24moro.com Open in urlscan Pro
149.56.113.223 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://24moro.com/qbb0afxwjzbz
Submission: On April 12 via manual (April 12th 2023, 6:50:43 pm UTC) from MA — Scanned from CA

Summary HTTP 294 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 50 IPs in 7 countries across 40 domains to perform 294 HTTP transactions. The main IP is 149.56.113.223, located in Montreal, Canada and belongs to OVH, FR. The main domain is 24moro.com.
TLS certificate: Issued by R3 on March 10th 2023. Valid for: 3 months.

This is the only time 24moro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	149.56.113.223 149.56.113.223	16276 (OVH) (OVH)
22	149.56.179.185 149.56.179.185	16276 (OVH) (OVH)
9	2607:f8b0:400... 2607:f8b0:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400c:c12::8a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:468a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2607:f8b0:400... 2607:f8b0:400c:c0a::5f	15169 (GOOGLE) (GOOGLE)
15	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:220... 2606:2800:220:131d:1d30:1f1d:238b:1e56	15133 (EDGECAST) (EDGECAST)
4	2607:f8b0:400... 2607:f8b0:400c:c38::5e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:251... 2600:9000:2514:f600:1d:7d16:ed40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
5	2600:9000:212... 2600:9000:2120:7000:d:57d4:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:400c:c12::9a	15169 (GOOGLE) (GOOGLE)
44	2607:f8b0:400... 2607:f8b0:400c:c12::84	15169 (GOOGLE) (GOOGLE)
6	2602:803:c002... 2602:803:c002:200::41	26667 (RUBICONPR...) (RUBICONPROJECT)
1 7	85.111.6.48 85.111.6.48	9121 (TTNET) (TTNET)
3	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
6	2620:100:a001... 2620:100:a001::18	19750 (AS-CRITEO) (AS-CRITEO)
8	68.67.160.24 68.67.160.24	29990 (ASN-APPNEX) (ASN-APPNEX)
2 4	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
18	2607:f8b0:400... 2607:f8b0:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3031::ac43:8ca1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 8	2607:f8b0:400... 2607:f8b0:400c:c36::69	15169 (GOOGLE) (GOOGLE)
26	2607:f8b0:400... 2607:f8b0:400c:c0f::9b	15169 (GOOGLE) (GOOGLE)
4	151.101.1.108 151.101.1.108	54113 (FASTLY) (FASTLY)
16	68.67.179.153 68.67.179.153	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1	85.111.6.50 85.111.6.50	9121 (TTNET) (TTNET)
1	23.77.241.5 23.77.241.5	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2607:f8b0:400... 2607:f8b0:400c:c0c::84	15169 (GOOGLE) (GOOGLE)
2	173.194.217.94 173.194.217.94	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	184.84.136.23 184.84.136.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.44.133.30 23.44.133.30	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	23.200.196.24 23.200.196.24	16625 (AKAMAI-AS) (AKAMAI-AS)
3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	2600:1f18:4e9... 2600:1f18:4e9:5a05:2438:5b9c:3f03:dbad	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
3 11	173.194.216.154 173.194.216.154	15169 (GOOGLE) (GOOGLE)
1	104.126.116.147 104.126.116.147	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
1 1	185.196.197.130 185.196.197.130	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2 2	192.40.39.223 192.40.39.223	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	69.175.41.79 69.175.41.79	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	202.241.208.100 202.241.208.100	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
1 2	51.222.239.230 51.222.239.230	16276 (OVH) (OVH)
1 1	68.67.160.26 68.67.160.26	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
294	50

21 149.56.113.223 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip223.ip-149-56-113.net

24moro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 149.56.179.185 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip185.ip-149-56-179.net

revenueflex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.webeyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:400c:c0b::9d (Charleston, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81f::2008 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400c:c12::8a (Charleston, United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:468a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.speakol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:400c:c0a::5f (Charleston, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:220:131d:1d30:1f1d:238b:1e56 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400c:c38::5e (Charleston, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2514:f600:1d:7d16:ed40:93a1 (United States)

ASN16509 (AMAZON-02, US)

recommendation.speakol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::200e (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2120:7000:d:57d4:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

events.askjdhaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400c:c12::9a (Charleston, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2607:f8b0:400c:c12::84 (Charleston, United States)

ASN15169 (GOOGLE, US)

4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2602:803:c002:200::41 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 85.111.6.48 (Turkey) 1 redirects

ASN9121 (TTNET, TR)
PTR: ns1.ttidc.com.tr

cpm.programattik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.25 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:100:a001::18 (United States)

ASN19750 (AS-CRITEO, US)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.67.160.24 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States) 2 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:400c:c00::9c (Charleston, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:8ca1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.speakol.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:400c:c36::69 (Charleston, United States) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2607:f8b0:400c:c0f::9b (Charleston, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.1.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 68.67.179.153 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

nym1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8::90 (Moscow, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.111.6.50 (Turkey)

ASN9121 (TTNET, TR)
PTR: ns1.ttidc.com.tr

rtb.programattik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.77.241.5 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-77-241-5.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81d::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:400c:c0c::84 (Charleston, United States)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.194.217.94 (United States)

ASN15169 (GOOGLE, US)
PTR: vw-in-f94.1e100.net

p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 184.84.136.23 (Miami, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-84-136-23.deploy.static.akamaitechnologies.com

hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.44.133.30 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-133-30.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.200.196.24 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-200-196-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:4e9:5a05:2438:5b9c:3f03:dbad (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 173.194.216.154 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: vu-in-f154.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.126.116.147 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-116-147.deploy.static.akamaitechnologies.com

pxlclnmdecom-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.196.197.130 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.40.39.223 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.175.41.79 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: sovrn-193627-chi03-placeholder

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.100 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.222.239.230 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip230.ip-51-222-239.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.160.26 (New York, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::c (United States) 1 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	googlesyndication.com 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111 tpc.googlesyndication.com — Cisco Umbrella Rank: 145	727 KB
45	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 201 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 228	364 KB
30	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 230 cdn.adnxs.com — Cisco Umbrella Rank: 1627 nym1-ib.adnxs.com — Cisco Umbrella Rank: 1287 acdn.adnxs.com — Cisco Umbrella Rank: 581 secure.adnxs.com — Cisco Umbrella Rank: 429	201 KB
21	24moro.com 24moro.com	2 MB
15	webeyo.com cdn.webeyo.com	365 KB
13	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 760	654 KB
12	media.net hblg.media.net — Cisco Umbrella Rank: 1970 contextual.media.net — Cisco Umbrella Rank: 616 warp.media.net — Cisco Umbrella Rank: 2369 lg3.media.net — Cisco Umbrella Rank: 5510 cs.media.net — Cisco Umbrella Rank: 1502	180 KB
12	google.com 5 redirects apis.google.com — Cisco Umbrella Rank: 124 adservice.google.com — Cisco Umbrella Rank: 90 www.google.com — Cisco Umbrella Rank: 2	23 KB
9	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 748 gum.criteo.com — Cisco Umbrella Rank: 416 mug.criteo.com — Cisco Umbrella Rank: 2381	9 KB
8	programattik.com 1 redirects cpm.programattik.com — Cisco Umbrella Rank: 65279 rtb.programattik.com — Cisco Umbrella Rank: 251517	3 KB
7	revenueflex.com revenueflex.com — Cisco Umbrella Rank: 507585	304 KB
6	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 498	4 KB
6	gstatic.com fonts.gstatic.com p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com	124 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 793 syndication.twitter.com — Cisco Umbrella Rank: 1106	149 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	4 KB
5	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2947 google-bidout-d.openx.net — Cisco Umbrella Rank: 2875 us-u.openx.net — Cisco Umbrella Rank: 462	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 353	110 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 198	244 KB
5	askjdhaa.com events.askjdhaa.com — Cisco Umbrella Rank: 264141
4	facebook.com 2 redirects www.facebook.com — Cisco Umbrella Rank: 109	76 KB
4	speakol.com cdn.speakol.com — Cisco Umbrella Rank: 204368 recommendation.speakol.com — Cisco Umbrella Rank: 234690	38 KB
3	adform.net adx.adform.net — Cisco Umbrella Rank: 4293	3 KB
3	google.ca adservice.google.ca — Cisco Umbrella Rank: 13645	818 B
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 828	489 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 646	1 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 463	2 KB
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 670	59 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 368	971 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 301	2 KB
2	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	1 KB
2	akamaihd.net qsearch-a.akamaihd.net — Cisco Umbrella Rank: 2194 pxlclnmdecom-a.akamaihd.net — Cisco Umbrella Rank: 18774	35 KB
2	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 3345	616 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	88 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	111 KB
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1039	1 KB
1	uuidksinc.net 1 redirects s.uuidksinc.net — Cisco Umbrella Rank: 11294	290 B
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 3194	8 KB
1	speakol.info cdn.speakol.info — Cisco Umbrella Rank: 725293	62 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	1 KB
294	40

	Domain	Requested by
42	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net 24moro.com 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com cdn.ampproject.org
25	googleads.g.doubleclick.net	revenueflex.com googleads.g.doubleclick.net
21	24moro.com	24moro.com
18	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com revenueflex.com googleads.g.doubleclick.net 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com www.googletagservices.com
16	nym1-ib.adnxs.com	revenueflex.com 24moro.com cdn.adnxs.com
15	cdn.webeyo.com	24moro.com
13	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
11	cm.g.doubleclick.net	3 redirects google-bidout-d.openx.net 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
9	securepubads.g.doubleclick.net	24moro.com securepubads.g.doubleclick.net
8	www.google.com	5 redirects tpc.googlesyndication.com 24moro.com 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
8	ib.adnxs.com	revenueflex.com acdn.adnxs.com
7	cpm.programattik.com	1 redirects revenueflex.com
7	revenueflex.com	24moro.com revenueflex.com
6	bidder.criteo.com	revenueflex.com
6	fastlane.rubiconproject.com	revenueflex.com
6	fonts.googleapis.com	24moro.com client securepubads.g.doubleclick.net tpc.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
5	events.askjdhaa.com	cdn.speakol.com
4	contextual.media.net	4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com contextual.media.net
4	cdn.adnxs.com	revenueflex.com
4	www.facebook.com	2 redirects connect.facebook.net
4	fonts.gstatic.com	fonts.googleapis.com
4	platform.twitter.com	24moro.com platform.twitter.com
3	lg3.media.net	4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com 24moro.com
3	hblg.media.net	24moro.com 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
3	adx.adform.net	revenueflex.com
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.ca	securepubads.g.doubleclick.net
2	gum.criteo.com	1 redirects static.criteo.net
2	onetag-sys.com	1 redirects 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
2	ap.lijit.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	static.criteo.net	revenueflex.com static.criteo.net
2	us-u.openx.net	google-bidout-d.openx.net
2	match.adsrvr.org	2 redirects
2	s.amazon-adsystem.com	1 redirects google-bidout-d.openx.net
2	pr-bh.ybp.yahoo.com	1 redirects google-bidout-d.openx.net
2	oajs.openx.net	1 redirects
2	p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com
2	an.yandex.ru	2 redirects
2	4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	syndication.twitter.com	platform.twitter.com 24moro.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	recommendation.speakol.com	cdn.speakol.com
2	connect.facebook.net	24moro.com connect.facebook.net
2	cdn.speakol.com	24moro.com cdn.speakol.com
2	www.googletagmanager.com	24moro.com cdn.speakol.com
1	mug.criteo.com
1	secure.adnxs.com	1 redirects
1	tg.socdm.com	1 redirects
1	s.uuidksinc.net	1 redirects
1	cs.media.net	contextual.media.net
1	pxlclnmdecom-a.akamaihd.net	contextual.media.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	warp.media.net	4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
1	qsearch-a.akamaihd.net	24moro.com
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	acdn.adnxs.com	24moro.com
1	rtb.programattik.com
1	cdn.speakol.info
1	cdn.jsdelivr.net	revenueflex.com
1	apis.google.com	24moro.com
294	63

This site contains links to these domains. Also see Links.

