pharmaweb.tk Open in urlscan Pro
198.245.55.60 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://pharmaweb.tk/user/parcelgiant57
Submission: On November 22 via manual (November 22nd 2022, 5:42:38 pm UTC) from GB — Scanned from NZ

Summary HTTP 67 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 15 domains to perform 67 HTTP transactions. The main IP is 198.245.55.60, located in Mississauga, Canada and belongs to OVH, FR. The main domain is pharmaweb.tk.

This is the only time pharmaweb.tk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	198.245.55.60 198.245.55.60	16276 (OVH) (OVH)
8	142.251.10.155 142.251.10.155	15169 (GOOGLE) (GOOGLE)
1	142.250.4.97 142.250.4.97	15169 (GOOGLE) (GOOGLE)
1	104.238.220.179 104.238.220.179	23470 (RELIABLESITE) (RELIABLESITE)
1 9	23.52.112.115 23.52.112.115	16625 (AKAMAI-AS) (AKAMAI-AS)
12	104.22.24.131 104.22.24.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.12.157 142.251.12.157	15169 (GOOGLE) (GOOGLE)
2	172.217.194.100 172.217.194.100	15169 (GOOGLE) (GOOGLE)
1	142.250.4.154 142.250.4.154	15169 (GOOGLE) (GOOGLE)
1	74.125.24.155 74.125.24.155	15169 (GOOGLE) (GOOGLE)
1	104.65.229.158 104.65.229.158	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
3	142.250.4.132 142.250.4.132	15169 (GOOGLE) (GOOGLE)
15	172.67.38.66 172.67.38.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	74.125.24.104 74.125.24.104	15169 (GOOGLE) (GOOGLE)
1	104.16.89.20 104.16.89.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
67	17

7 198.245.55.60 (Mississauga, Canada)

ASN16276 (OVH, FR)
PTR: myvps.cloudns.cc

pharmaweb.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.10.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.238.220.179 (United States)

ASN23470 (RELIABLESITE, US)

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.52.112.115 (Singapore, Singapore) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-112-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.22.24.131 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

embed.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
va.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.157 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.194.100 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f100.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f154.1e100.net

adservice.google.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.24.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f155.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.65.229.158 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-65-229-158.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.84 (United States)

ASN54113 (FASTLY, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.4.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.67.38.66 (United States)

ASN13335 (CLOUDFLARENET, US)

va.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.24.104 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f104.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.89.20 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	tawk.to embed.tawk.to — Cisco Umbrella Rank: 8361 va.tawk.to — Cisco Umbrella Rank: 8097	222 KB
10	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 136	253 KB
8	addthis.com 1 redirects s7.addthis.com — Cisco Umbrella Rank: 1569 m.addthis.com — Cisco Umbrella Rank: 1549 api-public.addthis.com — Cisco Umbrella Rank: 4303	218 KB
7	pharmaweb.tk pharmaweb.tk	68 KB
2	pinterest.com widgets.pinterest.com — Cisco Umbrella Rank: 6752	470 B
2	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	20 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	5 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	39 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1764	869 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 406	1 KB
1	google.co.nz adservice.google.co.nz — Cisco Umbrella Rank: 150757	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	329 B
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 13047	238 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 53	43 KB
67	15

	Domain	Requested by
22	embed.tawk.to	pharmaweb.tk embed.tawk.to
7	pagead2.googlesyndication.com	pharmaweb.tk pagead2.googlesyndication.com tpc.googlesyndication.com
7	pharmaweb.tk	pharmaweb.tk
5	va.tawk.to	embed.tawk.to
4	s7.addthis.com	1 redirects pharmaweb.tk s7.addthis.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
3	api-public.addthis.com	s7.addthis.com
2	widgets.pinterest.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	cdn.jsdelivr.net	embed.tawk.to
1	www.google.com	tpc.googlesyndication.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.co.nz	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	i.ibb.co	pharmaweb.tk
1	www.googletagmanager.com	pharmaweb.tk
67	20

This site contains links to these domains. Also see Links.

Domain
foenixapparel.co.uk
www.addthis.com
www.facebook.com
twitter.com
www.pinterest.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
ibb.co R3	`2022-10-09` - `2023-01-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-28` - `2023-05-28`	a year	crt.sh
*.google.co.nz GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 11 frames:

Primary Page: http://pharmaweb.tk/user/parcelgiant57
Frame ID: 17223891B4C7FE45F8CE1595D23C9CC8
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: 68182BDC75BC6973C298C3835B7D29C4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8094964334471361&output=html&adk=1812271804&adf=3025194257&lmt=1669138950&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&ea=0&pra=5&wgl=1&dt=1669138948402&bpp=3&bdt=1280&idt=1890&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2089906597141&frm=20&pv=2&ga_vid=1445238142.1669138950&ga_sid=1669138950&ga_hid=2014114968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44773809%2C42531706%2C31070969%2C44770880&oid=2&pvsid=992429993153687&tmod=1982309779&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=1908
Frame ID: C24D286F2EA0AB893E7339411CC529D4
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 98D11A3A05855CDED62F69074C5802A7
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: B7CB9EFC0BCC981D5CA8B125D620CADF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 818FEB3A3D90026F0565A12D9E5C24AE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DE22E767B47BDDBE2F22DEA87758CFD0
Requests: 2 HTTP requests in this frame

Frame: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/bubble-widget.css
Frame ID: 374963726170E64C3A874CF16EDC4D96
Requests: 3 HTTP requests in this frame

Frame: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/min-widget.css
Frame ID: 21549FD64E95E851E09B92B1E7F39117
Requests: 1 HTTP requests in this frame

Frame: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/message-preview.css
Frame ID: 51F92CB6C2623E868A6567D1DB2D1C50
Requests: 1 HTTP requests in this frame

