSq_A4Yvse46jO9VXQFUZZbzW3MEZWW7FY4HI_pewk5Q==

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200430/r20190131/ Frame 3579 217 KB
82 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200430/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48ff8729b9b774bbe136d0bec514675c79b6c8a934f718858121b6bf19362709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 83815
x-xss-protection: 0
server: cafe
etag: 5824762949280642259
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 May 2020 13:41:48 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200430/r20190131/ Frame 629C 0
0 6ms
5ms Document
text/html 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200430/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200430/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlsQdMnyPNKuOykcszCy0uWu4aplsTN0niIDgf1w_0TIasxVPKIlcYFj6YF
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 30 Apr 2020 17:27:54 GMT
expires: Thu, 14 May 2020 17:27:54 GMT
content-type: text/html; charset=UTF-8
etag: 4094386822458569044
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4444
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 418434
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 636 Show response
www.vidads.gr/get/video/vast3/ Frame 3579 97 B
589 B 37ms
36ms XHR
text/xml 2a01:4f8:110:5005::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vidads.gr/get/video/vast3/636?inread=1&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto

Requested by

Host: www.vidads.gr
URL: https://www.vidads.gr/scripts/va_content.vast.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:4f8:110:5005::2 Heidelberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.16.1 / PHP/7.2.30

Resource Hash

abe6af6a23f989b0623689a5d2a8df531c4f84c1e9785db0bad82155e9ef7f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: PHP/7.2.30
status: 200
pragma: no-cache
x-route: http1
last-modified: Tue, 05 May 2020 13:41:48 GMT
server: nginx/1.16.1
vary: Accept-Encoding
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://healythbilling.gq
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
x-time: 0.030817031860352
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

hit.xiti
logws1312.ati-host.net/ Frame 3579
Redirect Chain

https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref=
https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref=&Rdt=On

35 B
201 B

52ms
52ms

Image
image/gif

104.111.224.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref=&Rdt=On

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.224.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-224-123.deploy.static.akamaitechnologies.com

Software

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Connection: keep-alive
Content-Length: 35
Strict-Transport-Security: max-age=3600
Content-Type: image/gif

Redirect headers

Location: https://logws1312.ati-host.net/hit.xiti?s=532002&p=&vrn=1&lng=en-US&idp=1541485798389&jv=0&re=0x0&vtag=4.5.7&hl=15x41x48&r=1600x1200x24x24&ref=&Rdt=On
Date: Tue, 05 May 2020 13:41:48 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=3600
P3P: policyref="/w3c/p3p.xml",CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame 3579 82 KB
29 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: widget.yallarec.com
URL: https://widget.yallarec.com/_yalla_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 08:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3300529
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Mar 2021 08:52:59 GMT

GET
H2 200 1047335965285668 Show response
connect.facebook.net/signals/config/ Frame 3579 475 KB
120 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1047335965285668?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5168e48216251029553064406956580b6c1b3c74236e33b244e6c41eef530a29

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 122412
x-xss-protection: 0
pragma: public
x-fb-debug: /iH9w8uwBTstWLGgKclNsHH5wWeo/SgVcwBMI6pI3qxrEUa0hY8nnqchDwQEjpzUTxRfTtOi5iK+YKA0Fv839Q==
x-fb-trip-id: 1850256238
x-frame-options: DENY
date: Tue, 05 May 2020 13:41:48 GMT, Tue, 05 May 2020 13:41:48 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 429 /
www.instagram.com/p/BJwAgHvAlt9/embed/captioned/ Frame BF48 0
0 113ms
112ms Document
application/json 2a03:2880:f22d:e5:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.instagram.com/p/BJwAgHvAlt9/embed/captioned/?cr=1&v=7&rd=https%3A%2F%2Fhealythbilling.gq&rp=%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto

Requested by

Host: www.instagram.com
URL: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/bf4a12bd69f3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f22d:e5:face:b00c:0:4420 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://.cdninstagram.com https://.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://.www.instagram.com https://.cdninstagram.com wss://www.instagram.com https://.facebook.com https://.fbcdn.net https://.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://.www.instagram.com https://graph.instagram.com https://.graph.instagram.com https://.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://.facebook.com https://.fbcdn.net https://.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.instagram.com
:scheme: https
:path: /p/BJwAgHvAlt9/embed/captioned/?cr=1&v=7&rd=https%3A%2F%2Fhealythbilling.gq&rp=%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Response headers

status: 429
content-type: application/json; charset=utf-8
vary: Accept-Language, Cookie
content-language: en
date: Tue, 05 May 2020 13:41:48 GMT Tue, 05 May 2020 13:41:48 GMT Tue, 05 May 2020 13:41:48 GMT
content-length: 80
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 0
x-aed: 15
access-control-expose-headers: X-IG-Set-WWW-Claim
x-fb-trip-id: 1679558926

GET
H2 400 ads
googleads.g.doubleclick.net/pagead/ Frame 7C32 0
0 18ms
17ms Document
text/html 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?output=html&adk=1812271804&adf=3279755397&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhealythbilling.gq%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588686108432&bpp=13&bdt=508&idt=131&shv=r20200430&cbv=r20190131&ptt=9&saldr=aa&nras=1&correlator=1229884438714&frm=23&ife=1&pv=2&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&ga_fc=0&ga_cid=955855319.1588686108&iag=3&icsg=2199839768611&nhd=1&dssz=57&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&isw=0&ish=0&ifk=19644707&scr_x=0&scr_y=0&eid=21065532%2C21066085&oid=3&pvsid=629442068964899&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8212&bc=31&ifi=12&uci=c.qbqskyzcwwty&fsb=1&dtd=144

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200430/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?output=html&adk=1812271804&adf=3279755397&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhealythbilling.gq%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1588686108432&bpp=13&bdt=508&idt=131&shv=r20200430&cbv=r20190131&ptt=9&saldr=aa&nras=1&correlator=1229884438714&frm=23&ife=1&pv=2&ga_vid=159237191.1588686108&ga_sid=1588686108&ga_hid=1021231902&ga_fc=0&ga_cid=955855319.1588686108&iag=3&icsg=2199839768611&nhd=1&dssz=57&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&isw=0&ish=0&ifk=19644707&scr_x=0&scr_y=0&eid=21065532%2C21066085&oid=3&pvsid=629442068964899&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8212&bc=31&ifi=12&uci=c.qbqskyzcwwty&fsb=1&dtd=144
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlsQdMnyPNKuOykcszCy0uWu4aplsTN0niIDgf1w_0TIasxVPKIlcYFj6YF
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Response headers

status: 400
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 05 May 2020 13:41:48 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3579 73 KB
27 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200430/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d26e058f6f092f10c14e8f42fd2dc8959b22ea43fd98f781eb45e1a84e482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1588332207717364"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27848
x-xss-protection: 0
expires: Tue, 05 May 2020 13:41:48 GMT

GET
H2 200 exitbee.js Show response
cdn.exitbee.com/ Frame 3579 30 KB
30 KB 79ms
20ms Script
application/javascript 34.98.97.158
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.exitbee.com/exitbee.js
Requested by: Host: app.exitbee.com
URL: https://app.exitbee.com/c/366/exitbee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.97.158 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 158.97.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 65fd8bfe746caf4582271bd06f99a22ef245b382df7753f5b63400811a0308f2

