Submitted URL: http://hec.su/FoYJk
Effective URL: https://hec.su/FoYJk
Submission: On January 09 via manual from LV

Summary

This website contacted 15 IPs in 5 countries across 14 domains to perform 44 HTTP transactions. The main IP is 2606:4700:30::681c:213, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is hec.su.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on December 30th 2019. Valid for: 6 months.
This is the only time hec.su was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 13 2606:4700:30:... 13335 (CLOUDFLAR...)
3 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 23.111.9.35 33438 (HIGHWINDS2)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
4 2a00:1450:400... 15169 (GOOGLE)
4 151.101.112.157 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 5 2a02:6b8::1:119 13238 (YANDEX)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 104.244.42.8 13414 (TWITTER)
2 2606:4700::68... 13335 (CLOUDFLAR...)
44 15
Domain Requested by
13 hec.su 1 redirects hec.su
pagead2.googlesyndication.com
5 mc.yandex.ru 1 redirects hec.su
4 platform.twitter.com hec.su
platform.twitter.com
4 apis.google.com hec.su
apis.google.com
3 stackpath.bootstrapcdn.com hec.su
2 cdnjs.cloudflare.com hec.su
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 connect.facebook.net hec.su
connect.facebook.net
2 pagead2.googlesyndication.com hec.su
pagead2.googlesyndication.com
1 syndication.twitter.com hec.su
1 www.facebook.com connect.facebook.net
1 accounts.google.com apis.google.com
1 staticxx.facebook.com connect.facebook.net
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 code.jquery.com hec.su
1 use.fontawesome.com hec.su
44 18

This site contains no links.

Subject Issuer Validity Valid
sni202503.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-12-30 -
2020-07-07
6 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-09-14 -
2020-10-13
a year crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA
2019-10-28 -
2020-12-23
a year crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-12-06 -
2020-03-05
3 months crt.sh
*.apis.google.com
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months crt.sh
platform.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-28 -
2020-09-01
a year crt.sh
*.google.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
accounts.google.com
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months crt.sh
mc.yandex.ru
Yandex CA
2019-09-23 -
2020-09-22
a year crt.sh
syndication.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh

This page contains 9 frames:

Primary Page: https://hec.su/FoYJk
Frame ID: D1B4AADEF454BF6573EB20BC1D664252
Requests: 36 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200107/r20190131/zrt_lookup.html
Frame ID: 05306907A21322B7BD56D74A486174AD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5337105091177727&output=html&adk=1812271804&adf=3025194257&lmt=1578557009&plat=0%3A32%2C1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhec.su%2FFoYJk&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1578557009820&bpp=17&bdt=89&fdt=56&idt=56&shv=r20200107&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=5891195322913&frm=20&pv=2&ga_vid=1697379928.1578557010&ga_sid=1578557010&ga_hid=742415917&ga_fc=0&iag=0&icsg=8399375&dssz=19&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065126&oid=3&pvsid=507043218696234&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=68
Frame ID: C2E1370D3F0E29DE42B6DA4C2076656A
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=https%3A%2F%2Fhec.su&url=https%3A%2F%2Fhec.su%2FFoYJk&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
Frame ID: D5437BC7077D8EC9028FC0F15C15CB6C
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
Frame ID: 99AC7310DDF9EB526C64B3AF6DE82497
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhec.su&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
Frame ID: BAFD27784DB3611F833634081B0A8161
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.69e02060c7c44baddf1b5629549acc0c.html?origin=https%3A%2F%2Fhec.su
Frame ID: D5BCB9A9A8D10DF99462D4A2CB5E9CF0
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df2110b38c166dd8%26domain%3Dhec.su%26origin%3Dhttps%253A%252F%252Fhec.su%252Ffb4472bfe09588%26relation%3Dparent.parent&container_width=1585&href=https%3A%2F%2Fhec.su%2FFoYJk&layout=standard&locale=en_US&sdk=joey&send=false&show_faces=false&width=20
Frame ID: 65621357CB77F4859FA12590CC656B27
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.69e02060c7c44baddf1b5629549acc0c.en.html
Frame ID: AD7B2BB40B105C89BF388F941DB33C7B
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://hec.su/FoYJk HTTP 301
    https://hec.su/FoYJk Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
  • html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