Frame: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/max-widget.css
Frame ID: 43E070D285EBA9CB9542519F850667F1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

User parcelgiant57 - Pharma WebFacebookTwitterPinterestWhatsAppAddThisFacebookTwitterPinterestWhatsAppAddThisFacebookTwitterPinterest

Detected technologies

Tawk.to (Live Chat) Expand

Overall confidence: 100%
Detected patterns

//embed\.tawk\.to

AddThis (Widgets) Expand

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

67
Requests

84 %
HTTPS

0 %
IPv6

15
Domains

20
Subdomains

17
IPs

4
Countries

1112 kB
Transfer

3131 kB
Size

21
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://foenixapparel.co.uk/collections/leather-bomber-jacket
Title: https://foenixapparel.co.uk/collections/leather-bomber-jacket

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

URL: http://www.facebook.com/pharmaweb.tk
Title: Follow on FacebookFacebook

Search URL Search Domain Scan URL

URL: http://twitter.com/WebPharma
Title: Follow on TwitterTwitter

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pharmaweb_tk
Title: Follow on PinterestPinterest

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://s7.addthis.com/js/300/addthis_widget.js HTTP 308
https://s7.addthis.com/js/300/addthis_widget.js

Request Chain 33

http://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0 HTTP 307
https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0

Request Chain 36

http://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0 HTTP 307
https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0

67 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request parcelgiant57 Show response
pharmaweb.tk/user/ 13 KB
4 KB 2283ms
433ms Document
text/html 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx / PHP/7.4.24
Resource Hash: 808dc499aba0b866dd2c36b5fa7b05fc9fcc27656a521c2fd5a6ab43b39276c7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

Accept-Ranges: bytes
Age: 0
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3593
Content-Type: text/html; charset=utf-8
Date: Tue, 22 Nov 2022 17:42:26 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Via: 1.1 varnish (Varnish/5.2)
X-Powered-By: PHP/7.4.24
X-Varnish: 1404605

GET
H/1.1 200
OK qa-styles.css
pharmaweb.tk/qa-theme/SnowFlat/ 67 KB
12 KB 446ms
446ms Stylesheet
text/css 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/qa-theme/SnowFlat/qa-styles.css?1.8.3
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: edda33676ab254335d58b7f49464b738950168bdbebb69cb7b3f06a3ab72a780

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/user/parcelgiant57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:27 GMT
Content-Encoding: gzip
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Sat, 07 Mar 2020 08:08:03 GMT
Server: nginx
Age: 0
ETag: W/"5e635663-10cfe"
Vary: Accept-Encoding
Content-Type: text/css
X-Varnish: 1404607
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11585
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 867ms
289ms Script
text/javascript 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

cafe /

Resource Hash

3ba04151f72a769257dd0388ce804c9358d39426d63ee1c4aa779cc6f991d323

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49050
x-xss-protection: 0
server: cafe
etag: 13091008260307277507
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 17:42:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 823ms
278ms Script
application/javascript 142.250.4.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-159338885-1

Requested by

Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

d40b201a6c2445c2c206a879f1d09844aca5098c8d247a5e8d180a320b21c567

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43629
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 22 Nov 2022 17:42:28 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 826ms
283ms Script
text/javascript 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8094964334471361

Requested by

Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

cafe /

Resource Hash

0f2c82f32d9e2487f2c66e6b7ff6e4382797cddfec72492097a6301a1ec00a02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49145
x-xss-protection: 0
server: cafe
etag: 2725560900725053314
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 17:42:28 GMT

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
pharmaweb.tk/qa-content/ 85 KB
30 KB 421ms
421ms Script
application/javascript 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/qa-content/jquery-3.3.1.min.js
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/user/parcelgiant57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:27 GMT
Content-Encoding: gzip
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Sun, 13 Jan 2019 01:22:42 GMT
Server: nginx
Age: 0
ETag: W/"5c3a92e2-15391"
Vary: Accept-Encoding
Content-Type: application/javascript
X-Varnish: 2035402
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30295
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK qa-global.js Show response
pharmaweb.tk/qa-content/ 20 KB
5 KB 892ms
482ms Script
application/javascript 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/qa-content/qa-global.js?1.8.3
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/user/parcelgiant57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:27 GMT
Content-Encoding: gzip
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Sun, 13 Jan 2019 01:22:42 GMT
Server: nginx
Age: 0
ETag: W/"5c3a92e2-5046"
Vary: Accept-Encoding
Content-Type: application/javascript
X-Varnish: 1404610
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5036
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK snow-core.js Show response
pharmaweb.tk/qa-theme/SnowFlat/js/ 2 KB
1 KB 889ms
479ms Script
application/javascript 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/qa-theme/SnowFlat/js/snow-core.js?1.8.3
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: 5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/user/parcelgiant57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:27 GMT
Content-Encoding: gzip
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Sun, 13 Jan 2019 01:22:42 GMT
Server: nginx
Age: 0
ETag: W/"5c3a92e2-94f"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
X-Varnish: 2035405
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Pharma-Web-Logo.jpg
i.ibb.co/FxLV5rH/ 238 KB
238 KB 2090ms
1532ms Image
image/jpeg 104.238.220.179
RELIABLESITE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/FxLV5rH/Pharma-Web-Logo.jpg
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.238.220.179 , United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software: nginx /
Resource Hash: 20ac97bf971f417042ff98382483052ddfd7398d776a14b41d9a300c2e62e1b9

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:29 GMT
last-modified: Mon, 06 Sep 2021 13:13:26 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 243506
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

addthis_widget.js Show response
s7.addthis.com/js/300/
Redirect Chain

http://s7.addthis.com/js/300/addthis_widget.js
https://s7.addthis.com/js/300/addthis_widget.js