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:40:22 GMT
age: 86
x-guploader-uploadid: AAANsUng-AOjmp9UxO2QdFt4ncFRSTS2BqeRBprOIvBSZ8lvn-7oJyLyNeCq58pMriVAR8hep_3-99Qj5f1hsBaPu3M
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 30726
last-modified: Thu, 26 Mar 2020 17:03:24 GMT
server: UploadServer
etag: "9f6ea51288331a9c72b48b394662d688"
x-goog-hash: crc32c=bFHepg==, md5=n26lEogzGpxytIs5RmLWiA==
x-goog-generation: 1585242204232594
cache-control: public, max-age=3600
x-goog-stored-content-length: 30726
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 05 May 2020 14:40:22 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 3579 44 B
348 B 19ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1047335965285668&ev=PageView&dl=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto&rl=https%3A%2F%2Fhealythbilling.gq%2F&if=true&ts=1588686108597&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1588686108596.2077230693&it=1588686108494&coo=false&rqm=GET

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT, Tue, 05 May 2020 13:41:48 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 05 May 2020 13:41:48 GMT

GET
H/1.1 200
OK getrecs.json Show response
api.yallarec.com/rec-api/ Frame 3579 29 KB
11 KB 313ms
162ms Script
application/javascript 95.142.20.17
PUREPEAK-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.yallarec.com/rec-api/getrecs.json?cb=yallarec_cb_49989949072133030&pubid=185585&webid=175457&wid=117200&recsnum=15&url=https%3A%2F%2Fhealythbilling.gq%2F&cs=UTF-8&subid=&title=%CE%9D%CF%84%CE%BF%CF%85%CF%81%CE%B1%CE%BD%20%CE%BD%CF%84%CE%BF%CF%85%CF%81%CE%B1%CE%BD&kwrds=&sessionid=3889c772-06e1-83c5-1b37-01c99f6ead3b&rndid=49989949072133030&psid=
Requested by: Host: widget.yallarec.com
URL: https://widget.yallarec.com/_yalla_loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.142.20.17 , Israel, ASN20645 (PUREPEAK-ASN, IL),
Reverse DNS: ip-95-142-20-17.purepeak.com
Software: nginx /
Resource Hash: e3d85794f31dba2e3885485bd6974d367e41256b318571c67746ac1ebd26532e

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-language: en-US
cache-control: no-cache, no-store, max-age=0
transfer-encoding: chunked
content-type: application/javascript;charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK yalla_crt_loader.js Show response
widget.yallarec.com/ Frame 3579 13 KB
3 KB 9ms
9ms Script
application/javascript 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.yallarec.com/yalla_crt_loader.js
Requested by: Host: widget.yallarec.com
URL: https://widget.yallarec.com/_yalla_loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 186466980a2394e09d866c4b8210699f9ce8e5029dc856e6ed28cafcfb3d8f8c

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 May 2020 10:53:30 GMT
Server: nginx
ETag: W/"5eaea2aa-342f"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=7200
Connection: keep-alive
Content-Length: 3239
Expires: Tue, 05 May 2020 15:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr.95206146_5F283303629357130_5F6437904106936860672_5Fn_2_152477_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/04/16/52/ Frame 3579 15 KB
16 KB 51ms
18ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/04/16/52/files.missbloom.gr.95206146_5F283303629357130_5F6437904106936860672_5Fn_2_152477_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 888d8f4b27575bdda9a4063fefeb83433c8ccb92954b02fc7626c839a1f64e78

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Fri, 01 May 2020 06:47:54 GMT
Server: AmazonS3
x-amz-request-id: 244CE7638FA1B5C5
ETag: "1d1290955b4d8f19bb67fdfa87b2a5ec"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15584
x-amz-id-2: DcgBnVv21HaOe/5+CVEKBBJmx+fYF14r9nuzTHjOwylbyPyDjQvPHyusp6k6NYNZybrrdRwbAmE=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr.tsopei_2_100316_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/5f/20/4c/ Frame 3579 8 KB
9 KB 98ms
64ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/5f/20/4c/files.missbloom.gr.tsopei_2_100316_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e080628a1c31ba2e5f9505d6bab37ffdc2e5358436c8aba1b30d094a7ad86f1

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Sat, 02 May 2020 11:45:58 GMT
Server: AmazonS3
x-amz-request-id: 002A6621B5F53031
ETag: "5e9f70e93830ce7694cecf409da38b42"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8469
x-amz-id-2: wY2m/EfFqFgezrsU0OO/r9L7b1XgJLRvw/F/Q1UIfh/q++aEHb7OmAtet22HNxFdbS51gQbEOeA=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK yupiii.gr.ff93d99551a864a483ba3b37a0fd58d6_2_113532_2.jpg
img9-api.yallarec.com/98/c6/website_175458/a8/41/ef/ Frame 3579 10 KB
10 KB 53ms
19ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/98/c6/website_175458/a8/41/ef/yupiii.gr.ff93d99551a864a483ba3b37a0fd58d6_2_113532_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9ae5e0bf4d0fbbd95f2a36c3c3c5c7ec6655984790809ba9def44cf5eaeb021d

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Tue, 05 May 2020 07:59:18 GMT
Server: AmazonS3
x-amz-request-id: 91223535741657AE
ETag: "041497046107f9df0d08340462cbf8cc"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10035
x-amz-id-2: RQlK5ycwrXsSXsoDaUp8GZmD0XN+VTWL16+7g2bjTCvKyVN9R9qHpRA8LmRIeT6coETJ6CtQL7Y=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr.brigitte_2Dbardot_2D2_2_129915_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/8d/6d/27/ Frame 3579 12 KB
13 KB 51ms
17ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/8d/6d/27/files.missbloom.gr.brigitte_2Dbardot_2D2_2_129915_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ffcaad26f785705e31cd58c35df664956b1689d46498a2751d60ed70e7729a5d

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Sat, 02 May 2020 17:03:32 GMT
Server: AmazonS3
x-amz-request-id: FC6A300C84F4C10C
ETag: "29ff25b59857f29bd10107807bd17ea0"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12767
x-amz-id-2: CATJ75oCidq9byCmxU8CqtUneff+kYcBU9SNoppHv2Jz0VWl2+HnvO09HQOnBLEtG85WLt79l44=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK i2.wp.com.smiling_2Dwoman_2Dresting_2Dafter_2Dworkout_2Dpicture_2Did1067087648_2Ejpg_3Ffit_3D1200_252C1200_26q_183256_2.jpg
img9-api.yallarec.com/dc/64/website_175460/55/1e/a2/ Frame 3579 10 KB
11 KB 53ms
19ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/dc/64/website_175460/55/1e/a2/i2.wp.com.smiling_2Dwoman_2Dresting_2Dafter_2Dworkout_2Dpicture_2Did1067087648_2Ejpg_3Ffit_3D1200_252C1200_26q_183256_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d508acdc40a5bfdd517a71504b0f0f984fb0095a2f98897a2cc8d559ef0ae956