44
Requests

100 %
HTTPS

80 %
IPv6

14
Domains

18
Subdomains

15
IPs

5
Countries

641 kB
Transfer

1924 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hec.su/FoYJk HTTP 301
    https://hec.su/FoYJk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://mc.yandex.ru/watch/50938253?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565 HTTP 302
  • https://mc.yandex.ru/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request FoYJk
hec.su/
Redirect Chain
  • http://hec.su/FoYJk
  • https://hec.su/FoYJk
11 KB
4 KB
Document
General
Full URL
https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
77d15aaabc5eb67697cb521b815795c87834d515fff397f0b4e542179bcef07c

Request headers

:method
GET
:authority
hec.su
:scheme
https
:path
/FoYJk
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
404
date
Thu, 09 Jan 2020 08:03:29 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d74a94c5bde59254934b29f83d4654cfb1578557009; expires=Sat, 08-Feb-20 08:03:29 GMT; path=/; domain=.hec.su; HttpOnly; SameSite=Lax
x-powered-by
PHP/5.6.40
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5524e51c6ddc7311-AMS
content-encoding
br

Redirect headers

Date
Thu, 09 Jan 2020 08:03:29 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Thu, 09 Jan 2020 09:03:29 GMT
Location
https://hec.su/FoYJk
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
5524e51c1ffcc863-AMS
frontend.css
hec.su/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://hec.su/css/frontend.css
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
303bc3b9cff9cdcaa1e9f7b93d5c6d6e6591ad3670e94f6ed791353b6d786292
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 05 Feb 2019 22:02:08 GMT
server
cloudflare
age
3388847
etag
W/"5c5a07e0-135b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8aa7311-AMS
expires
Mon, 30 Nov 2020 02:42:42 GMT
preview.css
hec.su/css/
5 KB
1 KB
Stylesheet
General
Full URL
https://hec.su/css/preview.css
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a6018a8918e88360ca025674adc87e8857805d52c5cdfb6fdbd31ea29375f72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 21 Feb 2019 23:13:52 GMT
server
cloudflare
age
4267145
etag
W/"5c6f30b0-138b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8ab7311-AMS
expires
Thu, 19 Nov 2020 22:44:24 GMT
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/
138 KB
21 KB
Stylesheet
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:34:11 GMT
access-control-allow-origin
*
etag
"1544639651"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
21050
all.css
use.fontawesome.com/releases/v5.6.1/css/
52 KB
13 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.6.1/css/all.css
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
453893f7daa3d8fe9716f8c6d0f36f8ade8cacfc0093e164f4f998b46427959e

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 17:44:03 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"b8085bf2c839791244bd95f56fb93c01"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
font-awesome.min.css
hec.su/css/font-awesome/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://hec.su/css/font-awesome/css/font-awesome.min.css
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 03 Dec 2016 11:54:22 GMT
server
cloudflare
age
4267145
etag
W/"5842b26e-7917"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8ac7311-AMS
expires
Thu, 19 Nov 2020 22:44:24 GMT
jquery-3.3.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 08:03:29 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Jan 2018 17:26:44 GMT
Server
nginx
ETag
W/"5a637bd4-1538f"
Vary
Accept-Encoding
X-HW
1578557009.dop150.fr8.shc,1578557009.dop150.fr8.t,1578557009.cds057.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30288
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
105 KB
37 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
58f0acb63d50169bec5170a061538d9e2dce98d09107f4e4779f8abff8decf54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
37891
x-xss-protection
0
server
cafe
etag
17140008275965927278
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 09 Jan 2020 08:03:29 GMT
email-decode.min.js
hec.su/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
845 B
Script
General
Full URL
https://hec.su/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
last-modified
Mon, 06 Jan 2020 12:54:57 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5e132e21-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
5524e51ee8ad7311-AMS
expires
Sat, 11 Jan 2020 08:03:29 GMT
bootstrap.bundle.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.0/js/
75 KB
21 KB
Script
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/js/bootstrap.bundle.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
6fa7d0b020b7b8aade5c1ac740c4d1d118ec096da28496f721170f20ff09e573