Domain
events.askjdhaa.com
webeyo.com

Subject Issuer	Validity	Valid
24moro.com R3	`2023-03-10` - `2023-06-08`	3 months	crt.sh
revenueflex.com R3	`2023-01-18` - `2023-04-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
cdn.webeyo.com R3	`2023-01-18` - `2023-04-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.cdn.speakol.com GTS CA 1P5	`2023-03-29` - `2023-06-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.speakol.com Amazon RSA 2048 M01	`2023-03-16` - `2024-04-13`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh
*.askjdhaa.com Amazon RSA 2048 M02	`2023-03-06` - `2024-04-03`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.google.ca GTS CA 1C3	`2023-03-20` - `2023-06-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.programattik.com GeoTrust RSA CA 2018	`2022-10-25` - `2023-10-25`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
speakol.info Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-03-30` - `2023-06-28`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh

This page contains 34 frames:

Primary Page: https://24moro.com/qbb0afxwjzbz
Frame ID: 34EFA0E625A5BB9D1B2116EA4F2574B7
Requests: 116 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F24moro.com
Frame ID: 7C44D7026B96D03AAC93A439A5E96C9B
Requests: 2 HTTP requests in this frame

Frame: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A4A1C080BD58950C6A6994100C951F2D
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 058D8BDFB71D01CEFF319A0BB649C3A1
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b401f5c03b95c%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&container_width=750&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&layout=button_count&locale=ar_AR&sdk=joey
Frame ID: 40931AFD7C32BB396C6C697A2C0CCCDB
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550
Frame ID: 711DE9D90291FD444C87DA2D4A62DABC
Requests: 12 HTTP requests in this frame

Frame: https://cdn.speakol.com/widget/html/speakol-appends.html
Frame ID: ED334F4FE751BD7613EFB7A32BA412D1
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0F06753197EB5B11CEB118DF31EDD53F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AC5F081180B280C03F3E28E9D748E95B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 3FD2B70438F45794C08102A2B95A67B4
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: 1218144A5FD95CE578A03B3FFDC8C358
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: C2C8DFC0C8A39A990AC67D2B289A8271
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: F30DC9AA962F1742EB01526F4AB93CBB
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 0A9BA79BE15DE6E0EF22E9FFC302E854
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: B57D9A63E4E3B9207249021B957B3CFA
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 573E7D616455098654A513882481DBE4
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: 10D43B455A93F7FFFB307BC067444918
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=12039&pub_id=1860595
Frame ID: 64DC14757B6531876241D2CD616293A9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C292CC365050D2D379B0722F9AB469DE
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs
Frame ID: 3D825747DA660CE74610C218103D68D5
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html
Frame ID: 77FF80AC601CD995C3F8BE3FA98B0779
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 0AF3D2DE37A379A238CAAB52225AA4E3
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7C896C73740709D507D205573CFB2C5C
Requests: 2 HTTP requests in this frame

Frame: https://p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 8578C6366DF599D0028456D183BE0B27
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C1B7AF93BA3684B3E66463F800478E93
Requests: 2 HTTP requests in this frame

Frame: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EB19A4308A1C16CF7F3E5CF437F3F3CC
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js
Frame ID: F18E8A6F51F326009BFC086D4538B5AA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js
Frame ID: 0B165F67F05028FE908115AF3F14E3F9
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 9622A206CCFC083AD49EDCDFD4432F1D
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js
Frame ID: 71171AA19EEBBA445C853129A37F77D1
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C20000%2C294%2C262%2C460%2C461%2C462%2C4%2C313%2C10000%2C459%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Frame ID: 6D44DB6A62782A8381194A7D23F4B21E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A9B389C24727CDD6EDA553B52BF1EA62
Requests: 9 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=24moro.com
Frame ID: 9BB0EB84D371B5A85F33441554FE3097
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 24BFB3984A935D85B2B6C97036172B77
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

جاب الربحة..إعتقال الشخص الذي تاه في الصحراء

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/platform\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

294
Requests

95 %
HTTPS

50 %
IPv6

40
Domains

63
Subdomains

50
IPs

7
Countries

5505 kB
Transfer

11984 kB
Size

37
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=1&article_id=33908122&l=https%3A%2F%2F24moro.com%2Fsfi0fjq9pkyo&version=v2&network_id=0&category_id=58&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=2&article_id=33889303&l=https%3A%2F%2F24moro.com%2Fuoor9skza91s&version=v2&network_id=0&category_id=51&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=3&article_id=33889012&l=https%3A%2F%2F24moro.com%2Fngql3js56hmi&version=v2&network_id=0&category_id=50&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=4&article_id=33876975&l=https%3A%2F%2F24moro.com%2Fw0bnm1za6dfn&version=v2&network_id=0&category_id=51&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=5&article_id=33868903&l=https%3A%2F%2F24moro.com%2Fc92qd3ap730u&version=v2&network_id=0&category_id=51&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=6&article_id=33866723&l=https%3A%2F%2F24moro.com%2Fzy3gi7njnh3l&version=v2&network_id=0&category_id=50&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=7&article_id=33865862&l=https%3A%2F%2F24moro.com%2Ftfemc1eslb3c%3Fmibextid%3Dtejx2t&version=v2&network_id=0&category_id=58&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=8&article_id=33860766&l=https%3A%2F%2F24moro.com%2Fhluocn8337xd&version=v2&network_id=0&category_id=58&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=9&article_id=33848404&l=https%3A%2F%2F24moro.com%2Fhmdpysa26nky&version=v2&network_id=0&category_id=58&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=10&article_id=33847248&l=https%3A%2F%2F24moro.com%2Fpwoa91wedws0&version=v2&network_id=0&category_id=50&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=11&article_id=33846464&l=https%3A%2F%2F24moro.com%2Fe77luwx7kcs9&version=v2&network_id=0&category_id=51&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://events.askjdhaa.com/api/v1/r?serving_algorithm=latest-news-v3&wid=wi-5841&box_id=12&article_id=33843322&l=https%3A%2F%2F24moro.com%2F45c9qgsxrlrt&version=v2&network_id=0&category_id=51&did=4243&uid=e914bb34-d962-11ed-98b8-1af38512f947&trigger=image&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Search URL Search Domain Scan URL

URL: https://webeyo.com/
Title: Webeyo

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550 HTTP 302
https://www.facebook.com/plugins/comments.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550 HTTP 302
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550

Request Chain 129

https://cpm.programattik.com/user-sync?zone=22&t=image&r=%2F%2Fcpm.programattik.com%2Fuser-synced%3Fzone%3D22%26uid%3D%7BUID%7D HTTP 302
https://an.yandex.ru/mapuid/turktelekomrtb/ HTTP 302
https://an.yandex.ru/mapuid/turktelekomrtb/?redir-setuniq=1 HTTP 302
https://rtb.programattik.com/user-sync?dsp=5&t=image&uid=7C2CF3F916602336

Request Chain 222

https://oajs.openx.net/esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp&cc=1

Request Chain 226

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 231

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 233

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 234

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 253

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 259

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5&dcc=t

Request Chain 260

https://match.adsrvr.org/track/cmf/openx?oxid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/openx?oxid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3c5ee43f-7a58-4a66-a685-919727fa2857&ttd_puid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0&gdpr_consent=

Request Chain 262

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKqas-nBtZzki8Dqf_wm_po&google_cver=1

Request Chain 278

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzI0MzI3MDM4MTQ1NTUyNTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHFn3bZ8bdP_jXki6oCw1II&google_cver=1

Request Chain 281

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKyA-JtQIO0aii6gmd9Kf88&google_cver=1&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannNkrO0D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannNkrO0D&google_hm=eS04ZnczWERSRTJwR2FqTXp6SUtMOWR3VEpMMFpscEhJaX5B

Request Chain 282

https://s.uuidksinc.net/match/47/?remote_uid=CAESELHMeta-ter87dXw-1DgQ4g&c_param1=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg

Request Chain 283

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_cver=1&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf9sKheAD2OydawDcyLS_IOdJCOjzSqS1uCox4j80Llw6lvzSkiaHHHnqY7jjEYBeJA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf9sKheAD2OydawDcyLS_IOdJCOjzSqS1uCox4j80Llw6lvzSkiaHHHnqY7jjEYBeJA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_hm=ZDb9fjQHL2l8Ni77LUsI-AAABZMAAAAB&google_nid=index&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf9sKheAD2OydawDcyLS_IOdJCOjzSqS1uCox4j80Llw6lvzSkiaHHHnqY7jjEYBeJA

Request Chain 284

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE6lHy8XLWZE0f95OmK4jaw&google_cver=1&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE6lHy8XLWZE0f95OmK4jaw&google_cver=1&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg&google_hm=GeEKVGZHciH3vd2WRuqdv5ul

Request Chain 285

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEON2b7F6KXBjnOs6bNpdSFA&google_cver=1&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg&google_hm=WkRiOWZzQ281c01BQUpaWUFhZ0FBQUFB

Request Chain 286

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGuGqArpDxI_hwp5p09RcoU&google_cver=1&google_push=Aer7DvKxGSZ53SEmnylPiC29YpntUZl6M6ExZq26B2kyyGUv3aJZIzV1b5zlyJVYMPJO3FvkPkgtaBXfwnfU9E44upQZ6Q9Mep5dIw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvKxGSZ53SEmnylPiC29YpntUZl6M6ExZq26B2kyyGUv3aJZIzV1b5zlyJVYMPJO3FvkPkgtaBXfwnfU9E44upQZ6Q9Mep5dIw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 287

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNonimDjMgrTpz5QzEpsV0nSnWGtt-L5bQuf4IQV8Zour7b_lQSmpakTTCerlvdjK19ytphT8nin49sR_1tM4JfNFw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzkxOTU2NDMzMzA0NjgwMzM3Mw%3D%3D&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNonimDjMgrTpz5QzEpsV0nSnWGtt-L5bQuf4IQV8Zour7b_lQSmpakTTCerlvdjK19ytphT8nin49sR_1tM4JfNFw

Request Chain 296

https://gum.criteo.com/sid/json?origin=publishertag&domain=24moro.com&sn=ChromeSyncframe&so=0&topUrl=24moro.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=1nn8oXxIcU42WXMxRzlvME1rTko2STNPVHdqdk5JQmVhaTRieE51eHk3bGduYXlqcTVYeG9xRnJaVkE2SDJINGl2elFRREJXZTZoTko1V2g1L01ZS2pRc01NR3N4TnFDcERDV1ViVDRaTDVTN24xTmE0SUJvbVVidjQ4MkFWY2h0WStCeDJtVnhlU051RWxHWXBBWXFHMExFSGpxVEZoaDNHQ0E2d2ZtcEN2dE1UTU9KT21JRllia3d5ckVobjF3cTJPMC9mbllqRndBaEZ2WGNsUGw3bGlCVzlsOUl4ZjVrazAxa3hUWHZmRmFYUjA5UFFTekVnbkxNNGt0ZXgvaFVmR0o4cUI5NjlQN0dGN09JRU9xMTB5akl0QT09fA&cppv=2

294 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200 Primary Request qbb0afxwjzbz Show response
24moro.com/ 404 KB
197 KB 851ms
594ms Document
text/html 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

51ac5ba24e6e5dc4a81e589fe2f3534facb8bf349c7a449034e4d30b8565a245

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=30 public
Connection: keep-alive
Content-Encoding: gzip
Content-Legth: 413584
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'
Content-Type: text/html;charset=UTF-8
Date: Wed, 12 Apr 2023 18:50:34 GMT
Expires: Wed, 12 Apr 2023 18:51:04 GMT
Pragma: public
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Proxy-Cache: EXPIRED

GET
H/1.1 200 1347 Show response
revenueflex.com/rest/siteconfig/ 931 B
1 KB 150ms
92ms Script
text/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://revenueflex.com/rest/siteconfig/1347?pg=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&cache_buster=0.8476025488126442
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d263f891e516d9a8ddc18f7e2693ebfdabd1c1c9e53f38010c997268e86364e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

X-Proxy-Cache: MISS
Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
X-Mobile-Device: 0
Transfer-Encoding: chunked
Connection: keep-alive
X-NG-Country-Code: CA
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=60
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Country-Code: CA
Expires: Wed, 12 Apr 2023 18:51:35 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
25 KB 145ms
45ms Script
text/javascript 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fa5c0baf683948e2d10deb619c3f6278cc69fed19ee6097a6e0e205719cc271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25502
x-xss-protection: 0
server: cafe
etag: 452 / 19459 / 31073754 / config-hash: 3039343187979448343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H/1.1 200
OK prebid.js Show response
revenueflex.com/d/ons/ 353 KB
111 KB 19ms
10ms Script
application/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://revenueflex.com/d/ons/prebid.js
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a568a62be6134afc9d0d49d492fe710a8856886996017029be64086c0d00e984