353 KB
114 KB

1091ms
277ms

Script
application/javascript

23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57

Protocol

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Tue, 22 Nov 2022 17:42:30 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116325

Redirect headers

Date: Tue, 22 Nov 2022 17:42:28 GMT
Server: nginx/1.15.8
X-Distribution: 99
Content-Type: text/html
Location: https://s7.addthis.com/js/300/addthis_widget.js
X-Host: s7.addthis.com
Connection: keep-alive
Content-Length: 171

GET
H2 200 default Show response
embed.tawk.to/5e5f8241c32b5c1917397eb8/ 2 KB
938 B 1172ms
881ms Script
application/x-javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Requested by

Host: pharmaweb.tk
URL: http://pharmaweb.tk/user/parcelgiant57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9617a861b0440e778f3b965939ae026c458fc3cf1ee12a771a4316e7825c0a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:29 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
server: cloudflare
etag: W/"stable-v4-637bc8c18ac"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
cf-ray: 76e3763bec9ea7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK fontello.woff
pharmaweb.tk/qa-theme/SnowFlat/fonts/ 7 KB
7 KB 413ms
413ms Font
font/woff 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://pharmaweb.tk/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer: http://pharmaweb.tk/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:28 GMT
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Tue, 26 Jul 2016 01:01:58 GMT
Server: nginx
Age: 0
ETag: "5796b686-1c20"
Content-Type: font/woff
X-Varnish: 2035407
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7200
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 354 KB
117 KB 608ms
307ms Script
text/javascript 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

cafe /

Resource Hash

04d5cb4a5d092402cc0bc9b999c4cbfc01d1fd895bcfdfc36747668ab967a1c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119170
x-xss-protection: 0
server: cafe
etag: 6129976035604357148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Nov 2022 17:42:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame 6818 10 KB
5 KB 813ms
270ms Document
text/html 142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pharmaweb.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

age: 67540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 22:56:49 GMT
etag: 10353107486223812946
expires: Mon, 05 Dec 2022 22:56:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 813ms
270ms Script
text/javascript 172.217.194.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-159338885-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f100.1e100.net

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 22 Nov 2022 15:53:02 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6567
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 22 Nov 2022 17:53:02 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
203 B 572ms
271ms XHR
text/plain 172.217.194.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=2014114968&t=pageview&_s=1&dl=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&ul=en-us&de=UTF-8&dt=User%20parcelgiant57%20-%20Pharma%20Web&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1833984251&gjid=150468667&cid=1445238142.1669138950&tid=UA-159338885-1&_gid=1650717759.1669138950&_r=1&gtm=2oub90&z=1630971327

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f100.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 22 Nov 2022 17:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://pharmaweb.tk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
329 B 278ms
273ms Script
text/javascript 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=pharmaweb.tk&callback=_gfp_s_&client=ca-pub-8094964334471361&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

cafe /

Resource Hash

f0acda570695b9ce7be91074b6b833439a5e5415726153c11a4d10fd81aa9030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.nz/adsid/ 107 B
792 B 822ms
273ms Script
application/javascript 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.nz/adsid/integrator.js?domain=pharmaweb.tk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 815ms
272ms Script
application/javascript 74.125.24.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=pharmaweb.tk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C24D 603 B
218 B 588ms
286ms Document
text/html 142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8094964334471361&output=html&adk=1812271804&adf=3025194257&lmt=1669138950&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&ea=0&pra=5&wgl=1&dt=1669138948402&bpp=3&bdt=1280&idt=1890&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2089906597141&frm=20&pv=2&ga_vid=1445238142.1669138950&ga_sid=1669138950&ga_hid=2014114968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44773809%2C42531706%2C31070969%2C44770880&oid=2&pvsid=992429993153687&tmod=1982309779&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=1908

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pharmaweb.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 17:42:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 987ms
272ms Script
application/x-javascript 104.65.229.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.65.229.158 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-65-229-158.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:31 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 5AD39713B21A46CF
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=13866
accept-ranges: bytes
content-length: 948
x-amz-id-2: 83TQ3XtPijlnkbIcGJBL+Hbgyb16pUYOlntxPB1GCbtB59v3idLll23/CBbi2Xog/n1m3A9Gdnw=

GET
H/1.1 200
OK spinner-icon-14x14.gif
pharmaweb.tk/qa-theme/SnowFlat/images/ 8 KB
8 KB 422ms
422ms Image
image/gif 198.245.55.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pharmaweb.tk/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by: Host: pharmaweb.tk
URL: http://pharmaweb.tk/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: HTTP/1.1
Server: 198.245.55.60 Mississauga, Canada, ASN16276 (OVH, FR),
Reverse DNS: myvps.cloudns.cc
Software: nginx /
Resource Hash: 07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 22 Nov 2022 17:42:31 GMT
Via: 1.1 varnish (Varnish/5.2)
Last-Modified: Sun, 13 Jan 2019 01:15:16 GMT
Server: nginx
Age: 0
ETag: "5c3a9124-1e65"
Content-Type: image/gif
X-Varnish: 2035409
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7781
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5e60266da35b2669/ 2 KB
869 B 617ms
605ms Script
application/javascript 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5e60266da35b2669/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-112-115.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 524c04e9fbf6224e1b7ab18d7ebe7053c335d9b31277a256115ac9f306c22546

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:31 GMT
content-encoding: gzip
etag: 1909425782--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 693