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
last-modified
Mon, 11 Feb 2019 19:24:20 GMT
access-control-allow-origin
*
etag
"1549913060"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
21539
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.0/js/
55 KB
14 KB
Script
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/js/bootstrap.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
0b86e93ae07e8c3ee975204e6dbd53cbbce457b8f5e9c2397c4312285d488991

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
last-modified
Mon, 11 Feb 2019 19:24:20 GMT
access-control-allow-origin
*
etag
"1549913060"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
14651
jpages.min.js
hec.su/js/
13 KB
3 KB
Script
General
Full URL
https://hec.su/js/jpages.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
176fe0e7f3d933199d251bcdb13f1345f249ddda04b317bec8ab9fc8759b7a2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 01 Jan 2019 04:54:05 GMT
server
cloudflare
age
3388844
etag
W/"5c2af26d-334a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8ae7311-AMS
expires
Mon, 30 Nov 2020 02:42:45 GMT
frontend.js
hec.su/js/
5 KB
1 KB
Script
General
Full URL
https://hec.su/js/frontend.js?v=0.4
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
14789edf3ce9b650738e7e6558bb7985ae0fe04da902cacaeb7530e5f160d314
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 13 Jan 2017 16:11:20 GMT
server
cloudflare
etag
W/"5878fc28-1227"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8af7311-AMS
expires
Fri, 08 Jan 2021 08:03:30 GMT
ZeroClipboard.js
hec.su/js/
9 KB
3 KB
Script
General
Full URL
https://hec.su/js/ZeroClipboard.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2be8471ac5d96d2f609e4d261d4297a29338d835fb9b10863806922251010a44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 13 Jun 2014 16:31:50 GMT
server
cloudflare
etag
W/"539b2776-2425"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8b07311-AMS
expires
Fri, 08 Jan 2021 08:03:30 GMT
share42.js
hec.su/js/
4 KB
1 KB
Script
General
Full URL
https://hec.su/js/share42.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e1e487ebde9691f87fd12983b946bc3bedfc67d158e38a60cf77ffb8b42503d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 07 Jan 2015 01:54:16 GMT
server
cloudflare
etag
W/"54ac91c8-edf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8b27311-AMS
expires
Fri, 08 Jan 2021 08:03:30 GMT
cookieconsent.latest.min.js
hec.su/js/
4 KB
2 KB
Script
General
Full URL
https://hec.su/js/cookieconsent.latest.min.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
79a88f23345d783efbdf883d1a64d8b1e74367ab82ebef82484b84e74374fc32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 11 Jan 2016 09:04:22 GMT
server
cloudflare
age
4267144
etag
W/"56937016-11a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
strict-transport-security
max-age=31536000;
cf-ray
5524e51ee8b37311-AMS
expires
Thu, 19 Nov 2020 22:44:25 GMT
all.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
87fe1093644cb176836459eecc534303ca4c1b22021b7b7d97851c02420db51f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
i1pWHEPPL1SJnhCdJu6TMA==
status
200
date
Thu, 09 Jan 2020 08:03:29 GMT
expires
Thu, 09 Jan 2020 08:04:20 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1780
x-fb-debug
kQeSWixQGb+u9Ak59iVFw6GRKzeIFluOS5gebExUreln9ThBxcuqqQkyNtLJlonRLABf9fBgbMVt+7WsWbq8fQ==
x-fb-trip-id
1850256238
x-fb-content-md5
63f3f1a0104bd10259ce8c36c49a6435
etag
"d5fc37dd11cdfd61442a51c3766ed720"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
plusone.js
apis.google.com/js/
48 KB
19 KB
Script
General
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
34e4a008aa26ad9011af47bed8925ae36a4fadf41de60d9c47b6520660fdbda3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
script-src 'report-sample' 'nonce-EYKSZ6Phg05xuJY9g3OjRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
strict-transport-security
max-age=31536000
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"dd9a1b1b372a09cf0bd04119da1545cb"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
expires
Thu, 09 Jan 2020 08:03:29 GMT
widgets.js
platform.twitter.com/
95 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
ff6a67b5b4c91cf683b9168393ce7aa41d64326a40b928809cdf7e15d0b3c8b8