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Mar 2023 15:06:25 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64187671-1bc43"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=600
Connection: keep-alive
Content-Length: 113731
Expires: Wed, 12 Apr 2023 19:00:35 GMT

GET
H/1.1 200 1347 Show response
revenueflex.com/rest/pagehit/ 1 B
636 B 126ms
89ms XHR
text/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://revenueflex.com/rest/pagehit/1347?pg=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&cache_buster=966935

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
Allow: OPTIONS, GET, HEAD, POST
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS, GET,POST,PUT,DELETE,HEAD,OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://24moro.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, *
Content-Length: 1

GET
H/1.1 200 ipinfo Show response
cdn.webeyo.com/ 199 B
625 B 544ms
94ms Script
text/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.webeyo.com/ipinfo

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

389c256c8ea9b87df846790744d7e40e2b9557aa3f9eb4d241e370e10ab2a69b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:52:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Cache-Control: max-age=120, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Cache: MISS

GET
H/1.1 200 style_rtl.css
24moro.com/v4/desktop/ 26 KB
26 KB 175ms
175ms Stylesheet
text/css 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://24moro.com/v4/desktop/style_rtl.css

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b49c1341e8148af52b50b10b3b7b5d85a0d393259427e945c56a667d7d63d52c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Length: 26566
X-Proxy-Cache: EXPIRED

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 106ms
41ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-171785567-1

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2c71a1967ecc24c8b1e05156cb59bbaefb7a7ddfa3f7b2976f118179cc929d8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44570
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H2 200 platform.js Show response
apis.google.com/js/ 54 KB
21 KB 121ms
37ms Script
text/javascript 2607:f8b0:400c:c12::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::8a Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53abc7b36dcd8b0bdee6ea0658511581a4a26f4a314a677b55c05e0f1547b930

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 18:50:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21022
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "a817d6f6a95ec85f"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H/1.1 200
OK 6229_logo.png
24moro.com/contentimages/0site_imgs_data/2/2/9/ 62 KB
62 KB 75ms
19ms Image
image/png 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/contentimages/0site_imgs_data/2/2/9/6229_logo.png
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6912122b10b4bb2a307ef2a6d6e6aa05af8f2f2dfbac1c2c5fb0533e4af35250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Tue, 07 Jul 2020 19:48:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "5f04d185-f654"
Content-Type: image/png
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 63060
X-Proxy-Cache: HIT

GET
H/1.1 200
OK zf3w3vzyarlp-b.jpg
cdn.webeyo.com/c/7/1/1/zf3w3vzyarlp/ 15 KB
16 KB 460ms
10ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/7/1/1/zf3w3vzyarlp/zf3w3vzyarlp-b.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 072d8caae1afb45d64a8738069dccf5bcdc7a8f29a192c9ef6b9014644357e9f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Wed, 12 Apr 2023 17:57:11 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6436f0f7-3cb3"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15539
X-Proxy-Cache: HIT

GET
H2 200 speakol-widget-v2.js Show response
cdn.speakol.com/widget/js/ 142 KB
32 KB 127ms
44ms Script
application/javascript 2606:4700:20::ac43:468a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:468a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d9627946fcad2ddacefe71e61e52e0fe6da36f2957869ce1d4abf8e410fbc6e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
via: 1.1 9df316641adfdaf044ba4a0279382a60.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SFO53-P1
age: 7240
x-cache: Hit from cloudfront
last-modified: Thu, 07 Jul 2022 14:59:13 GMT
server: cloudflare
etag: W/"ec9f6107f4c6bf30e1136eb9891d03bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ig0Y0ENP8Ufsdh8nzKZ3d6xpm5gWloVWBMNJKSnKjqu1OhxbgbBs0LAM9ExFxx0kaQ99EwYyVhev%2F0Q5gRbUK7IcO12O4BQunkfbg7nKVToxPl7dEhLmMWPbwEyMJiZ3pj9G2x7scYdk30Jf7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 7b6da7e42d4f113a-ORD
x-amz-cf-id: Y9XBfqp90M3t5ihhh4nPS1xhJX3Fg5R8PdicdDz9Z4V4lHaWnZM8eQ==

GET
H/1.1 200
OK u48irzo0p07i-tn-small.jpg
cdn.webeyo.com/c/9/6/4/u48irzo0p07i/ 30 KB
30 KB 538ms
96ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/9/6/4/u48irzo0p07i/u48irzo0p07i-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 083b29b673d1012875c94164172931ad69431590cef678785314ea52324d0bb4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Thu, 16 Mar 2023 23:21:09 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6413a465-77c2"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30658
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK zuypjvmmo4a1-tn-small.jpg
cdn.webeyo.com/c/6/6/3/zuypjvmmo4a1/ 42 KB
42 KB 530ms
90ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/6/6/3/zuypjvmmo4a1/zuypjvmmo4a1-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f33c5e1e54db6f20b31bb55765626c057de47a672299bf1590be75b091fdf771

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sat, 04 Mar 2023 16:34:23 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6403730f-a6dd"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42717
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK s5ydbyknmekh-tn-small.jpg
cdn.webeyo.com/c/4/7/2/s5ydbyknmekh/ 29 KB
29 KB 547ms
95ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/4/7/2/s5ydbyknmekh/s5ydbyknmekh-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4dddbde3a429d91131d6ebaa2aeb9d6ed1edc8e8880a0bd3afb3b9538b1fb099

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sat, 18 Mar 2023 19:13:08 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64160d44-7408"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29704
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK 31----2021---------2022-1-tn-small.jpg
cdn.webeyo.com/c/9/9/0/31----2021---------2022-1/ 19 KB
20 KB 597ms
90ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/9/9/0/31----2021---------2022-1/31----2021---------2022-1-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 667127594b17bdcf4df353f28f0bcb3797997ed34029057483fe5b2e2d6a25e0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sat, 18 Mar 2023 15:32:44 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6415d99c-4c98"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19608
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK 6objbi8xskpg-tn-small.jpg
cdn.webeyo.com/c/4/7/5/6objbi8xskpg/ 19 KB
20 KB 334ms
100ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/4/7/5/6objbi8xskpg/6objbi8xskpg-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3c232fdaf6ce70c50790b29a3f2e995035f349a5845a6e1f3c0a200bd1ca51dd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Wed, 22 Mar 2023 05:25:50 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "641a915e-4c60"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19552
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK bdnzy6a1w195-tn-small.jpg
cdn.webeyo.com/c/3/8/3/bdnzy6a1w195/ 29 KB
30 KB 254ms
19ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/3/8/3/bdnzy6a1w195/bdnzy6a1w195-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0f3253cef050f3c3eb480f88667ed4b215ef30ba4b93bb106ea6c29c139b70f0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Fri, 17 Mar 2023 13:34:00 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64146c48-751d"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29981
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ep1akoem1c7s-tn-small.jpg
cdn.webeyo.com/c/9/7/5/ep1akoem1c7s/ 27 KB
28 KB 330ms
103ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/9/7/5/ep1akoem1c7s/ep1akoem1c7s-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e55a0f915a3150525919bbb2eab472b4ed985e6c58a3121b10fbb63f5a316de1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Wed, 22 Mar 2023 03:21:18 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "641a742e-6d4d"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27981
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK 1mnky02dju8q-tn-small.jpg
cdn.webeyo.com/c/8/9/9/1mnky02dju8q/ 25 KB
26 KB 334ms
99ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/8/9/9/1mnky02dju8q/1mnky02dju8q-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 94f7de3cf236dc8db39b7ec5a8f6041ac0c523b0388053d58710c1576eec05a4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Mon, 20 Mar 2023 09:23:20 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64182608-6467"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25703
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK 4lowfothsw0f-tn-small.jpg
cdn.webeyo.com/c/4/2/7/4lowfothsw0f/ 22 KB
23 KB 343ms
108ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/4/2/7/4lowfothsw0f/4lowfothsw0f-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6d2de1e1fc76b43b6e9bdcbdc4dec07103388c1169e74c1ddf054a2a494d93a7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Thu, 16 Mar 2023 15:29:12 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "641335c8-58b7"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22711
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK uu8nxi662r6p-tn-small.jpg
cdn.webeyo.com/c/1/1/8/uu8nxi662r6p/ 32 KB
33 KB 431ms
99ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/1/1/8/uu8nxi662r6p/uu8nxi662r6p-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 87f13c44cecc52deb83b26b60da795b5db54a140d1f8eb90863317748ae18494

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 19 Mar 2023 06:22:50 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6416aa3a-810e"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33038
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK 9d6upm2z4u78-tn-small.jpg
cdn.webeyo.com/c/4/2/3/9d6upm2z4u78/ 23 KB
23 KB 414ms
179ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/4/2/3/9d6upm2z4u78/9d6upm2z4u78-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9aad65d86ce18a2ada9fd402e6011d74ff845f544201178e257aba70ce3edf01

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 19 Mar 2023 04:50:30 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64169496-5bb4"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23476
X-Proxy-Cache: REVALIDATED

GET
H/1.1 200
OK gm6tkqxmt50r-tn-small.jpg
cdn.webeyo.com/c/7/7/7/gm6tkqxmt50r/ 45 KB
45 KB 350ms
95ms Image
image/jpeg 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webeyo.com/c/7/7/7/gm6tkqxmt50r/gm6tkqxmt50r-tn-small.jpg
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2bd142f2d96b80c326f0e37f42f9bbcd9fbe37a8222d54b11710e42c3e30d3aa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 18:55:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Last-Modified: Sat, 04 Mar 2023 22:11:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6403c20c-b390"
Access-Control-Test: 1
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45968
X-Proxy-Cache: REVALIDATED

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 125ms
51ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:400,700,800,500,300

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

37884cc94e493d18f340a4696f52859a08cda5110707a0bf1043f80e20dbdce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 18:50:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H/1.1 200 owl.carousel_rtl.js Show response
24moro.com/v4/desktop/js/ 77 KB
22 KB 15ms
15ms Script
text/plain 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://24moro.com/v4/desktop/js/owl.carousel_rtl.js

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

91f3963d1241936996e2ae38eeb523fad9ba71a738d1c780986e26d7fbd2a09d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600, public
Connection: keep-alive
X-Proxy-Cache: HIT

GET
H/1.1 200 custom_rtl.js Show response
24moro.com/v4/desktop/js/ 3 KB
1 KB 114ms
97ms Script
text/plain 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://24moro.com/v4/desktop/js/custom_rtl.js

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

90b564e80ac2aef4bc2403de285b0d6cd953c7ec1e43d7daefa6125a57754d80

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600, public
Connection: keep-alive
X-Proxy-Cache: EXPIRED

GET
H/1.1 200
OK b35c813f5b7b24a52ae7cf6f94efcac08fc86b4b.js Show response
revenueflex.com/d/b/3/5/ 384 KB
189 KB 16ms
15ms Script
application/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://revenueflex.com/d/b/3/5/b35c813f5b7b24a52ae7cf6f94efcac08fc86b4b.js
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/rest/siteconfig/1347?pg=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&cache_buster=0.8476025488126442
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip185.ip-149-56-179.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4e5c63e9b960628c8c1080c84c16e011131395e7caab0fca0546bf362ba984c4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Apr 2023 21:10:13 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: W/"6435ccb5-5ff26"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=300
Connection: keep-alive
Expires: Wed, 12 Apr 2023 18:55:35 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/ 398 KB
124 KB 46ms
39ms Script
text/javascript 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d3b45a4be3864673801baea2c3f066e1c7320bab56d3c7818d7484cf1811696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71857
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126408
x-xss-protection: 0
server: cafe
etag: 11042757488233447259
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 10 Apr 2024 22:52:58 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 214 B
652 B 110ms
39ms XHR
application/json 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44db758bfef737732d82b902d383e83659b76741a544b534e58fb951f4f1c2ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/ar_AR/ 3 KB
2 KB 67ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ar_AR/sdk.js

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f66527767bf5359b459dcfac7545c4672aeec7ca5896850d77de18ece2efd40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 18:50:35 GMT
content-md5: D5OgGkcGUFl4YzEPm4qYOA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: X1SKQZQJqC+JG5sy26FAJbr6lpIb64yOzbwSfU/RR5WFT7smMorLJdV3TFEqSYgWJZU6wC4UwkU8jqA5/IEX9Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1512268381
x-fb-content-md5: 57f33b234d4634db30de8dc09c370522
cross-origin-opener-policy: same-origin-allow-popups
etag: "165f2bdef57936e2706ee0ff40ca9545"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:00:05 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 79ms
18ms Script
application/javascript 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D33) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:35 GMT
Content-Encoding: gzip
Age: 211
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (nyb/1D33)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H/1.1 200 searchbg.png
24moro.com/v4/desktop/images/ 212 B
527 B 163ms
112ms Image
image/png 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://24moro.com/v4/desktop/images/searchbg.png