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 101 B
922 B 907ms
532ms Script
application/javascript 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=637d0a06244df7f1&bkl=0&bl=1&pdt=2291&sid=637d0a06244df7f1&pub=ra-5e60266da35b2669&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=pharmaweb.tk&fp=user%2Fparcelgiant57&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1669138950980&jsl=1&uvs=637d0a06aaaa8367000&skipb=1&callback=addthis.cbs.jsonp__48688369010261610
Requested by: Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-112-115.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 32a4c39dd70a7bca9a73ccc3c086f3a23bd5c99f111b2a4255edf856a912da3d

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
pragma: no-cache
date: Tue, 22 Nov 2022 17:42:31 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 101
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 98D1 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame B7CB 71 KB
26 KB 305ms
305ms Document
text/html 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://pharmaweb.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Tue, 22 Nov 2022 17:42:31 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 338ms
337ms Script
application/javascript 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Tue, 22 Nov 2022 17:42:32 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77645

GET
H3 200 twk-main.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 121 B
397 B 479ms
333ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-main.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:32 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"da5bb1dc647470204df0e49f5afac2de"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b3da7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 twk-vendor.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 76 KB
27 KB 1268ms
1125ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-vendor.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5958b8f2069b0a3292ed7a9db46b8109adac7e81591238557125893ee7e87bb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b39a7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 twk-chunk-vendors.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 206 KB
61 KB 985ms
841ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-vendors.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

299a4f2bad31c68a87c725376227e4e71d3fa3be5ac21776509b6a526bfd603b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"70dac54eca3bb2143032bc4db3237623"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b3aa7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 twk-chunk-common.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 192 KB
40 KB 843ms
699ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-common.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

555de289eea93b90e1c59d4b602118a52a0e9a3271fc59a92d32b52cef19c3bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"0127d6cc141e3274ec4f89a4fbccfe68"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b3ca7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 twk-runtime.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 2 KB
1 KB 1271ms
1127ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97686e98d6e18932761e016ae206c5d5de3c79ea5258b6524ed3f9755b7b277c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"b374bc06058e39582754ba0e394a1a62"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b3ea7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 twk-app.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 151 B
385 B 481ms
336ms Script
application/javascript 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-app.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/5e5f8241c32b5c1917397eb8/default

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:32 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
content-encoding: br
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376556b3fa7ed-SYD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 281ms
280ms XHR
application/json 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

cafe /

Resource Hash

5b36450bcfd7e11d64409e448fcfd64470f08fd7d5e6356f86fd69f212641185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12418
x-xss-protection: 0

GET
H2

200

count.json Show response
widgets.pinterest.com/v1/urls/
Redirect Chain

http://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0
https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0

85 B
149 B

712ms
400ms

Script
application/javascript

151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0

Protocol

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

494f3da0b35b130013fe439d19bd3333656ad3dcb3615693f0b5ba916f42159d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 4
accept-ranges: none
x-pinterest-rid: 3540266761710688
expires: Tue, 22 Nov 2022 17:57:33 GMT

Redirect headers

Location: https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_5ywk0
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
292 B 540ms
538ms Script
application/json 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=_ate.cbs.rcb_gucx0

Requested by

Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

946fa9ecb33f02ed974f86f84a2832a20c110813faa0b4b6b214e1f32128532a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: pharmaweb.tk/user/parcelgiant57
last-modified: Tue, 22 Nov 2022 17:42:33 GMT
server: nginx/1.15.8
date: Tue, 22 Nov 2022 17:42:33 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
263 B 632ms
535ms XHR
application/json 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57

Requested by

Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://pharmaweb.tk/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 22 Nov 2022 17:42:32 GMT
surrogate-key: sFbt=https://pharmaweb.tk/user/parcelgiant57
last-modified: Tue, 22 Nov 2022 17:00:00 GMT
server: nginx/1.15.8
content-type: application/json
access-control-allow-origin: http://pharmaweb.tk
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2

200

count.json Show response
widgets.pinterest.com/v1/urls/
Redirect Chain

http://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0
https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0

86 B
321 B

541ms
389ms

Script
application/javascript

151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0

Protocol

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6a707e2d585771761722eae40b0576f6a1a539e66620982bf53ea27f59d3be67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 3
accept-ranges: none
x-pinterest-rid: 7881759120210264
expires: Tue, 22 Nov 2022 17:57:33 GMT

Redirect headers

Location: https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=window._ate.cbs.rcb_gcyy0
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
292 B 538ms
537ms Script
application/json 23.52.112.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&callback=_ate.cbs.rcb_15gm0

Requested by

Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.112.115 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-112-115.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ece4a91ff9339e659ef00e76b4868f322e11d79f764367dee4784ace292d1926

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: pharmaweb.tk/user/parcelgiant57
last-modified: Tue, 22 Nov 2022 17:42:33 GMT
server: nginx/1.15.8
date: Tue, 22 Nov 2022 17:42:33 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 819ms
273ms Script
text/javascript 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js?bust=31070969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 17:42:34 GMT

GET
H2 200 widget-settings Show response
va.tawk.to/v1/ 3 KB
1 KB 1232ms
1229ms Fetch
application/json 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://va.tawk.to/v1/widget-settings?propertyId=5e5f8241c32b5c1917397eb8&widgetId=default&sv=undefined

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbed4c67fdab1db2d8b623eec5aa138af92865ecf8c12ea47bd9afba1b93867c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: visitor-application-preemptive-pj49
server: cloudflare
etag: W/"2-6-0"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=1800
cf-ray: 76e3765cbfeaa7ed-SYD
access-control-allow-headers: content-type,x-tawk-token

POST
H3 200 start Show response
va.tawk.to/v1/session/ 1 KB
1 KB 661ms
515ms Fetch
application/json 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://va.tawk.to/v1/session/start

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

776138da9cd2f2a96b90dbaf6a3e94177d68987d1b6713e19b68b7f88ddcbfe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Tue, 22 Nov 2022 17:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: http://pharmaweb.tk
access-control-allow-credentials: true
cf-ray: 76e3765fbe47aabb-SYD
access-control-allow-headers: content-type,x-tawk-token
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: visitor-application-preemptive-84nz