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
28837
x-served-by
cache-iad2149-IAD, cache-hhn4032-HHN
last-modified
Tue, 10 Dec 2019 23:46:10 GMT
etag
"a41dba1e30b9426e9a69c373d2c94042+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=hec.su
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=hec.su
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200107/r20190131/
228 KB
85 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200107/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
29b5180574e350e8e47f4d9feecddec5ac25d295f2793a6b89c0b86fa55882a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
87163
x-xss-protection
0
server
cafe
etag
10143892291796991330
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 09 Jan 2020 08:03:29 GMT
bg.png
hec.su/images/
2 KB
2 KB
Image
General
Full URL
https://hec.su/images/bg.png
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d611c68aa02e4cee400a1e6a34bb27628d53a5329a3b249ff6c022799071f535
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://hec.su/css/preview.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
cf-cache-status
HIT
age
106360
status
200
strict-transport-security
max-age=31536000;
content-length
1575
last-modified
Thu, 24 Jul 2014 12:20:42 GMT
server
cloudflare
etag
"53d0fa1a-627"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
5524e51f79767311-AMS
expires
Thu, 07 Jan 2021 02:30:49 GMT
fontawesome-webfont.woff2
hec.su/css/font-awesome/fonts/
75 KB
76 KB
Font
General
Full URL
https://hec.su/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681c:213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/css/font-awesome/css/font-awesome.min.css
Origin
https://hec.su

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
cf-cache-status
MISS
last-modified
Sat, 03 Dec 2016 11:54:20 GMT
server
cloudflare
etag
"12d68-542bfb7007300"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
200
cache-control
max-age=14400
strict-transport-security
max-age=31536000;
accept-ranges
bytes
cf-ray
5524e51f79777311-AMS
content-length
77160
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200107/r20190131/ Frame 0530
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200107/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200107/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Tue, 07 Jan 2020 16:14:48 GMT
expires
Tue, 21 Jan 2020 16:14:48 GMT
content-type
text/html; charset=UTF-8
etag
14586270735327668295
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6570
x-xss-protection
0
cache-control
public, max-age=1209600
age
143321
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
all.js
connect.facebook.net/en_US/
190 KB
57 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js?hash=db79c61a52076df8c62b4bcef81f764a&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
faa7946e68a38b3aabf7ff844942bf6e288c1dd6963a6b8ea839a976e411f1d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk
Origin
https://hec.su