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Wed, 29 Apr 2020 11:56:46 GMT
Server: AmazonS3
x-amz-request-id: B4E973EF0D82ADCB
ETag: "ce492a43bb63a1ecbe5a3a161bf6b008"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10525
x-amz-id-2: 6VgnCONKgymT5+LxY1y94M0u8A/YzB7bzMTRcsDEubtUWU+EoccrG4yIFDZh+eauPuCClSY+cZE=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr.95172987_5F368231387457923_5F8133006507575869440_5Fn_2D1_2De1588319564221_2_193817_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/d7/e3/1b/ Frame 3579 13 KB
13 KB 52ms
18ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/d7/e3/1b/files.missbloom.gr.95172987_5F368231387457923_5F8133006507575869440_5Fn_2D1_2De1588319564221_2_193817_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2efcf935675ce9cc86f3238c1c7aea095fe1d81bba9cc376c5683d55dc3e8db3

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Fri, 01 May 2020 08:13:49 GMT
Server: AmazonS3
x-amz-request-id: 6D2F7D8A2517879D
ETag: "f43b9bbff651c55b6315a0ab30d7c3ab"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13068
x-amz-id-2: +xnUByQmNIa9/PXuoPpwbG1gEJ0c7+vlZwYNb/nlvdrB9u16ZVWwWNBgzGvNOpnnoijkxKEGZTc=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr.Geronikoloy_2_176297_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/85/c1/c1/ Frame 3579 13 KB
14 KB 16ms
14ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/85/c1/c1/files.missbloom.gr.Geronikoloy_2_176297_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6aaefb9cb755b94b408eda0f9830ddb35180a57441b68121828cb9640722af29

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Sat, 25 Apr 2020 09:14:41 GMT
Server: AmazonS3
x-amz-request-id: 12C1E7295C0D57B0
ETag: "745d34db06ec8ceca9475ad8ebb67644"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13526
x-amz-id-2: hZd4MDKkSA7OHOscebfRbVigKfYagQp8tK6vCogNfpKIhzBALfleEowVSJNybUpVK3Xx/aV1sXU=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr._2De1586187451484_2_197590_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/8a/50/e3/ Frame 3579 10 KB
11 KB 13ms
11ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/8a/50/e3/files.missbloom.gr._2De1586187451484_2_197590_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8743a00e65413be8e8b839177fa83e52d5f7acaa800cec227db0a5c97df63f68

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Mon, 06 Apr 2020 15:42:56 GMT
Server: AmazonS3
x-amz-request-id: ABBC5AD72E42A455
ETag: "402b832da0a436a9b7aecca611578153"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10316
x-amz-id-2: DVU6irtKMa01mbzuS6L8jDt428PADiRc5ojVkG4H4xm7VFRU9naVCWuSYn1opWph8+ISBAyIpOA=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK madamefigaro.gr.90a28908269e4edca8a9830d4942a98b_2_173900_2.jpg
img9-api.yallarec.com/c3/28/website_175461/08/cf/80/ Frame 3579 12 KB
12 KB 60ms
59ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/c3/28/website_175461/08/cf/80/madamefigaro.gr.90a28908269e4edca8a9830d4942a98b_2_173900_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a4d25e4d66645c9b5d7e18974f2780d7b437aa53a141481da013397367219edb

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Sun, 03 May 2020 16:33:07 GMT
Server: AmazonS3
x-amz-request-id: 2F1CCB56C8AD8308
ETag: "6798d232c1c0dab71658cad92482797c"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12059
x-amz-id-2: kVJ1Y8ZbGRCasQ9bGncg44tGOEvDtqNVKnpyC681tdmqVadNJT0+BT8HQ7amL6GZkWw5eVnBcOE=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK files.missbloom.gr.7299_2D4748_5FGIANA_5FAGELOPOYLOY_5F1542010_2_120001_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/a6/5f/cb/ Frame 3579 14 KB
14 KB 39ms
37ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/a6/5f/cb/files.missbloom.gr.7299_2D4748_5FGIANA_5FAGELOPOYLOY_5F1542010_2_120001_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6573544af0ca7938a3b28df75fd89e208013c8247aea60c1e4a5e385a9162d8

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Thu, 16 Apr 2020 11:46:32 GMT
Server: AmazonS3
x-amz-request-id: 413BDC0D381B395B
ETag: "d29da173c8e53b30cbb7ed18d86cf48a"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13992
x-amz-id-2: 5fEi1PbkJAhiZUQfE3FyYZI+wxuPFbuWWS6DMxlH7x5l0xOxNfX8BhoPayAaVdBZMAfywbKqkdU=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK files.missbloom.gr._3F_3F_3F_3F_3F_2D_3F_3F_3F_3F_3F_3F_3F_3F_2_115547_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/e5/d7/20/ Frame 3579 13 KB
14 KB 13ms
13ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/e5/d7/20/files.missbloom.gr._3F_3F_3F_3F_3F_2D_3F_3F_3F_3F_3F_3F_3F_3F_2_115547_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58139fbd6ec21f72c99cd6e8382b144907d64b7cdab6c893118015694a41846f

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:48 GMT
Last-Modified: Thu, 09 Apr 2020 12:47:08 GMT
Server: AmazonS3
x-amz-request-id: CB70D4332D24090E
ETag: "756bf2cb3d54b1b0b8915965e5c728bd"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13374
x-amz-id-2: Rr2rDr2Cw0stoNCQiOQJNJlv5XdA97pD8dm4L1IhJSpSKTjJxnj3yIQVnN6uVqhcfc1ARM2x588=
Expires: Tue, 12 May 2020 13:41:48 GMT

GET
H/1.1 200
OK files.missbloom.gr._3F_3F_3F_3F_3F_3F_3F_2D_3F_3F_3F_3F_3F_3F_3F_3F_2_105364_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/ae/da/50/ Frame 3579 18 KB
18 KB 12ms
11ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/ae/da/50/files.missbloom.gr._3F_3F_3F_3F_3F_3F_3F_2D_3F_3F_3F_3F_3F_3F_3F_3F_2_105364_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 094bc19acb70d2e96d17823738c19a17f38a555c1b293558c3efef8570f4c81d

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Fri, 01 May 2020 09:56:15 GMT
Server: AmazonS3
x-amz-request-id: 1BC5813EF485E70D
ETag: "8bf49d8c74f1544fcaaebb9769084090"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18393
x-amz-id-2: /0XCZzXN6O0CWdmim7bDVj/BZ8xyZVWY6+yTd5nylhMuF91q6UALfpoS0SYWcFIJIPMkHPsDYhY=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK files.missbloom.gr._3F_3F_3F_3F_3F_2_166246_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/8e/24/76/ Frame 3579 17 KB
18 KB 14ms
14ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/8e/24/76/files.missbloom.gr._3F_3F_3F_3F_3F_2_166246_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6baa40ac5f79820ef2036e03517328db07f5dea669e6632d38171dd8d07f224d