Requested by

Host: 24moro.com
URL: https://24moro.com/v4/desktop/style_rtl.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

9e797b9e6fd24e5a7da5feec0388488fc247be90c6f81c9a50ee96771554c5ac

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/v4/desktop/style_rtl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Length: 212
X-Proxy-Cache: EXPIRED

GET
H/1.1 200 search.png
24moro.com/v4/desktop/images/ 493 B
808 B 110ms
101ms Image
image/png 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://24moro.com/v4/desktop/images/search.png

Requested by

Host: 24moro.com
URL: https://24moro.com/v4/desktop/style_rtl.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7e1150dbc4124a8d6dfa07c66f475f2fa4064a33c888474c73427bc3b49e09d8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/v4/desktop/style_rtl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Length: 493
X-Proxy-Cache: EXPIRED

GET
H/1.1 200 home.png
24moro.com/v4/desktop/images/ 619 B
934 B 94ms
91ms Image
image/png 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://24moro.com/v4/desktop/images/home.png

Requested by

Host: 24moro.com
URL: https://24moro.com/v4/desktop/style_rtl.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b395ec4964eaea12636df05446d2b869fc711b7cf7cd630cd7bce422c954aaaf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/v4/desktop/style_rtl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Length: 619
X-Proxy-Cache: EXPIRED

GET
H/1.1 200 dots.png
24moro.com/v4/desktop/images/ 282 B
597 B 97ms
94ms Image
image/png 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://24moro.com/v4/desktop/images/dots.png

Requested by

Host: 24moro.com
URL: https://24moro.com/v4/desktop/style_rtl.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip223.ip-149-56-113.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

752384965c9820183a08c77c9a12567f7be4eaa4f898646f37db0c21cbce67ef

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/v4/desktop/style_rtl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:35 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:35 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Length: 282
X-Proxy-Cache: EXPIRED

GET
H2 200 css
fonts.googleapis.com/ 700 B
438 B 48ms
47ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cd5d9b9721d6b1bfc18d8c81562508902e01c61e2d2058485cc31fad4222c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 17:10:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
622 B 67ms
66ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b3c83e050c374cfdd13f77640509c6bf68fd787b8f35bfeef2aae4a3372355d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 17:13:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:35 GMT

GET
H/1.1 200 cdnh Show response
cdn.webeyo.com/ 1 B
189 B 91ms
89ms Script
text/javascript 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.webeyo.com/cdnh?id=4128711&url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ 45 KB
46 KB 111ms
36ms Font
font/woff2 2607:f8b0:400c:c38::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:400,700,800,500,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c38::5e Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://24moro.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 16:51:51 GMT
x-content-type-options: nosniff
age: 7124
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46524
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Apr 2024 16:51:51 GMT

GET
H2 200 config Show response
recommendation.speakol.com/api/v2.1/recommendation/ 4 KB
2 KB 116ms
29ms Fetch
application/json 2600:9000:2514:f600:1d:7d16:ed40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recommendation.speakol.com/api/v2.1/recommendation/config?wids=wi-5841&uid=undefined&rid=&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2514:f600:1d:7d16:ed40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash: fdc8c54d55aafecebffa063ef8831bf996a6375c0f0c60dce3007d1e141fb023

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
via: 1.1 7aea4d81c29185bd2784c2f86062007a.cloudfront.net (CloudFront)
server: nginx/1.21.6
x-amz-cf-pop: JFK50-P8
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
x-cache: Miss from cloudfront
access-control-expose-headers: Content-Length
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Set-Cookie, Cookie, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
x-amz-cf-id: rqWAxpxwTEm2tIzJFYED5nZkZQYK_1JVJHPms6p9xY1d0YcBZEgUZw==

GET
H3 200 sdk.js Show response
connect.facebook.net/ar_AR/ 302 KB
85 KB 41ms
19ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ar_AR/sdk.js?hash=fe173093903c72ef2e06bcb5eef872cf

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ar_AR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

100f2168b9ec611459e24a664b2e8856b13ddc0632cab732571a6dd6d0f146c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://24moro.com/
Origin: https://24moro.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 18:50:35 GMT
content-md5: c+JKJPsgh2kS/oeqCSIlEw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87355
x-fb-rlafr: 0
x-fb-debug: LUZAluBNzDzs1SIWvvXbWrb2HuTzh1RwwwIuBxY8cvQ0H7IfMaWjw0x/mfPbHo0Gh8Z9sYh1htRCRNMCBOPwmw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 6d7e13d2c1aa13f5deed60769acdcd08
cross-origin-opener-policy: same-origin-allow-popups
etag: "c6dada025d1321ed49b592b5acfa5c8d"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 11 Apr 2024 16:19:02 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 69ms
20ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-171785567-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 18:05:12 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2723
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 12 Apr 2023 20:05:12 GMT

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 7C44 320 KB
104 KB 19ms
18ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F24moro.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D33) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2411878
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Wed, 12 Apr 2023 18:50:35 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D33)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 7C44 664 B
603 B 132ms
44ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=0f33e6d32c238f4ab58f115dabf9d1e05058cae1

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F24moro.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

b0e3dea3ead4a88d28a0203a5dd56155100bf5d61b73c371992aa9f211ff5480

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 12 Apr 2023 18:50:36 GMT
server: tsa_b
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: f2bd570fb038b150
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: e106dd1577a070113de056732b19bcc80ef21afa2bfe3682ae613dc1fde2eb5b
content-length: 284

POST
H2 200 widget-page-view
events.askjdhaa.com/api/v1/push/ 0
0 189ms
50ms Ping
application/json 2600:9000:2120:7000:d:57d4:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.askjdhaa.com/api/v1/push/widget-page-view
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2120:7000:d:57d4:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 recommendation Show response
recommendation.speakol.com/api/v2.1/ 19 KB
3 KB 39ms
39ms Fetch
application/json 2600:9000:2514:f600:1d:7d16:ed40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recommendation.speakol.com/api/v2.1/recommendation?lang=ar&wids=wi-5841&pid=undefined&url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&uid=e914bb34-d962-11ed-98b8-1af38512f947&rid=e914bb5f-d962-11ed-98b8-1af38512f947&ref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&lf=true&ads_offset=0&articles_offset=0&page=0
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2514:f600:1d:7d16:ed40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash: dfef419d15c41bde0449c414eaaaeb247191c99c6b8355a481d042f518696fda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
content-encoding: gzip
via: 1.1 7aea4d81c29185bd2784c2f86062007a.cloudfront.net (CloudFront)
server: nginx/1.21.6
x-amz-cf-pop: JFK50-P8
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
x-cache: Miss from cloudfront
access-control-expose-headers: Content-Length
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Set-Cookie, Cookie, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
x-amz-cf-id: JKtD0k3k-6Nsm5noyCKlkH-70jiGGJ4mWt4ChNqAzTekTbhPcoaXYw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
202 B 34ms
33ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1001060783&t=pageview&_s=1&dl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&ul=en-us&de=UTF-8&dt=%D8%AC%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B1%D8%A8%D8%AD%D8%A9..%D8%A5%D8%B9%D8%AA%D9%82%D8%A7%D9%84%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D8%B0%D9%8A%20%D8%AA%D8%A7%D9%87%20%D9%81%D9%8A%20%D8%A7%D9%84%D8%B5%D8%AD%D8%B1%D8%A7%D8%A1&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1735371084&gjid=1523976715&cid=384984657.1681325436&tid=UA-171785567-1&_gid=2058620587.1681325436&_r=1&gtm=457e34a0&jsscut=1&z=1799727360

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://24moro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 ufplc Show response
revenueflex.com/rest/ 15 B
652 B 88ms
88ms XHR
application/json 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://revenueflex.com/rest/ufplc?st=0&plid=95248&m=0&ws=1347&u=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7a03e3684d43a975555964f127e302f06a4d7d13aa408c2949967d49bc818d74

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Allow: OPTIONS, GET, HEAD, POST
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS, GET,POST,PUT,DELETE,HEAD,OPTIONS
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://24moro.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, *
Content-Length: 15

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 45ms
12ms XHR
application/json 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230412

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6c920ee1554ad56939d12c7c7e9e586d15c262869e82dfd812c713da6c4f55bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
content-encoding: br
age: 10188
x-jsd-version: 1.0.1674
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 847
x-served-by: cache-fra-eddf8230103-FRA, cache-yul12834-YUL
x-jsd-version-type: version
etag: W/"63f-c6Ztmsug8o7ZG0QBgDC6uzZCKIc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
531 B 127ms
39ms Script
application/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 116ms
43ms Script
application/javascript 2607:f8b0:400c:c12::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::9a Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
692 B 265ms
264ms XHR
text/plain 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3729830312888194&correlator=1104186261777769&eid=31073678%2C31073754&output=ldjh&gdfp_req=1&vrg=202304100101&ptt=17&impl=fif&iu_parts=98948493%3A22675028386%2Cdalt5&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=526783382&didk=783095670&sfv=1-0-40&ists=1&fas=8&sc=1&cookie_enabled=1&abxe=1&dt=1681325436067&lmt=1681325436&dlt=1681325435064&idt=683&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=384984657.1681325436&ga_sid=1681325436&ga_hid=1001060783&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23658f94eb12770c2288a539a37804b3b625b8e8adea89c056d140a2987d449a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 662
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://24moro.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A4A1 6 KB
3 KB 142ms
36ms Document
text/html 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:36 GMT
expires: Thu, 11 Apr 2024 18:50:36 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/ 33 KB
12 KB 37ms
37ms Script
text/javascript 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl_page_level_ads.js?cb=31073754

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fd1f0630582db094124dfba3375fad526741151396366dcb80863e8ffc487ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 17:03:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6439
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11991
x-xss-protection: 0
server: cafe
etag: 12033572308822798883
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 11 Apr 2024 17:03:17 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 341 B
666 B 151ms
69ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=16&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-143950&tk_flint=arpb_lite_v7.41.0&x_source.tid=bf35fefc-55b2-4709-b27f-821c4bccf2ca&l_pb_bid_id=24d3b13fb8a08b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5660088925390401
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 02f1f30bcb01bc62382c4026f64771b23152121d2d2eac215fc8f83bb29671e6

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 341
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
421 B 673ms
141ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: 816bdd8885258b69d5fa0f5c290811837892f68cea69a19c10e42d62bca391fe

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
528 B 361ms
136ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://24moro.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
211 B 76ms
25ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=26976097267&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 20 KB
12 KB 204ms
158ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6277bfbc6bf9fb78dc4492a10d363cd98712c7baaeca8786678d18980e5f3dff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d047288a-e7fa-4617-a56a-7ef382ad30bf
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
211 B 69ms
24ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=33528681717&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 20 KB
12 KB 291ms
249ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31adc0e2c300991bb2cb0bb415c9a737988fb1f8169673359f7ab55cbb370de5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 95af740a-6514-43cc-9a5a-223b15c5af12
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 363 B
689 B 132ms
63ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=2&alt_size_ids=31%2C57&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-192726&tk_flint=arpb_lite_v7.41.0&x_source.tid=21b3ebaf-ffbe-48d4-837a-c23980a228ee&l_pb_bid_id=1668290bb5123c5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.18726383942498392
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3121c4ce1a2b6f3eb5c310cda425e7b6f484c62846f8810c7255b1dd4bf6d764

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 363
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
422 B 661ms
140ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: b3ee3d5ca5acf0a0f4a2ca66e12cc153b060e079b9894a2dbb220d1f31d9506d

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H2 200 openrtb Show response
adx.adform.net/adx/ 2 KB
2 KB 352ms
137ms XHR
application/json 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

93a69526f3256a8c01a6ebf0e12489b5b5bb95d25718a92023a43142335cb703

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://24moro.com
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 20 KB
12 KB 227ms
190ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4e52abe5d8cab0f6520a412e7683fdcf92c05343519c2e69901f0c4651eb22a0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: daff7ddb-b552-4d05-bafd-dbcca26cd937
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 373 B
922 B 127ms
62ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=15&alt_size_ids=10%2C14%2C16%2C57%2C67%2C67&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-204788&tk_flint=arpb_lite_v7.41.0&x_source.tid=8b3c992c-6d6a-4b5f-b2cd-1338d4785c30&l_pb_bid_id=24858e41f6299b9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5428161967780452
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f0677d07f771ea61d5eff0613545f0df54212d7b130b81c64d534768ab8c5ab4