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
EQ14IfHNtp+XACcTZQwD4g==
status
200
date
Thu, 09 Jan 2020 08:03:29 GMT
expires
Fri, 08 Jan 2021 06:27:43 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
57685
x-fb-debug
Hm5OVblW0Qh7B/RLwvMrwCJNiUUtMEheM3TFNPsbGyV4RgkXr1a/4GoixovlqcfX6tn5Gyn3+DBqqj2WfH3kdA==
x-fb-trip-id
1850256238
x-fb-content-md5
e05a893904c8a831a2c42afeef8288fa
etag
"e8142bb6cd762ca0702db6f745c97528"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
ads
googleads.g.doubleclick.net/pagead/ Frame C2E1
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5337105091177727&output=html&adk=1812271804&adf=3025194257&lmt=1578557009&plat=0%3A32%2C1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhec.su%2FFoYJk&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1578557009820&bpp=17&bdt=89&fdt=56&idt=56&shv=r20200107&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=5891195322913&frm=20&pv=2&ga_vid=1697379928.1578557010&ga_sid=1578557010&ga_hid=742415917&ga_fc=0&iag=0&icsg=8399375&dssz=19&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065126&oid=3&pvsid=507043218696234&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=68
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200107/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5337105091177727&output=html&adk=1812271804&adf=3025194257&lmt=1578557009&plat=0%3A32%2C1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhec.su%2FFoYJk&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1578557009820&bpp=17&bdt=89&fdt=56&idt=56&shv=r20200107&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=5891195322913&frm=20&pv=2&ga_vid=1697379928.1578557010&ga_sid=1578557010&ga_hid=742415917&ga_fc=0&iag=0&icsg=8399375&dssz=19&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065126&oid=3&pvsid=507043218696234&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=68
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 09 Jan 2020 08:03:29 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 09-Jan-2020 08:18:29 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Thu, 09 Jan 2020 08:03:29 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
76 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200107/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1951d0b9ba0620cf5e9d6f8f8b4b9ec5281991f574cb50f8a51bdd15d7772497
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1578504918648322"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28663
x-xss-protection
0
expires
Thu, 09 Jan 2020 08:03:29 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sMn3oj1Y3cA.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=gQc/rs=AGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw/
139 KB
49 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sMn3oj1Y3cA.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=gQc/rs=AGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a3e3bd0c6249aec8fcbfc491ab635c3287b76e3206daa0c21fe2d63947f6f2f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 07 Jan 2020 23:03:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 12 Dec 2019 23:42:29 GMT
server
sffe
age
118770
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
49922
x-xss-protection
0
expires
Wed, 06 Jan 2021 23:03:59 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sMn3oj1Y3cA.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=gQc/rs=AGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw/
96 KB
34 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sMn3oj1Y3cA.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=gQc/rs=AGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6bd3fdbc78ea8a94b643d3b2f1a25de74af71c64de7adbd5c96e128167a0614a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 07 Jan 2020 22:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 12 Dec 2019 23:42:29 GMT
server
sffe
age
119465
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
34371
x-xss-protection
0
expires
Wed, 06 Jan 2021 22:52:24 GMT
fastbutton
apis.google.com/se/0/_/+1/ Frame D543
0
0
Document
General
Full URL
https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=https%3A%2F%2Fhec.su&url=https%3A%2F%2Fhec.su%2FFoYJk&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
apis.google.com
:scheme
https
:path
/se/0/_/+1/fastbutton?usegapi=1&size=tall&origin=https%3A%2F%2Fhec.su&url=https%3A%2F%2Fhec.su%2FFoYJk&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
cookie
NID=195=F59Btifj1b7hFbp-kMYCd1eDrefJ4i8gj3ZcinsWqaxaVSlgrqvm2wTFl5JTFEy23ipVknh1ljw_Nb4eCfv9DOmvijnHnwpcqigZmcyWYvICX4BEaSHskCIB5eoM0m8sV_PWD79-oISjy0n3M5oy4yqIPBuBkQoLzI8o_E-NruM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