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Thu, 16 Apr 2020 13:29:50 GMT
Server: AmazonS3
x-amz-request-id: BBD0D1FE2112D20E
ETag: "8717195f87db8ef8819982786325e408"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17720
x-amz-id-2: CjMFmGfM4IuTfTdVbO01c9oYKfZ9c4Q7RANbBr9PH/sBSayV8UyaevvmJv18vo3G0pITadU9c2M=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK files.missbloom.gr.SPL5032267_5F007_2De1539246833873_2_147117_2.jpg
img9-api.yallarec.com/e4/6d/website_175457/3e/29/d8/ Frame 3579 15 KB
15 KB 55ms
55ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/e4/6d/website_175457/3e/29/d8/files.missbloom.gr.SPL5032267_5F007_2De1539246833873_2_147117_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 52c07caa85c656431de4df000c7f4a1ff19cbf0a281f4356a0a52e9559553e56

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Mon, 04 May 2020 15:09:38 GMT
Server: AmazonS3
x-amz-request-id: 6FB52140C72D7D5E
ETag: "9aeae3e79480310d666002c76cf7bc46"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15193
x-amz-id-2: GRae2JseHk8Ez1wJdaepnthVU1E2q0h3HSjXtx8VIZZp/gBAe10Oy/7oISkcrBC3UH2MhO3GmMA=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H/1.1 200
OK i2.wp.com.healthy_2Dgreen_2Dsalad_2Dwith_2Davocado_2Dcucumber_2Dand_2Darugula_2Din_2Dwhite_2Ddish_2Dpicture_2D_168685_2.jpg
img9-api.yallarec.com/dc/64/website_175460/94/af/6e/ Frame 3579 21 KB
22 KB 12ms
12ms Image
image/jpeg 2a02:26f0:10c:382::3b8c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img9-api.yallarec.com/dc/64/website_175460/94/af/6e/i2.wp.com.healthy_2Dgreen_2Dsalad_2Dwith_2Davocado_2Dcucumber_2Dand_2Darugula_2Din_2Dwhite_2Ddish_2Dpicture_2D_168685_2.jpg
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::3b8c , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 12d9efddd5f2ca42e49a74cbeb5eda09347b121d13a113853caf3ba11ef03666

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 13:41:49 GMT
Last-Modified: Wed, 08 Apr 2020 05:04:17 GMT
Server: AmazonS3
x-amz-request-id: 04E5FC873F2B1AE7
ETag: "74aef4cb6ff29b8f1ea8197af507d139"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21878
x-amz-id-2: mjsYc9RZ6/0WyaRVlMnxyaJNgUlD0KZG7liW1UajAgsS7LcXqQqxEfZCqxvNbe5CU25qm3ubceg=
Expires: Tue, 12 May 2020 13:41:49 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 3579 97 KB
30 KB 14ms
14ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: widget.yallarec.com
URL: https://widget.yallarec.com/yalla_crt_loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 01793dfe25a8daa227696e0d8630591f4b774fcac7f257eba7296f081cb4dbaa

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:48 GMT
content-encoding: gzip
last-modified: Thu, 23 Apr 2020 08:37:28 GMT
server: nginx
etag: W/"5ea153c8-18582"
status: 200
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Wed, 06 May 2020 13:41:48 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 3579 0
147 B 93ms
30ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=89&profileId=184&cb=89385371478
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

status: 204
date: Tue, 05 May 2020 13:41:48 GMT
access-control-allow-credentials: true
server: Finatra
access-control-allow-origin: https://healythbilling.gq
timing-allow-origin: *
vary: Origin

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3579 7 KB
6 KB 37ms
18ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020042703&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d1bb893ef8448d590932677b7c214b5c1040dc30986c63c8a376173e95de17d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5519
x-xss-protection: 0

GET
H2 200 va_content.vast.min.css
www.vidads.gr/css/ Frame 3579 41 KB
7 KB 5ms
3ms Stylesheet
text/css 2a01:4f8:110:5005::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.vidads.gr/css/va_content.vast.min.css?v=2.13
Requested by: Host: www.vidads.gr
URL: https://www.vidads.gr/scripts/va_content.vast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:110:5005::2 Heidelberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 88a6c0de42002ab0f042b863e02e360efc4dbf8393e2a8d48b5e1e895defc7b5

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 08:53:50 GMT
server: nginx/1.16.1
etag: "a554-58d63eec89310-gzip"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=5184000
x-route: http1
accept-ranges: bytes
content-length: 6926
expires: Sat, 04 Jul 2020 13:41:49 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 3579 264 KB
90 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: www.vidads.gr
URL: https://www.vidads.gr/scripts/va_content.vast.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f07554fd87b2de2d7f413aad15a903fb3fe8e0b6993b0cac1beef9ed05d7580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91857
x-xss-protection: 0
expires: Tue, 05 May 2020 13:41:49 GMT

HEAD adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 3579 0
0

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 3579 43 B
260 B 13ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Fri, 30 Apr 2021 13:41:49 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 3579 43 B
260 B 12ms
11ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
etag: "493ea254-2b"
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Fri, 30 Apr 2021 13:41:49 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 6EA9 200 KB
56 KB 37ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/
Origin: https://healythbilling.gq

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3810
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 6EA9 200 KB
55 KB 47ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3810
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 6EA9 16 KB
6 KB 46ms
15ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7853f30b8d97f4ea1936818b0b01f1757e46fe3f99571a572582d4eec53e6875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8993
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5717
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:11:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "955d460ecdaddff4"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:11:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 6EA9 93 KB
28 KB 41ms
11ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a58db5adf9958450ff7368808e322df972146f6c86546e471b0608af84e93bb3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3794
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28417
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40aee2f6297ccc56"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:35 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 6EA9 3 KB
1 KB 40ms
10ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2deddad8c3b18a05e32ffdbb3e57004f820bf30d3ba341cd529b9156db47f41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8977
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1416
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7405f8d8da732be7"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:12 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 6EA9 46 KB
15 KB 39ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

757356e3395a14678ad98d34ab39325de29d79752e66ae1748d0015cfd5d007e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8975
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "37d2c34b66959890"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:14 GMT

GET
DATA 200
OK truncated
/ Frame 6EA9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6f21333a98ec17a2f347823b208713debf4f246e76667479f95fc91c51986e5

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 3579 20 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d30ac22ab046870c2859ae90b8598967936e693bf0773ef5e41dae33a04f0a5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1198
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7162
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 13:21:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "124c7b7cd5d53550"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 13:21:51 GMT

GET
H2 200 3548056162729540226
tpc.googlesyndication.com/simgad/ Frame 6EA9 75 KB
75 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3548056162729540226?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkpCUS02Ns3y-khl3-zmCM8w5Zbvw