OPTIONS
H2 200 start
va.tawk.to/v1/session/ Frame 0
0 338ms
338ms Preflight 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://va.tawk.to/v1/session/start

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://pharmaweb.tk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-tawk-token
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: http://pharmaweb.tk
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76e3765cbfeea7ed-SYD
date: Tue, 22 Nov 2022 17:42:33 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
x-served-by: visitor-application-preemptive-tkqv

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 818F 13 KB
5 KB 573ms
271ms Document
text/html 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://pharmaweb.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

accept-ranges: bytes
age: 434204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 17 Nov 2022 17:05:50 GMT
expires: Fri, 17 Nov 2023 17:05:50 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DE22 783 B
1 KB 820ms
277ms Document
text/html 74.125.24.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f104.1e100.net

Software

GSE /

Resource Hash

9a7b61e2056a9c044d51678cf4ed737fa63fc5304eeaf97ada1ad4ed9da87385

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bO3c-hWhdAf1Y_IbgAfGJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://pharmaweb.tk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-bO3c-hWhdAf1Y_IbgAfGJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 17:42:34 GMT
expires: Tue, 22 Nov 2022 17:42:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 en.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/languages/ 16 KB
4 KB 151ms
151ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/languages/en.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e924ffe8bcc65483510a22a7286bd6d4d204e72ffe5927eec50158f7a7be50c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:02 GMT
server: cloudflare
etag: W/"585ba00b2c167b90c210161454f843b5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e3766468e5aabb-SYD

GET
H3 200 rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js Show response
pagead2.googlesyndication.com/bg/ Frame 818F 36 KB
16 KB 272ms
271ms Script
text/javascript 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rVlqs_C6MEoymNIgrpYBY2eJfhVJuMjEUeWab4z9yRM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f155.1e100.net

Software

sffe /

Resource Hash

ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 22:05:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15986
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Nov 2023 22:05:21 GMT

GET
H3 200 twk-chunk-2c78ba82.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 7 KB
2 KB 148ms
148ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2c78ba82.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ca66991150a4c1263837600fe4338f33d96b74979cd7740ab07d22b883b8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"fac25ff2d2c405e1ac7e156dca1f819c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e37665697caabb-SYD

GET
H3 200 twk-chunk-696bc286.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 16 KB
5 KB 152ms
152ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-696bc286.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d097bf0d49d82f35c653186caf7378ba5f0eea3bebab64b5eb759be8f51afdc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"ee41615e137b3a87006f8f042b4969d1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e37665697eaabb-SYD

GET
H3 200 twk-chunk-f1596d96.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 10 KB
4 KB 149ms
149ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-f1596d96.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b97ecda063d6f58457f63f49b7547bf45122b8f4a266acae283cfa20a9a6355

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39214
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"2f8543ef2bc4194e9a6f541e9be7d4a5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e37665697faabb-SYD

GET
H3 200 twk-chunk-48f46bef.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 15 KB
5 KB 288ms
288ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-48f46bef.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0c85488bec4906f16fcf8f49293bab086e68e76f145b65368523d83a5a908a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"c62e390819d60a788d4871c14359c2c2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376656980aabb-SYD

GET
H3 200 twk-chunk-4fe9d5dd.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 942 B
713 B 149ms
149ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-4fe9d5dd.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc129f67c34d70578dc66a2ac6be2d44011eab5a05077797b8e56dbc2f2c9867

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"5f434bdd806571a4e1b385bee9316ff6"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376656981aabb-SYD

GET
H3 200 twk-chunk-2d0b9454.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 546 B
605 B 288ms
287ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2d0b9454.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48126b4a0cc388ba014594d6d64a6c6c6bb1c0ea145bb1c3c2b1da1a514e4a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"09c3819d373bd4178a620d721429fada"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376656983aabb-SYD

GET
H3 200 twk-chunk-f163fcd0.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 11 KB
4 KB 289ms
288ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-f163fcd0.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

544039b2ff06226afd008c3625818bbfe76a2598d7159145d06965afaf4f09de

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"a92075fd9ac5ba130387a80453676099"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376656984aabb-SYD

GET
H3 200 twk-chunk-32507910.js Show response
embed.tawk.to/_s/v4/app/637bc8c18ac/js/ 72 KB
16 KB 289ms
288ms Script
application/javascript 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-32507910.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-runtime.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d197054e64ed3fec84ab94fe0c565c6b2c298d8dd6f79dbd6e6f62d766e2e783

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"972f4459c8e61534b5751084cc3596a3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376656986aabb-SYD

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DE22 0
0 273ms
272ms Image
text/html 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=992429993153687&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.10.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 bubble-widget.css
embed.tawk.to/_s/v4/app/637bc8c18ac/css/ Frame 3749 13 KB
3 KB 265ms
255ms Stylesheet
text/css 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/bubble-widget.css

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2c78ba82.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f56f47d64037d5aa3a96b50c840580e5549fee6f9fafff8af3d1821d189fa5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39214
cf-polished: origSize=13594
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"ce7913b80c763449b3895d46419f7a6b"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376667a24aabb-SYD

GET
H3 200 min-widget.css
embed.tawk.to/_s/v4/app/637bc8c18ac/css/ Frame 2154 24 KB
5 KB 247ms
246ms Stylesheet
text/css 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/min-widget.css

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2c78ba82.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f08b0bfc5ca2e4fb4d2befa761a291c460279d018754531c1ed73fcb8bbd83b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39225
cf-polished: origSize=24960
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"80df9814fe6b98404ccc1df3c455ceaa"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376668a32aabb-SYD