404
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 09 Jan 2020 08:03:29 GMT
content-security-policy-report-only
script-src 'report-sample' 'nonce-Ril/6C5ULcK7AdYIkP1cvg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
xd_arbiter.php
staticxx.facebook.com/connect/ Frame 99AC
0
0
Document
General
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=db79c61a52076df8c62b4bcef81f764a&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=45
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Thu, 07 Jan 2021 19:56:43 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
9RAYgVMEJNc2aTmQuwzrGy/K54wlq0N2Q8c8Tg16Y+za/JC1e+Dx/4AT4JCp+kd2ZypXEU+8t3ywZa7aOyMBrg==
content-length
12392
x-fb-trip-id
1850256238
date
Thu, 09 Jan 2020 08:03:29 GMT
alt-svc
h3-24=":443"; ma=3600
postmessageRelay
accounts.google.com/o/oauth2/ Frame BAFD
0
0
Document
General
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhec.su&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sMn3oj1Y3cA.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=gQc/rs=AGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-bQX0xhX/62w03SxhN9qO1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhec.su&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.sMn3oj1Y3cA.O%2Fam%3DgQc%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPqBV3I8WSHGVZdFwzpG63NJd9nNw%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
cookie
NID=195=F59Btifj1b7hFbp-kMYCd1eDrefJ4i8gj3ZcinsWqaxaVSlgrqvm2wTFl5JTFEy23ipVknh1ljw_Nb4eCfv9DOmvijnHnwpcqigZmcyWYvICX4BEaSHskCIB5eoM0m8sV_PWD79-oISjy0n3M5oy4yqIPBuBkQoLzI8o_E-NruM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 09 Jan 2020 08:03:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-bQX0xhX/62w03SxhN9qO1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
tag.js
mc.yandex.ru/metrika/
362 KB
92 KB
Script
General
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
aa85eae9b4c8325d2ce364c584a2938d4fefcc53924091cabccd29acf65bde9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 08:03:30 GMT
Content-Encoding
br
Last-Modified
Thu, 26 Dec 2019 10:39:25 GMT
Server
nginx/1.14.2
ETag
"5e048ddd-16ddd"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
93661
Expires
Thu, 09 Jan 2020 09:03:30 GMT
widget_iframe.69e02060c7c44baddf1b5629549acc0c.html
platform.twitter.com/widgets/ Frame D5BC
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.69e02060c7c44baddf1b5629549acc0c.html?origin=https%3A%2F%2Fhec.su
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
platform.twitter.com
:scheme
https
:path
/widgets/widget_iframe.69e02060c7c44baddf1b5629549acc0c.html?origin=https%3A%2F%2Fhec.su
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
last-modified
Tue, 10 Dec 2019 23:44:55 GMT
cache-control
public, max-age=315360000
content-type
text/html; charset=utf-8
etag
"4b563298f37eb3ef2a2f8897be83c714+gzip"
content-encoding
gzip
access-control-allow-methods
GET
access-control-allow-origin
*
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges
bytes
date
Thu, 09 Jan 2020 08:03:30 GMT
x-served-by
cache-iad2137-IAD, cache-hhn4032-HHN
x-cache
HIT, HIT
vary
Accept-Encoding
tw-cdn
FT
content-length
5825
like.php
www.facebook.com/plugins/ Frame 6562
0
0
Document
General
Full URL
https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df2110b38c166dd8%26domain%3Dhec.su%26origin%3Dhttps%253A%252F%252Fhec.su%252Ffb4472bfe09588%26relation%3Dparent.parent&container_width=1585&href=https%3A%2F%2Fhec.su%2FFoYJk&layout=standard&locale=en_US&sdk=joey&send=false&show_faces=false&width=20
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=db79c61a52076df8c62b4bcef81f764a&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df2110b38c166dd8%26domain%3Dhec.su%26origin%3Dhttps%253A%252F%252Fhec.su%252Ffb4472bfe09588%26relation%3Dparent.parent&container_width=1585&href=https%3A%2F%2Fhec.su%2FFoYJk&layout=standard&locale=en_US&sdk=joey&send=false&show_faces=false&width=20
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-type
text/html; charset="utf-8"
x-fb-debug
uGvLVAulpKSLLCrhrzV+eMIrS14Q/Y5D0b/WE+kKL7LshC9f9MBP528AX/M/ehfSKyMPb6xRcBb4FX/+O+LgoQ==
date
Thu, 09 Jan 2020 08:03:30 GMT
alt-svc
h3-24=":443"; ma=3600
button.550007e6cc79c00bac51111d8131d860.js
platform.twitter.com/js/
7 KB
2 KB
Script
General
Full URL
https://platform.twitter.com/js/button.550007e6cc79c00bac51111d8131d860.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
04f4ae45c416f3cae99c9092537f549e56653297e79cea04501e0ebed1e9bd1c