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df448b37d4f4fc63ae8c811e9d1b5f8a67beda4e2fc42db721e2ebe40ca9e108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 19:18:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 04 May 2020 18:28:35 GMT
server: sffe
age: 66204
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76493
x-xss-protection: 0
expires: Tue, 04 May 2021 19:18:25 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6EA9 2 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 May 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 9171
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 06 May 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6EA9 295 B
522 B 7ms
6ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 May 2020 22:24:17 GMT
x-content-type-options: nosniff
server: cafe
age: 55052
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 05 May 2020 22:24:17 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6EA9 0
0 14ms
14ms Image
text/html 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQtjju5-iNC-aIstMLLjEZnh2h9DaMolMZE6Jyt1-w90yj1zxQNQJzj9E5ADzmGoeIpQ3p4WLWPhXLr-q_zyCCUU7zV3w
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6EA9 0
0 29ms
29ms Image
text/html 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFD_xHG2xXoT7NJWm1wbUrLT4BuSV7uBc0_ufxLUL5_Ps5ZUOEAEgjpzYaWD1lc6B4ASgAdfcnMcCyAECqQLh1NZuJVuxPuACAKgDAcgDCKoEnAJP0JJMXH21c4lzHaHPlOfc1BjfV1xybqLbrYieBJ-alAuyId5THngZTl5dIXUoQ0af6vtB6t8WVSmFFEa-eOTFPvl5v91fxOSNdFzYWWFXFI3Yus_7E-Ur-NKMGAPtN-5vTK66y72FUY5qGBYrHUYL-h-lIAOygfaosegccLzo7jwEQTpHjmqzXQRRbJh5vePtrIFOPUeeoqnybg1h7xA63NTgsUUyOYajM5H_AlGGFYa8kWNR275R3Z7y7TvOMAeiJeLSLVcgnCvAapyCiiy7pP3l6NWkZ1layZuji9OKQI46Kx8QWnkySQamUef5wwAYFoQnusr6LQwMsa5nGVBid9wUB_nato39N2C2ix9zfDLYBpp73hgMaUaWZcAE27qs_sYC4AQBkgUECAQYAZIFBAgFGASgBgKAB5Gj47gBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEJGOAdIIBwiAYRABGB2ACgPICwHYEw0&sigh=99i8_FkD8-o&tpd=AGWhJmta0hBPF9ePTgG5Vl1grlgkAejeP4EPBLav6Ypxo_g4DQ
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3579 14 KB
5 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 13:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5456
x-xss-protection: 0
expires: Tue, 05 May 2020 13:41:49 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 3579 0
108 B 6ms
6ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryMcjGwqhSPiiyxnWH

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 05 May 2020 13:41:49 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://healythbilling.gq
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 60F8 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Tue, 05 May 2020 13:27:39 GMT
expires: Wed, 05 May 2021 13:27:39 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 850
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 6EA9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 May 2020 13:41:49 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3579 0
123 B 40ms
40ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020042703&jk=629442068964899&bg=!bW6lbnZYDjqnivdqSyoCAAAAMlIAAAAMmQGUx_g_9Kxzly12NfALtvTzYKxQxAA2Gm9MvtI01qdA_vAf-zn4p3LjKr9gReTlEzFtsvrT0x97k9lAAYSh_gMYWiC_tZopHpuGqnjHRt1sL_jWZx4R0mGsJD6YNd4rSjezW8Jl8wy8y221KR477w__FcXVuJOBRfJgTg3jr-j-uI-IxvzKGV0Et37eA3ynAlqgIrhRKn7hoiQd6TO8q85kbVLUasgaIreTzUuBVP6shbKjmU9EEMZ4Bjrcwofcc_BoCupXLVhTo_AMagGcq_riNEjgzTlEIoUosEs2r26Sv0k3sAhCfKiJvo2eEo6n9QOZyal6B_TmmZ35ObJec3NODUfaSq4RXPeUizGoErGYTSVeZqUtrixNtoDUKpTZXg8984BLKSLr4oVktWDSi5HUHdUKQjztZycGIet3m9WK-HkZDIGktD_1WeocnaFdnzHTwByavCjbAYj6MyUd2bSoc_xVNTBsorocjwewFM9VUKfrCVFeRNw5snm9IiBRFLUYSoLnLQ3q7pL1cU2a3Cr5dKZRhzw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 May 2020 13:41:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 7CAC 200 KB
55 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/
Origin: https://healythbilling.gq

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3810
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 7CAC 200 KB
55 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3810
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 7CAC 16 KB
6 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7853f30b8d97f4ea1936818b0b01f1757e46fe3f99571a572582d4eec53e6875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8993
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5717
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:11:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "955d460ecdaddff4"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:11:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 7CAC 93 KB
28 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a58db5adf9958450ff7368808e322df972146f6c86546e471b0608af84e93bb3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3794
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28417
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40aee2f6297ccc56"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:35 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 7CAC 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2deddad8c3b18a05e32ffdbb3e57004f820bf30d3ba341cd529b9156db47f41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8977
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1416
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7405f8d8da732be7"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:12 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 7CAC 46 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

757356e3395a14678ad98d34ab39325de29d79752e66ae1748d0015cfd5d007e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8975
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "37d2c34b66959890"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:14 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7CAC 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 May 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 9171
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 06 May 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7CAC 295 B
355 B 7ms
6ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 May 2020 22:24:17 GMT
x-content-type-options: nosniff
server: cafe
age: 55052
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 05 May 2020 22:24:17 GMT

GET
DATA 200
OK truncated
/ Frame 7CAC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab1532a1201e757c85412e7aefb286882de3ec69720a2b9aa373bbc78094977f

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 2210197404018168496
tpc.googlesyndication.com/simgad/ Frame 7CAC 25 KB
26 KB 7ms
7ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2210197404018168496?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm14R1vpA_pMuFUsVq-_W6I5KhzAQ

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc48dbec66494a02480c2c01ad92297a5eac84a6a1ca5b3ed57e10b118d54540

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Mar 2020 07:42:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Nov 2016 02:14:10 GMT
server: sffe
age: 3304730
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26101
x-xss-protection: 0
expires: Sun, 28 Mar 2021 07:42:59 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7CAC 0
0 23ms
23ms Image
text/html 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTm6rLFJSkOLXb6K3VS4H0gkwzH5L246ae8oVCB6kybyWqPcIFBzmMxiI3umqZBjFoZQuxtIzG-VwOFLNe7t7bLc1_pWQ
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7CAC 0
0 29ms
29ms Image
text/html 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CC7xdHW2xXteEDsHImwfK75LgB9rTqdJahfyq7fQKs9vp_4IREAEgjpzYaWD1lc6B4ASgAa73mdIDyAECqQJAS4c1xtGnPuACAKgDAcgDCKoEowJP0CC48q9hHrL__2YKyeoM1YunA3wqY6v-PtkADtOJ_YR5U93kAtcyf0P5OHOW6AGwpO4jlHF_ofozPbyJynhzM-ziOa76bhCn1ZcT0aI8fBLTj_V2TjrCtFhXukCyJb2_qZMhHt_P1R7I-ypocJ1Vw4leM-YoSolxKlBt8D7oJOIOCnGGU_XXolSgTL-0udYfILUXi_C_npkjBxN9zcrmAYoJHclnQ0HNwz36yh0usbjuZ63SZ7rG1maUbTyCYAWPzJcLV3VsmNYs3f7njxyYJf5K82aZB2GOMGci8_2-sH3pC2F8Juy85C73tA3g_XFZFZoxGsNrb2WuxN4y4h1piTqUb10v4SUIjneL0rxahC20vimDcOlIK7ZR9Irph81xuD3ABJu6i9CAAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAe6iOYtqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEELLlAdIIBwiAYRABGB2ACgPICwHYEww&sigh=IH1YFgQIOfU&tpd=AGWhJmuFVGhmTxh_VJFBN7T5fIXY9yGmbMV5He7xb8G56sro8A
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7CAC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

50ms
50ms

Image
text/html

2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 May 2020 13:41:49 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 3BF3 200 KB
55 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://healythbilling.gq/
Origin: https://healythbilling.gq