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 373
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
527 B 357ms
145ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://24moro.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
212 B 60ms
23ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=70770606897&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
421 B 655ms
142ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: 8cde89a81f804ca6677f55b524b63ea1c46373b0ad8cfe08a1a98f44c44a6b57

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
421 B 652ms
141ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: 0be1062206d604d70c63e62fdd1f448b95ccf63597e06b94cfbae942d014144a

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
211 B 55ms
25ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=71576795714&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 361 B
687 B 138ms
82ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=15&alt_size_ids=10&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-214267&tk_flint=arpb_lite_v7.41.0&x_source.tid=89c2d65e-62a8-40ac-b4b6-3f707ddb9b60&l_pb_bid_id=36489e2fa402cfd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8227676154153627
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0c192715ec081769319aa430226929ec104a289c701bcd87fe494b7fda2e3d6e

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 361
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
943 B 61ms
23ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

88f85b6d3919de39e3fb80c4b6590cb470ff66189aa42eacf47818c124c347b0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:36 GMT
AN-X-Request-Uuid: 04b1dcde-90c4-4bbc-a68f-d035d1949541
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK button.e7f9415a2e000feaab02c86dd5802747.js Show response
platform.twitter.com/js/ 8 KB
3 KB 18ms
18ms Script
application/javascript 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D33) /
Resource Hash: ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Age: 2411878
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2618
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
Server: ECS (nyb/1D33)
Etag: "506673dbdb9085e7201e137e893cc152+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 058D 37 KB
14 KB 20ms
18ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D33) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2411877
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Wed, 12 Apr 2023 18:50:36 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D33)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
103 B 48ms
46ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1681325436182%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=0f33e6d32c238f4ab58f115dabf9d1e05058cae1

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 7
date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=631138519
last-modified: Wed, 12 Apr 2023 18:50:36 GMT
server: tsa_b
vary: Origin
content-type: image/gif
x-transaction-id: ad388de5d1f5aea6
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: e106dd1577a070113de056732b19bcc80ef21afa2bfe3682ae613dc1fde2eb5b
content-length: 43

GET
DATA 200
OK truncated
/ Frame 058D 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 share_button.php Show response
www.facebook.com/v2.0/plugins/ Frame 4093 68 KB
15 KB 129ms
89ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b401f5c03b95c%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&container_width=750&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&layout=button_count&locale=ar_AR&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ar_AR/sdk.js?hash=fe173093903c72ef2e06bcb5eef872cf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ff442096e7a4680bcbd5ce5ce908eaf7001d0bc780735453769a1f9b183f15e8

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:36 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: s9AQTxpqOuCEP7CP5eKnEL63hba4BThmozZ92xVhTqix7sAP/nUL7bp+7ycrmXcHFEAUWHpnbUpxK9rlh1FcNw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3

200

feedback.php Show response
www.facebook.com/plugins/ Frame 711D
Redirect Chain

https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is...
https://www.facebook.com/plugins/comments.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canva...
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canva...

293 KB
60 KB

111ms
111ms

Document
text/html

2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ar_AR/sdk.js?hash=fe173093903c72ef2e06bcb5eef872cf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c5ac9dcb1786d5cbb495e55ef3113669a89f5b8dd97389bbff51f8c908a6a0bc

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
date: Wed, 12 Apr 2023 18:50:36 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: fxzrZ7QCyXPvY9CJjBpCkmVAyFhx9rR36ah2rz1IKrrX+M9F+38cknBAimAmJZ/A1BSCaiGZ43zpzOdu84YDFA==
x-fb-rlafr: 0
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 12 Apr 2023 18:50:36 GMT
location: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: hLSbDjBdjSSi1G54omyyEoQzFdwxUJ2leX6dmTVUuCdUOWyxfBt8NPUwH73te3PBZZkR31V3JenRQ1Br72+AhQ==

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 180ms
88ms XHR
application/json 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304100101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77304e02b7a3e1b4de813d753e8659263b18c7fdcded945c07189af1e92a5302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11273
x-xss-protection: 0

GET
H2 200 speakol-appends.html Show response
cdn.speakol.com/widget/html/ Frame ED33 5 KB
2 KB 38ms
37ms Document
text/html 2606:4700:20::ac43:468a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.speakol.com/widget/html/speakol-appends.html
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:468a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db1785c7abb21f5abcc34d06d9023ef62110b12088cc950c47821bcbde851ab

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
age: 7195
cache-control: max-age=2678400
cf-cache-status: HIT
cf-ray: 7b6da7e8dd69113a-ORD
content-encoding: br
content-type: text/html
date: Wed, 12 Apr 2023 18:50:36 GMT
last-modified: Fri, 01 Jan 2021 18:02:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07QOUPGYKAKgO0tgI0P8oGcVgQVMp3d%2B6J3%2BLAKvnwX%2BAiNc5OXN%2FxPnHht%2FAhd7vwQpU8lXTs6fwN5dyM8lZyauJMl27GEa54LSiSJZzW7Z%2BE2wTxdK%2BA1gLkjqgaE%2FpIhnvKv9uKKwKtjXZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 9df316641adfdaf044ba4a0279382a60.cloudfront.net (CloudFront)
x-amz-cf-id: ui7HU8fsZWMpaf2xtCv1bKaYGvkRSHr3MbBJgsnFH30-txWEmVFWwA==
x-amz-cf-pop: SFO53-P1
x-cache: Hit from cloudfront

GET
H2 200 7OpZUpVGHiphGEFf2gqP67ShEj9nbuzEURkVdJ6M.jpg
cdn.speakol.info/publisher/articles-logos/ 62 KB
62 KB 126ms
37ms Image
image/jpeg 2606:4700:3031::ac43:8ca1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.speakol.info/publisher/articles-logos/7OpZUpVGHiphGEFf2gqP67ShEj9nbuzEURkVdJ6M.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ca1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6912122b10b4bb2a307ef2a6d6e6aa05af8f2f2dfbac1c2c5fb0533e4af35250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
via: 1.1 d52a9e684dfae600c21a064a00f08910.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: ORD52-C1
age: 1795
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 63060
last-modified: Thu, 30 Sep 2021 16:45:00 GMT
server: cloudflare
etag: "61ce650840e5fd0509ff74fd078bbee6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djavv5ykqBzYp4dfmFuGaYdihDumZRtEQB2MxvJ8n2jhnpjrBdQF5ElF5YOOSLAJD71iU06y88qRX2EF1Zpl1bIJtd53rmDtb1GxBkRZw9B%2BOrAAo%2BswBBPq45USdQrPOvxHFU6rlk8D8jSx79GW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 7b6da7e96dd110ec-ORD
x-amz-cf-id: W7Lidy9etTq70ro-MQ_7k1l2_awRS0Wpib738DW6oiWBl9BCmDfq4w==

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK 6y80fxjgtpcq-tn-play.jpg
24moro.com/cdn1/1/1/6/6y80fxjgtpcq/ 62 KB
62 KB 22ms
21ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/1/1/6/6y80fxjgtpcq/6y80fxjgtpcq-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6e4fc239feedbffc72b1dd6380eeb21259c1b28f972ee9dddfc5150a8f69bb4c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Tue, 11 Apr 2023 18:25:03 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6435a5ff-f81b"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 63515
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fk6egrblm2il-tn-play.jpg
24moro.com/cdn1/5/0/6/fk6egrblm2il/ 109 KB
110 KB 27ms
22ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/5/0/6/fk6egrblm2il/fk6egrblm2il-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c3203f157afa60442b15e1c38038b610cbaa4ba3375ad2feddfea55631fed215

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sat, 08 Apr 2023 20:33:43 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6431cfa7-1b59a"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 112026
X-Proxy-Cache: HIT

GET
H/1.1 200
OK dn11kgks47eh-tn-play.jpg
24moro.com/cdn1/4/4/4/dn11kgks47eh/ 73 KB
74 KB 24ms
19ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/4/4/4/dn11kgks47eh/dn11kgks47eh-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 264639fe6d4f08ea4c110cecaab134a2ddb11cd7b0ad6abec9b8b82b18c86ba1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sat, 08 Apr 2023 19:30:36 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6431c0dc-124ca"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 74954
X-Proxy-Cache: HIT

GET
H/1.1 200
OK wypdg5jdzxy7-tn-play.jpg
24moro.com/cdn1/3/3/1/wypdg5jdzxy7/ 91 KB
91 KB 27ms
22ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/3/3/1/wypdg5jdzxy7/wypdg5jdzxy7-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2cb7eacaed4e152391fc7ad967d8a66914249b8ad26425d074a03b520a604fa6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Thu, 06 Apr 2023 21:07:53 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642f34a9-16a32"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 92722
X-Proxy-Cache: HIT

GET
H/1.1 200
OK rxk83o7akdvy-tn-play.jpg
24moro.com/cdn1/6/0/7/rxk83o7akdvy/ 151 KB
151 KB 27ms
22ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/6/0/7/rxk83o7akdvy/rxk83o7akdvy-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 74dd8f634727e5a01e2a9e445e2fd9b67ccfc995f1860037e6b53bd25b13a82b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Wed, 05 Apr 2023 16:15:16 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642d9e94-25c37"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 154679
X-Proxy-Cache: HIT

GET
H/1.1 200
OK bo4b969anvrr-tn-play.jpg
24moro.com/cdn1/4/3/0/bo4b969anvrr/ 238 KB
238 KB 24ms
20ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/4/3/0/bo4b969anvrr/bo4b969anvrr-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 642bedf87313b333b1f6815626461fbaabbc710ec83ced81cba70a82a3f0f6a5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Wed, 05 Apr 2023 10:48:50 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642d5212-3b64a"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 243274
X-Proxy-Cache: HIT

GET
H/1.1 200
OK j9mz1l3ry6er-tn-play.jpg
24moro.com/cdn1/9/0/9/j9mz1l3ry6er/ 121 KB
121 KB 57ms
14ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/9/0/9/j9mz1l3ry6er/j9mz1l3ry6er-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: edcbc261c4905c6f5f7cdda2e8c1c12f2608cd487f6a1b6e354b5a5b96e6a3bd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Tue, 04 Apr 2023 11:29:08 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642c0a04-1e409"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 123913
X-Proxy-Cache: HIT

GET
H/1.1 200
OK imwm37d5ucdz-tn-play.jpg
24moro.com/cdn1/9/4/3/imwm37d5ucdz/ 44 KB
44 KB 54ms
11ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/9/4/3/imwm37d5ucdz/imwm37d5ucdz-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 304ca1cf206c2d4cf36119d67c2e857a55c6eb93b0ad235076bc0bee72195b20

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Tue, 04 Apr 2023 13:24:58 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642c252a-ae18"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44568
X-Proxy-Cache: HIT

GET
H/1.1 200
OK kgcu8dorqwdn-tn-play.jpg
24moro.com/cdn1/0/7/6/kgcu8dorqwdn/ 39 KB
39 KB 52ms
14ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/0/7/6/kgcu8dorqwdn/kgcu8dorqwdn-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 085b24aa196683eb6f909936d8feff941b0b8d9f8315d2db4f1dcd45403e79f7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 02 Apr 2023 18:42:55 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6429ccaf-9ab8"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 39608
X-Proxy-Cache: HIT

GET
H/1.1 200
OK s9nw6wagfpro-tn-play.jpg
24moro.com/cdn1/8/7/3/s9nw6wagfpro/ 84 KB
85 KB 63ms
10ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/8/7/3/s9nw6wagfpro/s9nw6wagfpro-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: fe70ba58df4c389fc5a0a58556f6ab248c9c94f82acc1032426b8f3ba3b95152

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 02 Apr 2023 13:50:00 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "64298808-150a4"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86180
X-Proxy-Cache: HIT

GET
H/1.1 200
OK vp2xuy4istqe-tn-play.jpg
24moro.com/cdn1/8/5/7/vp2xuy4istqe/ 129 KB
129 KB 61ms
17ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/8/5/7/vp2xuy4istqe/vp2xuy4istqe-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 16d50b0344bc81eabe91852de070ba92e0aca6b3385a5dbc1e94a9e23e042067