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
gzip
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
2294
x-served-by
cache-iad2145-IAD, cache-hhn4032-HHN
last-modified
Tue, 10 Dec 2019 23:44:46 GMT
etag
"0c1c703295ecdf55c72e3a108ce862e8+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=315360000
accept-ranges
bytes
tw-cdn
FT
tweet_button.69e02060c7c44baddf1b5629549acc0c.en.html
platform.twitter.com/widgets/ Frame AD7B
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.69e02060c7c44baddf1b5629549acc0c.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
platform.twitter.com
:scheme
https
:path
/widgets/tweet_button.69e02060c7c44baddf1b5629549acc0c.en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://hec.su/FoYJk
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://hec.su/FoYJk

Response headers

status
200
last-modified
Tue, 10 Dec 2019 23:44:52 GMT
cache-control
public, max-age=315360000
content-type
text/html; charset=utf-8
etag
"4dc6e55d00b534aa830efd2ddeb984e0+gzip"
content-encoding
gzip
access-control-allow-methods
GET
access-control-allow-origin
*
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges
bytes
date
Thu, 09 Jan 2020 08:03:30 GMT
x-served-by
cache-iad2150-IAD, cache-hhn4032-HHN
x-cache
HIT, HIT
vary
Accept-Encoding
tw-cdn
FT
content-length
12266
jot
syndication.twitter.com/i/
43 B
338 B
Image
General
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fhec.su%2FFoYJk%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1578557010639%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22cfadeaf%3A1576014006272%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
65
x-xss-protection
0
x-response-time
110
pragma
no-cache
last-modified
Thu, 09 Jan 2020 08:03:30 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
caa79046c5ef6bf9371dd80539e5da6c
x-transaction
006151da00868bbf
expires
Tue, 31 Mar 1981 05:00:00 GMT
1
mc.yandex.ru/watch/50938253/
Redirect Chain
  • https://mc.yandex.ru/watch/50938253?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%...
  • https://mc.yandex.ru/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A21661362610...
0
-1 B
XHR
General
Full URL
https://mc.yandex.ru/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 09 Jan 2020 08:03:30 GMT
Last-Modified
Thu, 09-Jan-2020 08:03:30 GMT
Server
nginx/1.14.2
Location
/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Origin
https://hec.su
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 09-Jan-2020 08:03:30 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 09 Jan 2020 08:03:30 GMT
Last-Modified
Thu, 09-Jan-2020 08:03:30 GMT
Server
nginx/1.14.2
Access-Control-Allow-Origin
https://hec.su
Strict-Transport-Security
max-age=31536000
Location
/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 09-Jan-2020 08:03:30 GMT
advert.gif
mc.yandex.ru/metrika/
43 B
445 B
Image
General
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 08:03:30 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Oct 2015 13:09:09 GMT
Server
nginx/1.14.2
ETag
"561bb0f5-3d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
61
Expires
Thu, 09 Jan 2020 09:03:30 GMT
1
mc.yandex.ru/watch/50938253/
152 B
694 B
XHR
General
Full URL
https://mc.yandex.ru/watch/50938253/1?wmode=7&page-url=https%3A%2F%2Fhec.su%2FFoYJk&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578557009259%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Az%3A60%3Ai%3A20200109090330%3Aet%3A1578557011%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A578358194%3Ahid%3A813697378%3Ads%3A0%2C36%2C385%2C1%2C48%2C0%2C0%2C689%2C11%2C%2C%2C%2C1162%3Afp%3A601%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578557011%3Au%3A1578557011653282565
Requested by
Host: hec.su
URL: https://hec.su/FoYJk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
c59237080b3965d1e78511de3787735695197ab73c18ed48c2e5f89d422625a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hec.su/FoYJk
Origin
https://hec.su
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 09 Jan 2020 08:03:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09-Jan-2020 08:03:30 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://hec.su
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
152
X-XSS-Protection
1; mode=block
Expires
Thu, 09-Jan-2020 08:03:30 GMT
light-floating.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/
3 KB
997 B
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/light-floating.css
Requested by
Host: hec.su
URL: https://hec.su/js/cookieconsent.latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2092ebd1f047497d83275b8d386fa1e6085a691004ed65c7810c332551393109
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://hec.su/FoYJk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
content-encoding
br
cf-cache-status
HIT
age
23190943
cf-ray
5524e525fba1c83f-AMS
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:18:32 GMT
server
cloudflare
etag
W/"5afd48e8-d10"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Tue, 29 Dec 2020 08:03:30 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.214
logo.png
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/
3 KB
3 KB
Image
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dae62151120e18b465ffc5c8e9e342ecc28a6efe1a0d71c9766d677a5ddc389
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/light-floating.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 08:03:30 GMT
cf-cache-status
HIT
age
23190952
cf-ray
5524e5262c28c83f-AMS
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
3083
last-modified
Thu, 17 May 2018 09:18:36 GMT
server
cloudflare
etag
"5afd48ec-c0b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Tue, 29 Dec 2020 08:03:30 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
served-in-seconds
0.035

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| adsbygoogle object| cookieconsent_options object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_t12n_vars object| bootstrap object| FB function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy boolean| google_osd_loaded boolean| google_onload_fired object| gapi object| ___jsl object| __twttrll object| twttr object| __twttr object| gadgets object| osapi object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ object| oauth2 function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb function| clearText object| ZeroClipboard function| fav boolean| hasCookieConsent function| ym object| Ya object| yaCounter50938253 function| update_cookieconsent_options