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3811
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012003262059300/ Frame 3BF3 200 KB
55 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3811
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55871
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5920a4a9dcd48347"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:19 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 3BF3 16 KB
6 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7853f30b8d97f4ea1936818b0b01f1757e46fe3f99571a572582d4eec53e6875

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8994
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5717
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:11:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "955d460ecdaddff4"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:11:56 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 3BF3 93 KB
28 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a58db5adf9958450ff7368808e322df972146f6c86546e471b0608af84e93bb3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3795
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28417
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 12:38:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40aee2f6297ccc56"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 12:38:35 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 3BF3 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2deddad8c3b18a05e32ffdbb3e57004f820bf30d3ba341cd529b9156db47f41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8978
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1416
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7405f8d8da732be7"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:12 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012003262059300/v0/ Frame 3BF3 46 KB
15 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012003262059300/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

757356e3395a14678ad98d34ab39325de29d79752e66ae1748d0015cfd5d007e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 8976
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
server: sffe
date: Tue, 05 May 2020 11:12:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "37d2c34b66959890"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 May 2021 11:12:14 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BF3 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 May 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 9172
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 06 May 2020 11:08:58 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3BF3 295 B
360 B 7ms
6ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 May 2020 22:24:17 GMT
x-content-type-options: nosniff
server: cafe
age: 55053
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 05 May 2020 22:24:17 GMT

GET
DATA 200
OK truncated
/ Frame 3BF3 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 47381c2cbca536ce500a5aa512988b3a79ffbbe963d9b3f5c1071e1f01782224

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4249366322893213535
tpc.googlesyndication.com/daca_images/simgad/ Frame 3BF3 99 KB
99 KB 9ms
8ms Image
image/png 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4249366322893213535

Requested by

Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f92a7f464058c5ef066733315d1f2aa632c6a50dc5ea8f7ca18f9c51565b665b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 28 Apr 2020 11:23:46 GMT
x-content-type-options: nosniff
age: 613084
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101179
x-xss-protection: 0
last-modified: Mon, 27 Apr 2020 12:09:04 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Apr 2021 11:23:46 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3BF3 0
0 29ms
28ms Image
text/html 216.58.210.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyF9lHW2xXrCUGIuLmLAP29qpwAWm6Z7mXI699I6oC-eIhcqVDhABII6c2Glg9ZXOgeAEoAGyhq70AsgBAuACAKgDAcgDCKoEnAJP0PJTphLIPx3d4e5YPgkPi4vVwoVcTQcASVOeBoDPyCZKNkENaYyoPQzaQk4bPoFfDbAK9x4U2X9EPgYfZfrrWdAA-vfiE7Iqc0U3Ih8R5PvVMCisyswjsqWjJA_R9EVSHxXcz6pvY3KNDZd0oplXC5ZG3ZFoEjIscP76amcGlXOz4jyNo3OYmTMZhPHhh7HeoDBfNlHXNfJd9WflBAqbqSEoNM32HrDdSKDTVM8J7coCUyZ5k7wDQpSyOvqGf_fVQnJItevgPatMirEXWUh9HPdGnt1qPqotjQx_0ssDWu0bJDmRcmbFU1grmq0n0Ie0eZskEJSg8KLt1gI_Dd-3ge4A-XFHGxnWQvpEeG7kQgOACHUo9qPhxm60OsAEu-fzrfgC4AQBkgUECAQYAZIFBAgFGASgBgKAB6-pgZkBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEPmYAtIIBwiAYRABGB2ACgPICwHYEww&sigh=8w-ayLZRhSY&tpd=AGWhJmskgPeNdKlI_JASq9vIY0Z5OIveQ4m2-uvmxxIrY65BIA
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s07-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://healythbilling.gq/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3BF3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

38ms
38ms

Image
text/html

2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: healythbilling.gq
URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 May 2020 13:41:50 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: t.qds.ninja
URL: https://t.qds.ninja/t/482

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 02:49:18	Name: IDE Value: AHWqTUnK2xlDRj1zpobzXtEKCtdnV206mE4hIzKjks_XZLw_JoOLdhguj_1oF73N
healythbilling.gq/	1970-01-20 20:20:30	Name: Exitbee_visit_id Value:
healythbilling.gq/	1970-01-20 20:20:30	Name: Exitbee_vid Value: 69aa047c-7644-46ea-a5be-5a1367a719d9
.agkn.com/	1970-01-19 18:03:42	Name: ab Value: 0001%3AHf1ouSmxummoMJrlRp9MQx%2F0GhX0zCsE4Loljjv9Sp2fwpCRDuB0EQ%3D%3D
.healythbilling.gq/	1970-01-20 02:49:18	Name: __gads Value: ID=460d479e394f588a:T=1588686108:S=ALNI_MZxHb0wuKYPMmfAe3DLYi5y6ioltw

23 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	info	URL: https://www.vidads.gr/scripts/va_content.vast.js(Line 48) Message: VidAds [object Object]
console-api	info	URL: https://www.vidads.gr/scripts/va_content.vast.js(Line 48) Message: VidAds loading: https://www.vidads.gr/get/video/vast3/636?inread=1&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto
console-api	info	URL: https://www.vidads.gr/scripts/va_content.vast.js(Line 48) Message: VidAds Getting: https://www.vidads.gr/get/video/vast3/636?inread=1&url=https%3A%2F%2Fhealythbilling.gq%2Fblank.php%3Fsident%3Dbotf50ce94d52cc692850490a4875bc66ea%26transferType%3Dto
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	log	URL: https://widget.yallarec.com/_yalla_loader.js(Line 1) Message: ERROR
console-api	log	URL: https://widget.yallarec.com/_yalla_loader.js(Line 1) Message: TypeError: this.jq(...)[0].getBoundingClientRect is not a function
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	log	URL: https://static.criteo.net/js/ld/publishertag.js(Line 1) Message: %cPubTag color: #fff; background: #ff8f1c; display: inline-block; padding: 1px 4px; border-radius: 3px; ERROR: Error onError: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	info	URL: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2003262059300 https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	log	URL: https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to(Line 78) Message: [object Object]
console-api	info	URL: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2003262059300 https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042703.js(Line 6) Message: getName on googletag.Slot is deprecated and will be removed. Use getAdUnitPath instead.
console-api	info	URL: https://cdn.ampproject.org/rtv/012003262059300/amp4ads-v0.js(Line 407) Message: Powered by AMP ⚡ HTML – Version 2003262059300 https://healythbilling.gq/blank.php?sident=botf50ce94d52cc692850490a4875bc66ea&transferType=to