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 818F 0
10 B 271ms
270ms Image
text/plain 142.250.4.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?oA6z7Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 message-preview.css
embed.tawk.to/_s/v4/app/637bc8c18ac/css/ Frame 51F9 37 KB
8 KB 150ms
150ms Stylesheet
text/css 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/message-preview.css

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2c78ba82.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b959ad2221d60430f98667e34f19ac4830d2a4e82d086aafec1d1c92aaf1a9bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39224
cf-polished: origSize=38268
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"949ecc85ac578750ec9a03e5680f7b0e"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376674a8daabb-SYD

GET
H3 200 max-widget.css
embed.tawk.to/_s/v4/app/637bc8c18ac/css/ Frame 43E0 74 KB
14 KB 149ms
148ms Stylesheet
text/css 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/max-widget.css

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-2c78ba82.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc9b8766ba1ad9df5f06c2da364ce4736551d12b4f3878ff78f9fd8a4079ba41

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39224
cf-polished: origSize=75771
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 21 Nov 2022 18:53:01 GMT
server: cloudflare
etag: W/"0158db159e8967dbda5865ed6b2e435d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376683b0daabb-SYD

GET
H3 200 168-r-cr.svg
embed.tawk.to/_s/v4/assets/images/attention-grabbers/ Frame 3749 22 KB
6 KB 149ms
149ms Image
image/svg+xml 172.67.38.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://embed.tawk.to/_s/v4/assets/images/attention-grabbers/168-r-cr.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.38.66 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19a634c9a73f445b59ca64a3d2c0e575d3a069f055f8806dbbafe343d68f4698

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 585330
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 22 May 2021 07:25:19 GMT
server: cloudflare
etag: W/"497f7ec7d8e5b8329f1004540dfb12db"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
cf-ray: 76e376684b13aabb-SYD

GET
H2 200 emojione.min.js Show response
cdn.jsdelivr.net/emojione/2.2.7/lib/js/ 295 KB
39 KB 442ms
153ms Script
application/javascript 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.89.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5c06455e539dcd889f7f05d709b5adc76c444099fe57f431365af2fc57e803b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19332221
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19137-FRA, cache-iad-kiad7000101-IAD
server: cloudflare
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eC3%2FwXS7WwocTxoo6uz1ijon%2BzpraaE6mrKqNHjpFokOJLY4PaB5RAwF6ekIUv3KV6ZUeHXdlSnlv4lZPJ1dX7tWWUNsHSz9%2B8ysNqKNihIaIuycdDD1vPTq8vp%2BQ3kzvQw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 76e3766a1d0bdfaf-SYD

GET
H3 200 tawk-font-icon-2.woff2
embed.tawk.to/_s/v4/assets/fonts/ Frame 3749 10 KB
11 KB 879ms
879ms Font
font/woff2 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.tawk.to/_s/v4/assets/fonts/tawk-font-icon-2.woff2?55755728=

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/bubble-widget.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4d4fcb3cdd9f021bca50bedb83de05b77fd23b3c98ad36b103fea8c0744ea71

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://embed.tawk.to/_s/v4/app/637bc8c18ac/css/bubble-widget.css
Origin: http://pharmaweb.tk
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 17:42:36 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10520
last-modified: Sat, 22 May 2021 07:25:13 GMT
server: cloudflare
etag: "054b3b66812d0a4b87ffc6776f0a42f1"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
accept-ranges: bytes
cf-ray: 76e376685ed9a7ed-SYD

OPTIONS
H3 200 v3
va.tawk.to/log-performance/ Frame 0
0 335ms
334ms Preflight 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://va.tawk.to/log-performance/v3

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://pharmaweb.tk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-tawk-token
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: http://pharmaweb.tk
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76e3766cc9b7a7ed-SYD
date: Tue, 22 Nov 2022 17:42:36 GMT
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
x-served-by: visitor-application-preemptive-5q0r

POST
H3 200 v3 Show response
va.tawk.to/log-performance/ 5 B
277 B 331ms
330ms Fetch
text/html 104.22.24.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://va.tawk.to/log-performance/v3

Requested by

Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/637bc8c18ac/js/twk-chunk-common.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.22.24.131 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://pharmaweb.tk/
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Tue, 22 Nov 2022 17:42:36 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://pharmaweb.tk
access-control-allow-credentials: true
cf-ray: 76e3766edb41a7ed-SYD
access-control-allow-headers: content-type,x-tawk-token
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: visitor-application-preemptive-099v