6 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.hec.su/ Name: _ym_isad
Value: 2
.hec.su/ Name: _ym_d
Value: 1578557011
.hec.su/ Name: _ym_uid
Value: 1578557011653282565
.google.com/ Name: NID
Value: 195=F59Btifj1b7hFbp-kMYCd1eDrefJ4i8gj3ZcinsWqaxaVSlgrqvm2wTFl5JTFEy23ipVknh1ljw_Nb4eCfv9DOmvijnHnwpcqigZmcyWYvICX4BEaSHskCIB5eoM0m8sV_PWD79-oISjy0n3M5oy4yqIPBuBkQoLzI8o_E-NruM
.hec.su/ Name: __cfduid
Value: d74a94c5bde59254934b29f83d4654cfb1578557009

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
apis.google.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
hec.su
mc.yandex.ru
pagead2.googlesyndication.com
platform.twitter.com
stackpath.bootstrapcdn.com
staticxx.facebook.com
syndication.twitter.com
use.fontawesome.com
www.facebook.com
www.googletagservices.com
104.244.42.8
151.101.112.157
2001:4de0:ac19::1:b:1a
2001:4de0:ac19::1:b:2a
23.111.9.35
2606:4700:30::681c:213
2606:4700::6811:4004
2a00:1450:4001:800::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::200d
2a00:1450:4001:817::2002
2a00:1450:4001:81f::200e
2a02:6b8::1:119
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04f4ae45c416f3cae99c9092537f549e56653297e79cea04501e0ebed1e9bd1c
0b86e93ae07e8c3ee975204e6dbd53cbbce457b8f5e9c2397c4312285d488991
14789edf3ce9b650738e7e6558bb7985ae0fe04da902cacaeb7530e5f160d314
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
176fe0e7f3d933199d251bcdb13f1345f249ddda04b317bec8ab9fc8759b7a2c
1951d0b9ba0620cf5e9d6f8f8b4b9ec5281991f574cb50f8a51bdd15d7772497
2092ebd1f047497d83275b8d386fa1e6085a691004ed65c7810c332551393109
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29b5180574e350e8e47f4d9feecddec5ac25d295f2793a6b89c0b86fa55882a2
2a6018a8918e88360ca025674adc87e8857805d52c5cdfb6fdbd31ea29375f72
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2be8471ac5d96d2f609e4d261d4297a29338d835fb9b10863806922251010a44
303bc3b9cff9cdcaa1e9f7b93d5c6d6e6591ad3670e94f6ed791353b6d786292
34e4a008aa26ad9011af47bed8925ae36a4fadf41de60d9c47b6520660fdbda3
453893f7daa3d8fe9716f8c6d0f36f8ade8cacfc0093e164f4f998b46427959e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58f0acb63d50169bec5170a061538d9e2dce98d09107f4e4779f8abff8decf54
6bd3fdbc78ea8a94b643d3b2f1a25de74af71c64de7adbd5c96e128167a0614a
6fa7d0b020b7b8aade5c1ac740c4d1d118ec096da28496f721170f20ff09e573
77d15aaabc5eb67697cb521b815795c87834d515fff397f0b4e542179bcef07c
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
79a88f23345d783efbdf883d1a64d8b1e74367ab82ebef82484b84e74374fc32
87fe1093644cb176836459eecc534303ca4c1b22021b7b7d97851c02420db51f
8e1e487ebde9691f87fd12983b946bc3bedfc67d158e38a60cf77ffb8b42503d
9dae62151120e18b465ffc5c8e9e342ecc28a6efe1a0d71c9766d677a5ddc389
a3e3bd0c6249aec8fcbfc491ab635c3287b76e3206daa0c21fe2d63947f6f2f0
aa85eae9b4c8325d2ce364c584a2938d4fefcc53924091cabccd29acf65bde9d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d
c59237080b3965d1e78511de3787735695197ab73c18ed48c2e5f89d422625a0
d611c68aa02e4cee400a1e6a34bb27628d53a5329a3b249ff6c022799071f535
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
faa7946e68a38b3aabf7ff844942bf6e288c1dd6963a6b8ea839a976e411f1d3
ff6a67b5b4c91cf683b9168393ce7aa41d64326a40b928809cdf7e15d0b3c8b8