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 02 Apr 2023 13:19:53 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "642980f9-20344"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 131908
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ucfsmc2l5fz4-tn-play.jpg
24moro.com/cdn1/6/2/5/ucfsmc2l5fz4/ 84 KB
84 KB 65ms
10ms Image
image/jpeg 149.56.113.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://24moro.com/cdn1/6/2/5/ucfsmc2l5fz4/ucfsmc2l5fz4-tn-play.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.56.113.223 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip223.ip-149-56-113.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: dc276b9d4591e853a58fd0a2b77936a38401faa623a1b9fe104a70615a2e4f3b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/qbb0afxwjzbz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 12 Apr 2023 19:00:36 GMT
Pragma: public
Date: Wed, 12 Apr 2023 18:50:36 GMT
Last-Modified: Sun, 02 Apr 2023 00:33:37 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6428cd61-1505b"
Content-Type: image/jpeg
Cache-Control: max-age=600, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86107
X-Proxy-Cache: HIT

POST
H2 200 widget-view
events.askjdhaa.com/api/v1/push/ 0
0 37ms
34ms Ping
application/json 2600:9000:2120:7000:d:57d4:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.askjdhaa.com/api/v1/push/widget-view
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2120:7000:d:57d4:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame ED33 181 KB
67 KB 57ms
41ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TD93CHSZBP

Requested by

Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/html/speakol-appends.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5990392ffecc1742adefccd4bfe98287fe1580dc5819e3e18635c8be4c18a6ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cdn.speakol.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68484
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 12 Apr 2023 18:50:36 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 4093 272 B
517 B 20ms
19ms Image
image/png 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b401f5c03b95c%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&container_width=750&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&layout=button_count&locale=ar_AR&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: cjaHU2nqbc+rfoCCEAY9yXEy5mM4Mu9UrSrCEdJb5L0v8eCMaOwevhmqez9v9gHP5NfVlJB5bTYiZdVEHxowLA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 31 Mar 2024 10:44:19 GMT

GET
H2 200 j16_pH8M3c6.js Show response
static.xx.fbcdn.net/rsrc.php/v3iCHM4/y3/l/ar_AR/ Frame 4093 510 KB
132 KB 22ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iCHM4/y3/l/ar_AR/j16_pH8M3c6.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

892f1b8f079de2534b6bb5ff19c02962add5c7f402fd0627815006c351bf40fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 9gqUKgGgcB41ZmqewX5Rzw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 135311
x-fb-rlafr: 0
x-fb-debug: jGJX4RzLgX5dv3jwjTtTmAWmY2t0xCBmdAfgoz0y5UEMNj7yoE/fdEnCHBYTqsgdwi02hkiDz19hIRCO+LAsYA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 11 Apr 2024 06:24:37 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 40ms
37ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 12 Apr 2023 18:50:36 GMT

GET
H3 200 BmVnUOFrENC.css
static.xx.fbcdn.net/rsrc.php/v3/y4/l/1,cross/ Frame 711D 722 B
448 B 20ms
20ms Stylesheet
text/css 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/l/1,cross/BmVnUOFrENC.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c221a3f2730fc%26domain%3D24moro.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252F24moro.com%252Ff1ea07d0e52613%26relation%3Dparent.parent&color_scheme=light&container_width=750&height=100&href=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&locale=ar_AR&numposts=5&sdk=joey&version=v2.0&width=550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

783d0448cd510dee935eef86a2114578500ce66a625a8ee9242189e864de9852

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: fSHswO3gAQsa9ZkWaZlF0A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 393
x-fb-rlafr: 0
x-fb-debug: Zj/zyO30y6SgtQ62tPdEvYQH+IhRTsFo7P76+ViWC8PvpDXx4xEerBV0B9YdGvSsT3IMqF7gKUhSFre4SJEbMA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=0
expires: Thu, 11 Apr 2024 00:05:15 GMT

GET
H3 200 Ob87a_9teQw.css
static.xx.fbcdn.net/rsrc.php/v3/yy/l/1,cross/ Frame 711D 122 KB
20 KB 22ms
20ms Stylesheet
text/css 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/1,cross/Ob87a_9teQw.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d7872f259662537ed54eecb94eb30467f12472e79fe506b7de6d53812b4ab89c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: j/v3mJaDwBBc1D8nbic1Sw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 19960
x-fb-rlafr: 0
x-fb-debug: r+jyVPoSfSs5v9BftQcyAe8veKE9s82f8ebtz5N7TUXM9m3BI8Mo2Em7sT+aqi5b6h8IB03kFsgVC5rTmpLAeg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=0
expires: Thu, 11 Apr 2024 17:42:54 GMT

GET
H3 200 rkk1mFiDTWh.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 711D 301 KB
79 KB 24ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/rkk1mFiDTWh.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1d360ec4001f0151c03bd93dd1fa62e58b1bfce987ae5a84f3daef0c7158e0d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ySVoZeg76hHNs3X4azQFMA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81339
x-fb-rlafr: 0
x-fb-debug: yx8uJsYNFoAMrbUmgR/AolApx88BIlw5Wk7bmiAhpUfA3pLvD9hV3k7UtPrbn1dIuEvCzfxkjkErN5JXSiPvdQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 11 Apr 2024 00:35:29 GMT

GET
H3 200 IBnsR8r2Hs7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iJoa4/yd/l/ar_AR/ Frame 711D 150 KB
43 KB 30ms
29ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iJoa4/yd/l/ar_AR/IBnsR8r2Hs7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3538deba64f3b9ac590d80dfbfb406711485126bd8baeae1c47db54afef205c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: so/XCh2IRwmCYtXmOj64Uw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 43762
x-fb-rlafr: 0
x-fb-debug: JJXODHlwFx5/oTmU4qQCpMgPeSrr4fWA7dmvQi47PgeZnNsKSDTyNuaJSwtHh2ntpSt8Up9cjeDITYKKwkaTKw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 11 Apr 2024 00:05:15 GMT

GET
H3 200 rih-0-sYXW5.js Show response
static.xx.fbcdn.net/rsrc.php/v3i_eq4/yE/l/ar_AR/ Frame 711D 1 MB
276 KB 40ms
38ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i_eq4/yE/l/ar_AR/rih-0-sYXW5.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6bf62889eb1086d1968ff8020fa26cbf40aaae5b8febb3bbf06eae9f67a80037

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 7ErLYy5jbt8Mnm2RDDk1Tg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 282535
x-fb-rlafr: 0
x-fb-debug: IrPqb0Aj9cn93SAMgcsFeh+YFTWmCLuv/UFQw4WqzNXfrBVIRrKNDS9+Ai09ND+zmf+mLUdy5tKUALVure4S/w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 11 Apr 2024 17:42:07 GMT

GET
H3 200 ev2BQdyFqoN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yj/r/ Frame 711D 46 KB
14 KB 66ms
65ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/ev2BQdyFqoN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7c44998f2124099aa09eca550067428ac92979d5c5cc8e17688348d7793f93c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: sJtWC6LLN3+47seqkdraJQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14132
x-fb-rlafr: 0
x-fb-debug: K04B4OgU1aiaiY/mpONi0HKo1xjc24EjqeeoLNMOOiNdU3L4pcX7qh7eIZY9QvpI8ng6S03Hwl7i9pnjt5gFLg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 11 Apr 2024 00:04:25 GMT

GET
H3 200 p55HfXW__mM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame 711D 507 B
347 B 68ms
67ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: L5E9gSgR735vyjAzTFly4g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 293
x-fb-rlafr: 0
x-fb-debug: P3eVJi2JRflDRneXdgoHYN9ZoXo4KVsN6F23rvOEUZh9Qubp1WOXiQzSZxdnh/koCI2dJ+mGyNsd+rXXc5H3Iw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Wed, 10 Apr 2024 22:48:10 GMT

GET
H3 200 AmXTSX-e48c.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yz/r/ Frame 711D 57 KB
15 KB 69ms
67ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/AmXTSX-e48c.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d59ee5c042752f61e5b31bafe02c46f869d6e1ba0482ae974d08b99299357196

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: GCHU8Ve5unONaMXgQTJ5lA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15490
x-fb-rlafr: 0
x-fb-debug: z6DRdwxlLKMF0zmI445za8k2xjzdddYCT2AcpOehOTiZiMlbkchlNAuGDtvqmiZquN8CJwwDzkfDceZEcYHTNw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Wed, 10 Apr 2024 22:48:11 GMT

GET
H3 200 x349v4gG6oZ.js Show response
static.xx.fbcdn.net/rsrc.php/v3inqT4/yg/l/ar_AR/ Frame 711D 46 KB
13 KB 69ms
68ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3inqT4/yg/l/ar_AR/x349v4gG6oZ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8fa1b47fe4262f8c5f4b9b3cd6020e5613c58c17cd93bce445416e15ad0e8d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 8uJVOOY7EHfXFhTBYGEU/w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13683
x-fb-rlafr: 0
x-fb-debug: Y2fMWzdnZS+8YCD+bXkHKi6bcAcoxZ7NeTSSV/QT3BkHujLNcKrxmmVwWwzrtBJpqcyaFVJZFqkqv4AD7D6dUQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 11 Apr 2024 06:08:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0F06 13 KB
5 KB 38ms
35ms Document
text/html 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 37738
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 08:21:38 GMT
expires: Thu, 11 Apr 2024 08:21:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AC5F 783 B
1 KB 114ms
41ms Document
text/html 2607:f8b0:400c:c36::69
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c36::69 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

811eb577616a205c48753c3a6586a047012b6029d8ffce950ecfcaf05ea0d78c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GxpUVhiRL20oV-nDGPfHlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-GxpUVhiRL20oV-nDGPfHlA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:36 GMT
expires: Wed, 12 Apr 2023 18:50:36 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js Show response
pagead2.googlesyndication.com/bg/ Frame 0F06 36 KB
14 KB 105ms
35ms Script
text/javascript 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sat, 08 Apr 2023 21:19:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 336696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Apr 2024 21:19:00 GMT

GET
H3 200 fjpkgs9PGBf.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ Frame 711D 489 B
270 B 20ms
20ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/fjpkgs9PGBf.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/rkk1mFiDTWh.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

88ce1b339c3c9cd5532d812b3d139e3e9eedd79f09da27c90ff33facc879b34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: /+ESYY3m49U8+lWjUcZVJA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 217
x-fb-rlafr: 0
x-fb-debug: zwNVvg+uH9sWtW9FjsdK/PNIS0Y49U/NaEOInSpembuDsnSUtoEI0XJPl3ocGdneF6goNo58vJHoXoQBXaMYmQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Fri, 05 Apr 2024 17:19:23 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC5F 0
0 36ms
36ms Image
text/html 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304100101&jk=3729830312888194&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 200 N1EAzKwNius.png
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 711D 59 KB
59 KB 19ms
19ms Image
image/png 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N1EAzKwNius.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/1,cross/Ob87a_9teQw.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b7ceb7bf4259c43c69d933ec8028a4e73918170e878b08e9198b493f5624d5d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/1,cross/Ob87a_9teQw.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
content-md5: 2dQLoobaMGl+SqTrwuARtg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 60542
x-fb-rlafr: 0
x-fb-debug: amHkfSzpI66Rt4ecdA5mMMg8YhCp2HxUSfwzmtAR/DS00FTbzJCwU4p1QPbNy5iE2lvlJf6GUB04Bgj2zxZyYA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 10 Apr 2024 06:22:25 GMT

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
421 B 140ms
140ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: 55a939b24de0f015d3c9ea91f594221806637412a21ae9a41a5ce485e6d92823

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
211 B 24ms
24ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=53052145703&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 20 KB
13 KB 188ms
188ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

face9f5338a5132ad4325db37dbb1183128be720f12f0994df7abf0f27e8d11f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8808d9f6-754f-49eb-b7d8-b74a58dddbc4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 367 B
402 B 121ms
121ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=15&alt_size_ids=13%2C14%2C16&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-214268&tk_flint=arpb_lite_v7.41.0&x_source.tid=4bc91bc5-d1d7-4d37-9ece-f567448de4da&l_pb_bid_id=46b60a19a50c61b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.46871574380327763
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 426077da3926c92ef2d3df3bce6337b68356dac66bb4e1c292e6879fd49dc702

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 367
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 3FD2 13 KB
5 KB 116ms
35ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 74455
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Apr 2023 22:09:41 GMT
etag: 12223946614886178233
expires: Wed, 12 Apr 2023 22:09:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 1218 7 KB
3 KB 122ms
41ms Script
text/javascript 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1650
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3332
x-xss-protection: 0
server: cafe
etag: 17978550389519879348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:23:06 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 1218 80 KB
27 KB 72ms
11ms Script
application/x-javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 10 Jan 2024 21:27:38 GMT
Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 7939378
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-yul12831-YUL
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1681325437.876620,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 2714149