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.de
ajax.googleapis.com
api.yallarec.com
app.exitbee.com
bidder.criteo.com
cdn.ampproject.org
cdn.exitbee.com
cdn.onesignal.com
cdnjs.cloudflare.com
connect.facebook.net
d.agkn.com
files.missbloom.gr
fonts.googleapis.com
googleads.g.doubleclick.net
healythbilling.gq
imasdk.googleapis.com
img9-api.yallarec.com
js.agkn.com
logws1312.ati-host.net
media.bttry.net
pagead2.googlesyndication.com
platform.instagram.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.criteo.net
t.qds.ninja
tag.aticdn.net
tpc.googlesyndication.com
widget.yallarec.com
www.capital.gr
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.instagram.com
www.missbloom.gr
www.vidads.gr
pagead2.googlesyndication.com
t.qds.ninja
104.111.224.123
172.217.16.194
178.250.0.165
2.20.143.91
216.58.210.2
2600:9000:2070:9c00:15:efbc:e300:93a1
2600:9000:2093:6e00:19:fc2c:a140:93a1
2606:4700:3031::681b:b5ef
2606:4700::6810:85e5
2606:4700::6812:e234
2a00:1450:4001:800::200a
2a00:1450:4001:801::2008
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:808::2001
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:814::200a
2a00:1450:4001:815::2004
2a00:1450:4001:817::200a
2a00:1450:4001:81e::2001
2a00:1450:4001:821::2002
2a01:4f8:110:5005::2
2a02:2638:1::3
2a02:26f0:10c:382::3b8c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:2880:f22d:c4:face:b00c:0:43fe
2a03:2880:f22d:e5:face:b00c:0:4420
34.98.97.158
35.201.89.39
35.240.50.85
95.100.138.62
95.142.20.17
01793dfe25a8daa227696e0d8630591f4b774fcac7f257eba7296f081cb4dbaa
02a2a582f91034dcd86daa5f1aabdafdf74df4e316988d9f802251a38e675943
05a0114a707e2c9a3e39211eea7befe543363802db6cca43191b8fa51d8f6cd5
067a3ecb54e06ee1453c9e242e85dfa5036246da2f077ef8096fdd771ffb3d41
094bc19acb70d2e96d17823738c19a17f38a555c1b293558c3efef8570f4c81d
0ae5e1fde1f00b885a6f0f95e666fb9023d06aaaaeb8b4a37724a8ec1609ac24
0dce747ceddc5f5730f9ed252d75750076e0d17d5ce87ca3e1852ebc1fb91e7a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
116890c2f62f32153ab0f046b698c6204086c35a9678a3d3ba219e681f517fdf
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127f0e63cfe81a8cfe83a77408f6e1de24decee3f28a36a53f253808f323288c
12d9efddd5f2ca42e49a74cbeb5eda09347b121d13a113853caf3ba11ef03666
16a6972372c975d647148472baa8531899c6d7f5971a928b99e120fc1ebf7853
186466980a2394e09d866c4b8210699f9ce8e5029dc856e6ed28cafcfb3d8f8c
1e432288e1cd200e8288626b30f941b2d5ab2f448b8a038525e39e1762599c7d
2370fa1c4ce822f1701b0b79f3549bc3e1624299deda76b83204bb5d98a63520
295b6ed1a0b03c369592514d0fd383f35fe40fa783a627b4ddbef7c2f3db4aae
2efcf935675ce9cc86f3238c1c7aea095fe1d81bba9cc376c5683d55dc3e8db3
2f1cd85f3c850fbd76f4711e721888a7fa580fe3f97fdf663c9518ea269f3d55
307edec4d6dcd391354b72bb79930ba9644a7f7be0ade6bbd00d4b52c6228557
3174003a7f82a954d93d77cb0164bbfce6139b9640bb2276337d8f1d6c599eda
32d2cc697180b5c80c5b052230fb0143fcfd9bb27b785e113bc9b24a361cb033
354d4c7d0db4d65289bdf9d1ba2cda998bfbf9666b43857362342081ff73e073
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3681c54b41bbaba74dde376a6db966614cc49c08676c2dc86e852f655a8ead26
3b5d99382b23e66b4b75184be0f84fa51959b85d0db9785ee2a7e5a0b3e837e7
3c4430a40963aebf64baaad3ac8e744f44e9037459a9edf8c0d6640c3384d127
3cfc447d79c686a9b41b459120048fa119834909e9a10f6b34bf4e98bf73cde3
3f86fbdb246ed4aae95c0629673b34970ec295017aa2c4f3fde9b047f1008af3
42063271076329b5ad69b9a7d2e801e18c20d6e1e03f0ffc3d61658e1cea51d8
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4606591fcbef0e7159e97787733085f29ed9778f16ed753eb16807b3e37450a9
47381c2cbca536ce500a5aa512988b3a79ffbbe963d9b3f5c1071e1f01782224
48c61978230bb64a1472f73bcf4c2fad396fbf7f8e3dc5aae7fe770c99e5858a
48ff8729b9b774bbe136d0bec514675c79b6c8a934f718858121b6bf19362709
4ae5b5b9ae3cb4fd88d808ad63ae5fa5b0d70ca52d61fff03c79e5770d9d244e
4b46551fc304afbde9c6b0107d6ea79163b7e6ef976866f984a1d58245a58ef3
4c74bec793cc176f171cbb519ab9927380038f7069aacaa914d97a4b1036c966
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4d30ac22ab046870c2859ae90b8598967936e693bf0773ef5e41dae33a04f0a5
4e080628a1c31ba2e5f9505d6bab37ffdc2e5358436c8aba1b30d094a7ad86f1
4e4e025f1fd085e74bbb81c14a62aa98fd9a2df26707104c6690a7e23f284983
514f559d90a1369f5d8ed3a5de1849954a2a8a34863c3fb929433e46322abaf4
5168e48216251029553064406956580b6c1b3c74236e33b244e6c41eef530a29
52c07caa85c656431de4df000c7f4a1ff19cbf0a281f4356a0a52e9559553e56
546c5cf136073615afda5cab173feff341171a26a848cf7ce09bb8bd8b07ce89
555d5d3bcf88de2650acc3de969c2453da3c9c53fdd7491c23bb3bd09e12a129
55e692708e28268536c64334fabe3187bf601dbe3591dc8257c73da849b3fbbe
566a0f11a235dd20f6e4ad0af08e1f81cb6a901c8788095ccde3a07f5553499d
57522635ee152ac3c2dc8c2809165a3c028dde92fbeca59602015b849a4e31ea
58139fbd6ec21f72c99cd6e8382b144907d64b7cdab6c893118015694a41846f
5d9a130a4a934e2208016c166f83770b83b4e64e488689633acaa1518f78963c
5f07554fd87b2de2d7f413aad15a903fb3fe8e0b6993b0cac1beef9ed05d7580
60bea2223eda9fc733bf398d8939321f65f32e127503b6deae6782627b2df3b3
65fd8bfe746caf4582271bd06f99a22ef245b382df7753f5b63400811a0308f2
6aaefb9cb755b94b408eda0f9830ddb35180a57441b68121828cb9640722af29
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6baa40ac5f79820ef2036e03517328db07f5dea669e6632d38171dd8d07f224d
6db43921deeeb1f6361287b5dd649f2f3257159273baf212a1c296f1b9976c80
6f98e4ba8fced7ee8b536130f17ce3c905d3d7504f5455e1ce972e46ec8a4465