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 275ms
274ms Image
text/html 142.251.10.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=992429993153687&bg=!eXqlej7NAAbvMpMzzzI7ACkAdvg8Wkw_br_2bBGI64RR01Di14VPOqp-roXr1d231Ho1gRFQOZAdZAIAAABOUgAAAANoAQcKAMisULYjaSvx3jcuuEH7mz157nI4hrTt9EY6TJM7hW_LsvFRkL9-uD5YQSOx244vPk3f8kJskLEa7FI1NaFB3yDtw92-nAUpDJQkpWGGp0ZXSDHGaFigcpKikIzalDcMa8lUttZ5AtNTE2SQBikziZl6ZGUBsRyyiIpECpjP6d7LxofHtiftsv37bziv3LR2bRjAakosIyfmHB5OUsdPiDpJJTnynTCWBDDfDLjlfw2hJhdVCRsbJTnch4BvA7bb3AKXloMA5XUApJkCtf13SND-3WAT67osmUghC7TvsLVO4p31zHOY8-H3sOU_lG-clo32ek6WmSL3IPb_WZDChQWzJ7eK7Yr6Es1D6L0G9rNZjUCbCY_CL7imidX4387swV69kK3zBaVASH-kw5RIhVHI3qcETXZ3HXcPjHuurJsoXY_6lX6o7fduUuI6uYSChyFMAIkGbiyPUeXsy2wmNOa96079KyCa8B4WGaC9F8rgC5kWNAfQl03ElUblbSgktFbAKs7xe2P_qA5brgWj6LQ-Lz3JGvHmbYbP3NQ7kGnA3lYWLLWuANm2dIClkZhqflrkf42_BEgO0yfZP2hcJIXAt911CS7IK9LTFN_-22HYyF6Qzo7XgyqHZe5PGXScp4yCmeDhTmH-ekVM6lQRQ3a9EGxAk62OuCU1r7u88IBmBkA9vpUdk8oCdDfm5D6FIjokfoHSy3OrZ3TG3p0ci9RRQ3z-pf71nL3f9s4WVEtpSIYiQGY9Mm319mB4Smwjw-sI1PnqsVERO8d8_OtYONnKxbcBgFhdIs8nyDbJddRd1ANFVT2HVZhIsageD3XyIuK4fJ9QNlV5eceJt1D7-5edGeZQxP1H-UBOF8hwv3Giv-bDeeLqtzpBhtOrr7EJySmwZy_YeTUs-ciQ75A455Yv84IENzIvsYLgSiF-zSaVktx52yUAu8ac_DaKes9y8GX9eGKifoVmHOiteq8jOdiTBhBuvVFHwI_Ge5p_aVVluGIm0bC44LCxNzCisuaythOfvgGotwldYb4tauc9U65uaCM8Gjdo7MH-rtsvXzH9Cev5vk60kLFVrhw20QVGfDfz5ndEEvmN7UZc0EZgeseMzYPyxqArf9TtxeElrtqJyPy4GGJYLQkZST6ad9kqrh_6E5KE4LVljMdjZZCl2nErcaXEC1qL8PHdjHMVNFkS7A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.10.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sd-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: http://pharmaweb.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pharmaweb.tk/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8n5u64a35a0gg91ks4cdcip8mh
pharmaweb.tk/	1970-01-20 07:41:51	Name: qa_key Value: tiomsid8wrcxdxw5qhna4vwt2bdbwccw
.pharmaweb.tk/	1970-01-20 17:14:58	Name: _ga Value: GA1.2.1445238142.1669138950
.pharmaweb.tk/	1970-01-20 07:40:25	Name: _gid Value: GA1.2.1650717759.1669138950
.pharmaweb.tk/	1970-01-20 07:38:59	Name: _gat_gtag_UA_159338885_1 Value: 1
.doubleclick.net/	1970-01-20 07:38:59	Name: test_cookie Value: CheckForPermission
pharmaweb.tk/	1970-01-20 17:07:46	Name: __atuvc Value: 1%7C47
pharmaweb.tk/	1970-01-20 07:39:00	Name: __atuvs Value: 637d0a06aaaa8367000
.addthis.com/	1970-01-20 17:07:46	Name: uvc Value: 1%7C47
.pharmaweb.tk/	1970-01-20 17:00:34	Name: __gads Value: ID=7cf0fc0b234bee68-224b8147a1d8006e:T=1669138951:RT=1669138951:S=ALNI_MatyWoyCxyf1rKfoY8N7jHKf8Ic7g
.pharmaweb.tk/	1970-01-20 17:00:34	Name: __gpi Value: UID=00000b81462832db:T=1669138951:RT=1669138951:S=ALNI_MYoH18J2rsIpCBgGFcRS5bHCIxfSQ
.addthis.com/	1970-01-20 17:00:34	Name: ouid Value: 637d0a070001e0a54e6456806b5da19f5237a01c81455f9a5704
.addthis.com/	1970-01-20 17:00:34	Name: di2 Value: aVT}a#$M`6Hq#)Fo
.addthis.com/	1970-01-20 17:00:34	Name: um Value: j.'2022112217423185600387170888'
.addthis.com/	1970-01-20 17:00:34	Name: uid Value: 637d0a07b465ed6b
.addthis.com/	1970-01-20 17:00:34	Name: na_id Value: 2022112217423185600387170888
.addthis.com/	1970-01-20 17:00:34	Name: vc Value: 2
.addthis.com/	1970-01-20 17:07:46	Name: loc Value: MDAwMDBPQ05aMDAxNDM0MzU0NzAwMTAwMDBDSA==
pharmaweb.tk/	1969-12-31 23:59:59	Name: twk_idm_key Value: vbeF7bfbWYaGKgFoWrzDT
pharmaweb.tk/	1969-12-31 23:59:59	Name: TawkConnectionTime Value: 0
.pharmaweb.tk/	1970-01-20 11:58:10	Name: twk_uuid_5e5f8241c32b5c1917397eb8 Value: %7B%22uuid%22%3A%221.SwmanjpMwUsygjhkFkeVIgdYcGqRahL3izNTNSnngSSIvabWTT8DyvVcfEPmljdw1vh2XYpfyhPCK83SnH1kI3zthAY8YqIEOsMvpkFUu0RH75nmPpC15%22%2C%22version%22%3A3%2C%22domain%22%3A%22pharmaweb.tk%22%2C%22ts%22%3A1669138955026%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8094964334471361&output=html&adk=1812271804&adf=3025194257&lmt=1669138950&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Fpharmaweb.tk%2Fuser%2Fparcelgiant57&ea=0&pra=5&wgl=1&dt=1669138948402&bpp=3&bdt=1280&idt=1890&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2089906597141&frm=20&pv=2&ga_vid=1445238142.1669138950&ga_sid=1669138950&ga_hid=2014114968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44773809%2C42531706%2C31070969%2C44770880&oid=2&pvsid=992429993153687&tmod=1982309779&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=1908 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.co.nz
adservice.google.com
api-public.addthis.com
cdn.jsdelivr.net
embed.tawk.to