GET
H/1.1 200
OK it
nym1-ib.adnxs.com/ Frame 1218 0
933 B 75ms
29ms Image
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252F24moro.com%252Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGENaF2duO1eyIdxgAKjYJAMXIkjmW0j8RgCctXFbhyz8ZAAAA4HoU7j8hgA0SACkRJNAxAAAAQOF6pD8wg4X0CTiHXkDlHkhlUK2iyyVYyZyOAWAAaOz0vQF4icoFgAEBigEDVVNEkgUG8GWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1CX1lfTnhwX2JtZXhPbkhjRkF6QVVSU0RxeWM4Tk43Yk12RU84djZJX3pLMlROd0dPQkhQWkRJVk15QWRQTHYtT3NZVlhaeVdZUE45R1RoZEpad0l2dHB4Vzd3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTc5ODM1MjAzNjkyMTUxNTEwIgg3ODgyNzgyMSoEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBK2iyyWIBQGYBQCgBcfHw8Olvr2BQsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_bBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTchCzA0MTg5yAeJygXSBw0JDTQFNQzaBwYIBQlo4AcA6gcCCADwB8T_B4oIAhAAlQgAAIA_mAgB&s=be5bdadcb5a496c20286a257dcad200696af6711

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:36 GMT
AN-X-Request-Uuid: c244bf1a-9de0-4abe-a9f3-13c1e7ceb1ac
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1218 0
20 B 39ms
38ms Image
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DzetfjsSC4mditZwoUEsgY7yZrNqVbigNYiRboQZ-5Yx_gjd3a3kPCycxHF2sFmGYj2F86IFNEv7bfFoPjDTP7FcqRlQ

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 361 B
396 B 91ms
90ms XHR
application/json 2602:803:c002:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23358&site_id=369314&zone_id=2014728&size_id=15&alt_size_ids=10&rp_schain=1.0,1!adreact.com,440,1,,,&rf=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.page=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&tg_i.domain=24moro.com&tg_i.pbadslot=revenueflex-ad-215223&tk_flint=arpb_lite_v7.41.0&x_source.tid=539f2620-c94f-48c5-b4cf-d3e732ba3fdd&l_pb_bid_id=487b36169b9312b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.41783113538079
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::41 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ec483e6ca3791c4712c7eec7ee6ae73f678446535f514293be62f267ea134fb7

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://24moro.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 361
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
211 B 24ms
24ms XHR
text/plain 2620:100:a001::18
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.41.0&cb=74246807539&lsavail=1

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H2 200 hb Show response
cpm.programattik.com/ 233 B
421 B 140ms
140ms XHR
application/json 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=22&v=1.6
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: f0ed85019757194c9e1396d35dca1a0d6905b55e5b4a67e6a3d7efe965f26731

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
server: nginx
age: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
cache-control: no-store
access-control-allow-credentials: true
content-length: 233

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
6 KB 208ms
208ms XHR
application/json 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e1cde0852d19b09fbbd9d19328b98804eb3bf302a25ce9e51b2f77a1efde5926

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 12 Apr 2023 18:50:37 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ddef406c-111b-4584-b946-b2e144ea8531
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200 ufplc Show response
revenueflex.com/rest/ 15 B
652 B 87ms
87ms XHR
application/json 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://revenueflex.com/rest/ufplc?st=0&plid=214267&m=0&ws=1347&u=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7a03e3684d43a975555964f127e302f06a4d7d13aa408c2949967d49bc818d74

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Allow: OPTIONS, GET, HEAD, POST
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS, GET,POST,PUT,DELETE,HEAD,OPTIONS
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://24moro.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, *
Content-Length: 15

GET
H2

200

user-sync
rtb.programattik.com/
Redirect Chain

https://cpm.programattik.com/user-sync?zone=22&t=image&r=%2F%2Fcpm.programattik.com%2Fuser-synced%3Fzone%3D22%26uid%3D%7BUID%7D
https://an.yandex.ru/mapuid/turktelekomrtb/
https://an.yandex.ru/mapuid/turktelekomrtb/?redir-setuniq=1
https://rtb.programattik.com/user-sync?dsp=5&t=image&uid=7C2CF3F916602336

42 B
152 B

580ms
160ms

Image
image/gif

85.111.6.50
TTNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.programattik.com/user-sync?dsp=5&t=image&uid=7C2CF3F916602336
Protocol: H2
Server: 85.111.6.50 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns1.ttidc.com.tr
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
cache-control: no-store
server: nginx
age: 0
content-length: 42
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 12 Apr 2023 18:50:37 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://rtb.programattik.com/user-sync?dsp=5&t=image&uid=7C2CF3F916602336
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
165 B 42ms
40ms Script
application/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 38ms
38ms Script
application/javascript 2607:f8b0:400c:c12::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c12::9a Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 54 KB
11 KB 407ms
406ms XHR
text/plain 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3729830312888194&correlator=1555989636762214&eid=31073678%2C31073754&output=ldjh&gdfp_req=1&vrg=202304100101&ptt=17&impl=fif&iu_parts=98948493%3A22675028386%2Cdsp03&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C120x240%7C300x250%7C234x60&ifi=2&adks=209871284&didk=2032069058&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D9e3384e6c3045246%3AT%3D1681325436%3AS%3DALNI_MYvwZwke8MGVxLJQ49lMw6JYJ4qWA&gpic=UID%3D000009f0b6c5969d%3AT%3D1681325436%3ART%3D1681325436%3AS%3DALNI_MaLgjMX75zs3kiZBmnH3pGwwp3vfw&abxe=1&dt=1681325436829&lmt=1681325436&dlt=1681325435064&idt=683&adxs=283&adys=390&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&frm=20&vis=1&psz=300x0&msz=300x0&fws=0&ohw=0&psts=AHQMDFfSjo7p6viE0TsGIBhdzAadUE1KNgkhAeJA0Os6h2NO&ga_vid=384984657.1681325436&ga_sid=1681325436&ga_hid=1001060783&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96ec1b69a57664437a736802aadb8bfe1235b2ffca93f664b24a1c23bc4eda2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11438
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://24moro.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame C2C8 13 KB
5 KB 86ms
43ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 74455
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Apr 2023 22:09:41 GMT
etag: 12223946614886178233
expires: Wed, 12 Apr 2023 22:09:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame F30D 7 KB
3 KB 81ms
37ms Script
text/javascript 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1650
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3332
x-xss-protection: 0
server: cafe
etag: 17978550389519879348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:23:06 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame F30D 80 KB
27 KB 36ms
12ms Script
application/x-javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 10 Jan 2024 21:27:38 GMT
Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 7939378
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-yul12828-YUL
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1681325437.877072,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 1052583

GET
H/1.1 200
OK it
nym1-ib.adnxs.com/ Frame F30D 0
933 B 63ms
21ms Image
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252F24moro.com%252Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEOWJ4Ln5zNvVNBgAKjYJZ5qw_WSM0T8RmueIfJdSyj8ZAAAAYGZm7j8hmg0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF4u_wFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1DQVVLU2hzcGFXQ0RXTE1KdzQ4VHA0UW1oc1MzZlNQMkdTSl83ci0tQ3dIRUtpLUV1cmw3a25NQVVHTVFiVTlmSEw5YjNCcUhEa0ozUWs4VkYyTjJvcXNsUHhMZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNzk1MjQ4NTAyMTg3NDkyNTgxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBcWGgY_oo_K4XMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcTtUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzNzkxMjc3NzY5N8gHu_wF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=5b0f515db9421f3f00db1f2c7bbf9f27d8255eaf

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:36 GMT
AN-X-Request-Uuid: 08ed7ff0-6e85-4c35-b3bf-00b5dd2062b3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F30D 0
20 B 40ms
38ms Image
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-Dulw0vZzUvypzI6vM48DY0kyckYK0nvSX83VfNiUao863fHvuzBhePxiOADHbbHQ91kBRwn0k2AIaE_5Rm_Dk75QCPtg

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 0A9B 13 KB
5 KB 87ms
60ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 74455
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Apr 2023 22:09:41 GMT
etag: 12223946614886178233
expires: Wed, 12 Apr 2023 22:09:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame B57D 7 KB
3 KB 67ms
39ms Script
text/javascript 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1650
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3332
x-xss-protection: 0
server: cafe
etag: 17978550389519879348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:23:06 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame B57D 80 KB
27 KB 39ms
10ms Script
application/x-javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 10 Jan 2024 21:27:38 GMT
Date: Wed, 12 Apr 2023 18:50:36 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 7939378
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-yul12831-YUL
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1681325437.897544,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 2714150

GET
H/1.1 200
OK it
nym1-ib.adnxs.com/ Frame B57D 0
933 B 53ms
27ms Image
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252F24moro.com%252Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEM3X24vflMnoYRgAKjYJlE25wrtcuD8RL_oK0oxFsj8ZAAAAYGZm7j8hLw0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF45MYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EcTRNTkxLcnpWWUxuMHl1VEhxLVdheDZSRFV3bjNyQzk3R2ttTWVWOU5VVUlieHJUTGROOFcyalF3SEludElBYUxOWlJDdDdaa2QzVExBM3R2clM5X192ZVl3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MDQ4NDU1MTg2OTUwODQzMzQxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBZLGjavtjp_EH8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTc4MzUyNDE4OcgH5MYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=c56b789d2200dc0168d5eacb1b26a52e9d65bf90

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:36 GMT
AN-X-Request-Uuid: 532d0093-3210-4177-ae66-88eccd6007fa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B57D 0
20 B 41ms
36ms Image
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-Ae1ssDsxItkZRVP3YTKQrEAh5irjAYNCzHNgLXBVEpdE95K6wnmQK4I3UonPqIZanKMBTX4_F8l8GQB2P1eHuDBcWb9w