71bc645c0ef027553895571ae650f8975eb98a95229de17853287348b8d03c43
74a7d250bfc7e511014346ae86723868dfe3ca6c28f88361990fe536b20ae8e8
757356e3395a14678ad98d34ab39325de29d79752e66ae1748d0015cfd5d007e
7853f30b8d97f4ea1936818b0b01f1757e46fe3f99571a572582d4eec53e6875
7d1bb893ef8448d590932677b7c214b5c1040dc30986c63c8a376173e95de17d
7d2de8b980f51c0a47e21204241ebac96125e8b086f082e3a5e66cc229c3c25b
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80a2dca83596dbc451b434ea792e71e8446079c054cfcc931cd11110c8d514c2
8743a00e65413be8e8b839177fa83e52d5f7acaa800cec227db0a5c97df63f68
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
888d8f4b27575bdda9a4063fefeb83433c8ccb92954b02fc7626c839a1f64e78
88a6c0de42002ab0f042b863e02e360efc4dbf8393e2a8d48b5e1e895defc7b5
892316701618fbba42284d0b2ee3a17de27665b90ee546d056ab488488880ce7
9787bba49c28fdf31c7c4d791e1ab0153855f7a3db826a7a741dadca6c6f889b
98c3feec591853344152b320038dd586fd8c1f5f267eb4300b91b6b1fd304835
9ae5e0bf4d0fbbd95f2a36c3c3c5c7ec6655984790809ba9def44cf5eaeb021d
9d1669b8e04aabf7547e96dfe1f693dacb413ee8a22570ba5bb6af9b79c749e0
9d8ebb8a1c4946dd02276f9f525da75fe9e7ab403e31ce416faea351adb5a180
9def588411f9cff8d4d7c86b8ce63f388b6c7aa1a967e603885255954508c12e
9f29c510c4b21638d69fb6e6513fcb03ded2d50e2347644ddb214fd760a9372c
a2deddad8c3b18a05e32ffdbb3e57004f820bf30d3ba341cd529b9156db47f41
a3c5433c5237bdee8916f690027627601478436a7b74a076a4e1139ed4b6385f
a4272c8c7662c261bcc8e0b264aae83a7797aeb4bf4daf17780872c07f7d9601
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a4d25e4d66645c9b5d7e18974f2780d7b437aa53a141481da013397367219edb
a58db5adf9958450ff7368808e322df972146f6c86546e471b0608af84e93bb3
a67a515b86c5e3287772536739ef3db00abecf9e64890050aeef45476f2e46d9
a67d26e058f6f092f10c14e8f42fd2dc8959b22ea43fd98f781eb45e1a84e482
ab1532a1201e757c85412e7aefb286882de3ec69720a2b9aa373bbc78094977f
abe6af6a23f989b0623689a5d2a8df531c4f84c1e9785db0bad82155e9ef7f92
aec4431a4a7b2bf1d6dfd6d317cd6c71e4406ebad989a08c934fcad420bbba6a
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b060d6de3d04a1bba9c296bcf276c22f5c7c11c2b518eec8d4b5de27621adcc9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4ba5ff51f87dd39efdc4d0d0b1e2f4ab506b5e8581873857fb31369f48a02c4
ba564a775f9962591e29f794d906d4a50886420c4b7142f8f49be0abbb690547
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb65203588b9e02f2351e851e143944e2a17444dd4bb4b8511b971ee7ed4a3c1
bc48dbec66494a02480c2c01ad92297a5eac84a6a1ca5b3ed57e10b118d54540
c2277998eda0b623970599925bfe2360cee97cf17b4449b67866171b139272bf
c2b34ef4300ee8fe663b0cd371dc99fd579ee20adcf22ccc395f926baebedfb4
c48a1f2ab3c9eb6bcc05f52651ab520fa44beb2814691436f0880832f082aa5e
cad05fbd50ad73ef6ffadb4d21b9469ccd36187a84e754adc8813d076496c712
cf0eac8ca56caaadf4fc1e4ec8081f0ba14c59d22bf12f766d59845078950e86
d2faea3478c0a11376f9799ca143967ef61452cb055391e41a609e79a2f3819f
d508acdc40a5bfdd517a71504b0f0f984fb0095a2f98897a2cc8d559ef0ae956
d5589c48740a96d3909b148c602e8117ffb724a0cee0bb681254a321adcc9757
d6561694d19e515bb3b8e05d64108927bda3bb4fdeb2c24550a57c833a7dce7e
d7753e4328060a3206f267948df18ef6877dbae61fe766e2dd2540d9e3ddeff5
da8c4bacc841dac6fd247e95d34e81f9896c52f1c9560e1dc300b628c37330d1
dc82de33871a9ed40a5379ed264dd0456d9bf58839286b913231648f527bc72b
dd43fb8026b5bfd2818af5faaea893f008dc56555377296264611f94534c0dec
df448b37d4f4fc63ae8c811e9d1b5f8a67beda4e2fc42db721e2ebe40ca9e108
e1201286aed7296c9e415d05041eee9386f4440ba185306e5a33d28eb3f17fb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d85794f31dba2e3885485bd6974d367e41256b318571c67746ac1ebd26532e
e54c065e5c0434144f63c35da8668f35dba4ec6523c0763fd02502b8b488af77
e6573544af0ca7938a3b28df75fd89e208013c8247aea60c1e4a5e385a9162d8
e6f21333a98ec17a2f347823b208713debf4f246e76667479f95fc91c51986e5
e82140e00682d9813ca35e051bd9c4bd835e6ef45e737d992c6200fcb2d1d062
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ea971e5cb5a3987e3d2ece4a6309f14292e9ebbe10995cba45e8f26a4c78c280
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ebaffa61ea537fdb59f1889b9a23caaf04b54b7fe2315076cf276d56b3810211
ed94f3d7ab703c830897b6aeacf0552c17022418a27bf8a75e4a7e79f4d53337
ee39460d134b8358b01e6f8d5dc3451724f80891d9e0f89a1d3eebb31c498f36
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef91066bb0a34a74a253a18b14052a593810c02de41070203dca4c88a5274b38
f70ad153801756c3955f63469a9bc8a3a7112e1fca7156bf72448b77d8155246
f730b125dba2c70150b5081864d1f2b1fcb82ee2b957e82b09ca88a4d49fe235
f92a7f464058c5ef066733315d1f2aa632c6a50dc5ea8f7ca18f9c51565b665b
f98230fa1a47181b2cee5b6e6395e6d3365a7e1b434b4b23115d4811199a441e
fd4a9a59038ee47b48dedd0c2c9e85e9f00b8f371777f17446c8a56d3b20d6e1
ffcaad26f785705e31cd58c35df664956b1689d46498a2751d60ed70e7729a5d
ffd0ec7f4d038be2d4664315932543be5c420b4d29ed23300d6966474c29363c

healythbilling.gq Open in urlscan Pro 2606:4700:3031::681b:b5ef Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

183 Requests

99 %HTTPS

71 %IPv6

27 Domains

39 Subdomains

34 IPs

7 Countries

2833 kBTransfer

8304 kBSize

5 Cookies

5 Outgoing links

Redirected requests

183 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

healythbilling.gq Open in urlscan Pro
2606:4700:3031::681b:b5ef Public Scan

Screenshot
Live screenshot

Full Image

183
Requests

99 %
HTTPS

71 %
IPv6

27
Domains

39
Subdomains

34
IPs

7
Countries

2833 kB
Transfer

8304 kB
Size

5
Cookies

183 HTTP transactions
4 data transactions