googleads.g.doubleclick.net
i.ibb.co
m.addthis.com
pagead2.googlesyndication.com
partner.googleadservices.com
pharmaweb.tk
s7.addthis.com
tpc.googlesyndication.com
v1.addthisedge.com
va.tawk.to
widgets.pinterest.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
z.moatads.com
s7.addthis.com
104.16.89.20
104.22.24.131
104.238.220.179
104.65.229.158
142.250.4.132
142.250.4.154
142.250.4.97
142.251.10.155
142.251.12.157
151.101.64.84
172.217.194.100
172.67.38.66
198.245.55.60
23.52.112.115
74.125.24.104
74.125.24.155
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
04d5cb4a5d092402cc0bc9b999c4cbfc01d1fd895bcfdfc36747668ab967a1c0
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
0f2c82f32d9e2487f2c66e6b7ff6e4382797cddfec72492097a6301a1ec00a02
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
19a634c9a73f445b59ca64a3d2c0e575d3a069f055f8806dbbafe343d68f4698
20ac97bf971f417042ff98382483052ddfd7398d776a14b41d9a300c2e62e1b9
299a4f2bad31c68a87c725376227e4e71d3fa3be5ac21776509b6a526bfd603b
2f56f47d64037d5aa3a96b50c840580e5549fee6f9fafff8af3d1821d189fa5c
32a4c39dd70a7bca9a73ccc3c086f3a23bd5c99f111b2a4255edf856a912da3d
3ba04151f72a769257dd0388ce804c9358d39426d63ee1c4aa779cc6f991d323
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48126b4a0cc388ba014594d6d64a6c6c6bb1c0ea145bb1c3c2b1da1a514e4a5c
494f3da0b35b130013fe439d19bd3333656ad3dcb3615693f0b5ba916f42159d
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
524c04e9fbf6224e1b7ab18d7ebe7053c335d9b31277a256115ac9f306c22546
544039b2ff06226afd008c3625818bbfe76a2598d7159145d06965afaf4f09de
555de289eea93b90e1c59d4b602118a52a0e9a3271fc59a92d32b52cef19c3bf
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5958b8f2069b0a3292ed7a9db46b8109adac7e81591238557125893ee7e87bb7
5b36450bcfd7e11d64409e448fcfd64470f08fd7d5e6356f86fd69f212641185
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6a707e2d585771761722eae40b0576f6a1a539e66620982bf53ea27f59d3be67
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
776138da9cd2f2a96b90dbaf6a3e94177d68987d1b6713e19b68b7f88ddcbfe2
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
808dc499aba0b866dd2c36b5fa7b05fc9fcc27656a521c2fd5a6ab43b39276c7
933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
946fa9ecb33f02ed974f86f84a2832a20c110813faa0b4b6b214e1f32128532a
97686e98d6e18932761e016ae206c5d5de3c79ea5258b6524ed3f9755b7b277c
97ca66991150a4c1263837600fe4338f33d96b74979cd7740ab07d22b883b8e0
9a7b61e2056a9c044d51678cf4ed737fa63fc5304eeaf97ada1ad4ed9da87385
9b97ecda063d6f58457f63f49b7547bf45122b8f4a266acae283cfa20a9a6355
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad596ab3f0ba304a3298d220ae96016367897e1549b8c8c451e59a6f8cfdc913
b0c85488bec4906f16fcf8f49293bab086e68e76f145b65368523d83a5a908a5
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3
b959ad2221d60430f98667e34f19ac4830d2a4e82d086aafec1d1c92aaf1a9bc
bbed4c67fdab1db2d8b623eec5aa138af92865ecf8c12ea47bd9afba1b93867c
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
c9617a861b0440e778f3b965939ae026c458fc3cf1ee12a771a4316e7825c0a2
d097bf0d49d82f35c653186caf7378ba5f0eea3bebab64b5eb759be8f51afdc5
d197054e64ed3fec84ab94fe0c565c6b2c298d8dd6f79dbd6e6f62d766e2e783
d40b201a6c2445c2c206a879f1d09844aca5098c8d247a5e8d180a320b21c567
dc9b8766ba1ad9df5f06c2da364ce4736551d12b4f3878ff78f9fd8a4079ba41
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e924ffe8bcc65483510a22a7286bd6d4d204e72ffe5927eec50158f7a7be50c0
ece4a91ff9339e659ef00e76b4868f322e11d79f764367dee4784ace292d1926
edda33676ab254335d58b7f49464b738950168bdbebb69cb7b3f06a3ab72a780
f08b0bfc5ca2e4fb4d2befa761a291c460279d018754531c1ed73fcb8bbd83b6
f0acda570695b9ce7be91074b6b833439a5e5415726153c11a4d10fd81aa9030
f4d4fcb3cdd9f021bca50bedb83de05b77fd23b3c98ad36b103fea8c0744ea71
f5c06455e539dcd889f7f05d709b5adc76c444099fe57f431365af2fc57e803b
fc129f67c34d70578dc66a2ac6be2d44011eab5a05077797b8e56dbc2f2c9867

pharmaweb.tk Open in urlscan Pro 198.245.55.60 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

67 Requests

84 %HTTPS

0 %IPv6

15 Domains

20 Subdomains

17 IPs

4 Countries

1112 kBTransfer

3131 kBSize

21 Cookies

5 Outgoing links

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pharmaweb.tk Open in urlscan Pro
198.245.55.60 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

84 %
HTTPS

0 %
IPv6

15
Domains

20
Subdomains

17
IPs

4
Countries

1112 kB
Transfer

3131 kB
Size

21
Cookies

67 HTTP transactions
1 data transactions