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 124 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e068948229c5af3b37a6927a61efe4851a09c71ade24f529d1ad56b01e31ff2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame F30D 0
933 B 20ms
19ms Script
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QLPL-jPFwAAAwDWAAUBCPz626EGEOWJ4Ln5zNvVNBgAKjYJZ5qw_WSM0T8RmueIfJdSyj8ZAAAAYGZm7j8hmg0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF4u_wFgAEBigEDVVNEkgUG9HUBmAHQAqABmAKoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuWlBOAC9dta6gIfaHR0cHM6Ly8yNG1vcm8uY29tL3FiYjBhZnh3anpievICDQoGSEVJR0hUEgMyODDyAgwKBVdJRFRIEgMzMzbyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTM4ODc2NzA5N_ICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3QyLQAQLmNhbGwBKSgsdm9pZCAwKX06ZhHNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUawGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS4JKVw7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMNaAwgZTtyBXEMLTF9OxGgOCBtKGEpe21bIiAiXShhKQ0iCCBhfQkTAD0RKAgoKXsdNQBuATUEYT0J7jg9PT1hP2RvY3VtZW50OmEVQyQuY3JlYXRlRWxlARkYKCJpbWciKR1FAHAhHAwsZSl7AcoUYj0hMTtiGVKAYj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoWhoAED1bXSk7AVEUZD1uKGEuEZcEKTshGAlrAGYu1QAZFwRnPVpTADwsaD1sKGcsZCk7MDw9aCYmPjICFHNwbGljZUkEdGcsaCwxKX1kLnJlbW92ZUV2ZW50TGlzdGVuZXImJlIXADQoImxvYWQiLGYsITEpO1IjAGI6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAABbT4UAAAoNmoAWGImJihkLmF0dHJpYnV0aW9uU3JjPSIiAb4Qc3JjPWNetwEkLnB1c2goZCl9ClmABHEoKZYEYT0xrDQuY3VycmVudFNjcmlwdE1PACgybgIsbnVsbDphKSYmIjc3YVIUYS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRAxdJyl9RTcscj1SZWdFeHAoIl5ooSngPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmjQAEIHQV4ABrBWEMYz1bXQUJBGU9AcYMO2Rve0GvGGI9YTt0cnkFDABkQa0YZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQFeCGY9ZBkXAGYBFgxpZihmKXkAZz5eAAw7ZT1idTkEJiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGc9ZSwNywBjKeAwbmV3IHUoZ3x8IiIpKQXVFGE9Yi5wYSHUGYYAYQX_TH19d2hpbGUoYSYmYiE9YSk7Yj0whd4AYZX_dC0xO2I8PWE7KytiKWNbYl0uZGVwdGg9YS1iO2I9ayErOR4BrjUqOGFuY2VzdG9yT3JpZ2luc24cAK1qAD0ddQApoWQUYT0xO2E8sYlMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBHDA8PWU7LS1loeFIZj1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUlWggmJmUFSAEbCCk7YwWtEHYoYixn1R0UYy5nP2MuBfoMOmMuaQFAAH3RKAQgdqHWHCl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3S8Ad3VJFHQoKSxjPfkTPCI_Iik7c2V0VGltZW91dCgRjA0xAGXZVhhlPy4wMTplQTVEIShNYXRoLnJhbmRvbSgpPmUpaQ8MYj1xKCGkACJl_zQ6Ly8iKyhiJiYidHJ1ZYFrAGJWawQ4LXJjZCIpPyJwYWdlYWQyzbcQc3luZGlpuSAtY24uY29tIjpmIwAFIAwpKyIvCUV4L2dlbl8yMDQ_aWQ9amNhJmpjPTc3JnZlcnNpb249IoVFDGQ9KGQBsQApobZSBAUALQ0xMCIpfHwidW5rbm93biJh41wrZCsiJnNhbXBsZT0iK2U7Yj13aW5kb3cFWABmOTQAZuGKAGYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4IKX19DhcJFt8IKCAwPD1jP2Euc3ViFloJHCgwLGMpOmF9CeAMLnJmbC4CCA01aGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoUKTsKPC9zxZhsPvICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSFSDHBvc2mhsWQ6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcg4UxVh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtRHVsdzB2WnpVdnlwekk2dk00OERZMGt5Y2tZSzBudlNYODNWZk5pVWFvODYzZkh2dXpCaGVQeGlPQURIYmJIUTkxa0JSd24wazJBSWFFXzVSbV9Eazc1UUNQdGciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRp8ZGlzcGxheTpub25lIj48L2Rpdj7yApkBCgxQT1NUX1MaGgwIiAE8KWo2CAEWEApQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlCUsAPg1TAD6dJGAge3IzcHgoJzM4ODc2NzA5NycpO30pKCk7PeoQpREKEEgBnTRQT1JUX1BBUkFNUxKQEZEjipQA8H1hZGZldGNoP2Fkaz0xMjkyODY1NjY3JmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD0zMzZ4MjgwX2FzJmlwPTE0OS41Ni4xNTMuMTg3Jm91dHB1dD1odG1sJnVudmlld2VkX3BNjCBfc3RhcnQ9MSahdxG9ADJWCA4QJnN1Yl8NkQBiQZfwfXItNTM1NzQ3NyZobD1lbiZhY2VpZD1NT3NXdEFERkdyUUFneHkwQUxKd05BSFVnelFCakljMEFRcUlOQUVTaURRQktZZzBBVHFJTkFGY2lEUUJjNGcwQVhTSU5BR01pRFFCb29nMEFiYUlOQUc5aURRQndvZzBBY2FJTkFITgEQAHoBMBRkQ0lOQUgFUAAwBRAAZQEQAFoBIBg0WWcwQWVLARAAbAEQADUBIARmYQEQADQBEERJSWswQVNTSk5BRW1pVFFCSjQBEPQJCG1KTkFGTGMwRUJVM05CQWV3ZDJnRml3ZjBCVV95SUF2YjhpQUpTX1lnQ2VFQ3FBaWRDcWdJb1Fxb0NLVUtxQWh4RXFnTC1lS29DOEl1cUFsdVJxZ0pvbGFvQ2dKdXFBb0dicWdLQ202b0NtYWlxQXFLb3FnSzRzS29DMTdHcUFrZlVxZ0k3MmFvQ1NlV3FBcURscWdLcDlLb0NSX2lxQWliN3FnSkMtNm9DdFFlckFzY0hxd0tfRWFzQ1ZoS3JBbk1TcXdLdkY2c0NrQjZyQXFnZnF3SThJNnNDZ3llckFsUW9xd0lPS3FzQ05pdXJBdnNycXdMV0xxc0NuRENyQW9zeXF3SkRNNnNDWHpXckFqdzRxd0xuT3FzQ0RUeXJBaU04cXdMLVA2c0NhRU9yQW41RnF3Sy1ScXNDRmtpckFyeElxd0xZU0tzQ2RrcXJBbU5McXdKUFVxc0NvVk9yQXRGVXF3TGNWS3NDNmxTckFtdFZxd0stVjZzQ0tsaXJBa1JZcXdLaldLc0NxMXFyQW05YnF3TEVXNnNDU0Z5ckFsZGRxd0stWHFzQ3psNnJBbjlmcXdKZVlLc0NOR0tyQW9WanF3SjJaYXNDcldXckF2Umxxd0lHYUtzQ1dXaXJBbnRvcXdLZGFhc0NzR21yQWtscXF3S1RhcXNDSFd1ckFrWnJxd0pjYTZzQ25HdXJBcUJycXdLa2E2c0N4bXVyQXZwcnF3SUViS3NDS0cyckFqbHRxd0ticzhVRndJWWpDcW8xb0F3Mmxmc1NXYlg3RXZYRS14SUd5ZnNTZU4zN0VuYjEteEpQQ1B3U0lnbjhFcElKX0JMa0Nmd1MzZ3o4RXZNT19CS2xEX3dTNndfOEVpMFFfQktXRVB3U0VoSDhFb1F1UWhTY3l4d1k5MVpyR2cmZXhrPTM4ODc2NzA5NyZhd2JpZF9jPUFLQW1mLUNMUVFuOHJYRUVXcjcycUkyYmlEMU1wU3BaaHk5N1BkUEYwMlZJY1JnN2N5dW5nM21JanU4Z2QyTGV1c0k1SEZ5MndIZ2t4elMxUHQ1NlZ6ajNZME9HUDdzeDk0N0ZQYTlvQlZORDFPQ0daTDBMRjRiRzN0UjVqZUtCbUVodWo3NlZmcDJLTU9nOUNlM2VuZGZsTUZRb1pXM2RVQVBfdWdEUzhNUXZGSmstNmVnUG5hcyZhd2JpZF9kPUFLQW1mLUNhM0lzY2NLaTZoaVdQdmJ5NzJ2RDhFX3M2b3dNdU5naVZUSV9OYTBOUUdzRDNkTWVqWWJJUWd3bTVzUUFJX0VSNWdBaEZCQXNpRl92a245RXh6RDRWdDlrc1RIdjNwVkFNbHByRDRza0twM1B3dmwyVld5OTlmTHFrNHFHSFE2VDc0blFGUEJBTzFEakNuVTh6VDRDdDZLcFJiTzBzdGF5UldiTTROQ1RIOU90X0lIUmVwaTg4OThVOGJGOHlKRm50QkZqeVpUZ2NVUnlYeFo0T2xQRmVMRlBMbngyTDNONW9XWmxGc2hVY3Q0NzBnLWZQWnNNdi1OYnlwbDhaa0lzQXZPN09yUU93OVhmY0g4VmtVWkFMTWZhQlFPd19IdEZQanNzUEk0R3JKZ294VnEtd1k2OGozY3hGTlNtc1lOcmpQbUpsTTVVdWx3MDlLX2tKTnFtc3c2Tmhwa1ZCQUstQTNiaGFOSlZoUXdQU2hwTkRXWkRka0xxOUlDLV9FOHZRbDFnVktDYlBMOXJOLXN5VHE3MEVHRm5WX0RCYTV5Ni0tYlFNNEtYZGxKak9veEpWcWRfdmFzeEFRRXZqR2lFR3JKLTFlNmRDa1lNa2swbGt5YnpOVG5LUzhSSmI2ZS1FQmgyMDlnZTlGNE1ZdkxmWEpYTm9Fa09xUWxhandyNmtWd21CMktmTEt4dWlnek1NajhVZkJBQzVVU3RVWWJmbnhqNGJmdW85UEVtSDFYa1NEOFNpTXJKQUFucF96T1JRV0JSSHR0aTlYR2ZYZzV1QlpKcXZvSFpzVGVad0c0RXhqeUZadWxpQnFRWWt6cE1pQTJnSXhDTWo5VTl0UWVXMUtBTzliLWtlR29TOVZ0bUVzbmdCMkxldXNaTWlrZ25qM1A1RXE3VFNJb2R6NHMxQmxnNngzYW1aV2dLM1IxOFdVRk1lSk9QbUdBVWdjbmFBdURsMzVYVk9Fc2dSbGZKLVNYNDc3OVdLYW5IOFB6dWtGWHRVVm5MUW1QTmc5aXp5WjI1WiZjaWQ9Q0FRU0d3QnlnUWlELURNeW9ucXMxTDVESkJMek5OZHNJTUx0dzEzTVV4Z0ImYV9jaWQ9gAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDAOADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4xNDkuNTYuMTUzLjE4N6gEALIEEAgAEAEY0AIgmAIoADAAOAK4BADABADIBADaBAIIAeAEAfAEuKLLJYgFAZgFAKAFxYaBj-ij8rhcwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFxO1R-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzNzkxMjc3NzY5N8gHu_wF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=db2ddbcc5b85529b17432b69f06d3a1d541596a7&bdref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&bdtop=true&bdifs=1&bstk=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz,https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:36 GMT
AN-X-Request-Uuid: 5c850d9e-e2c2-45f6-97d1-4f7b31384806
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame B57D 0
933 B 20ms
19ms Script
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QLPL-jPFwAAAwDWAAUBCPz626EGEM3X24vflMnoYRgAKjYJlE25wrtcuD8RL_oK0oxFsj8ZAAAAYGZm7j8hLw0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF45MYFgAEBigEDVVNEkgUG9HUBmAHQAqABmAKoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuWlBOAC9dta6gIfaHR0cHM6Ly8yNG1vcm8uY29tL3FiYjBhZnh3anpievICDQoGSEVJR0hUEgMyODDyAgwKBVdJRFRIEgMzMzbyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTY4MzY1MjM0N_ICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3QyLQAQLmNhbGwBKSgsdm9pZCAwKX06ZhHNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUawGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS4JKVw7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMNaAwgZTtyBXEMLTF9OxGgOCBtKGEpe21bIiAiXShhKQ0iCCBhfQkTAD0RKAgoKXsdNQBuATUEYT0J7jg9PT1hP2RvY3VtZW50OmEVQyQuY3JlYXRlRWxlARkYKCJpbWciKR1FAHAhHAwsZSl7AcoUYj0hMTtiGVKAYj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoWhoAED1bXSk7AVEUZD1uKGEuEZcEKTshGAlrAGYu1QAZFwRnPVpTADwsaD1sKGcsZCk7MDw9aCYmPjICFHNwbGljZUkEdGcsaCwxKX1kLnJlbW92ZUV2ZW50TGlzdGVuZXImJlIXADQoImxvYWQiLGYsITEpO1IjAGI6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAABbT4UAAAoNmoAWGImJihkLmF0dHJpYnV0aW9uU3JjPSIiAb4Qc3JjPWNetwEkLnB1c2goZCl9ClmABHEoKZYEYT0xrDQuY3VycmVudFNjcmlwdE1PACgybgIsbnVsbDphKSYmIjc3YVIUYS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRAxdJyl9RTcscj1SZWdFeHAoIl5ooSngPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmjQAEIHQV4ABrBWEMYz1bXQUJBGU9AcYMO2Rve0GvGGI9YTt0cnkFDABkQa0YZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQFeCGY9ZBkXAGYBFgxpZihmKXkAZz5eAAw7ZT1idTkEJiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGc9ZSwNywBjKeAwbmV3IHUoZ3x8IiIpKQXVFGE9Yi5wYSHUGYYAYQX_TH19d2hpbGUoYSYmYiE9YSk7Yj0whd4AYZX_dC0xO2I8PWE7KytiKWNbYl0uZGVwdGg9YS1iO2I9ayErOR4BrjUqOGFuY2VzdG9yT3JpZ2luc24cAK1qAD0ddQApoWQUYT0xO2E8sYlMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBHDA8PWU7LS1loeFIZj1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUlWggmJmUFSAEbCCk7YwWtEHYoYixn1R0UYy5nP2MuBfoMOmMuaQFAAH3RKAQgdqHWHCl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3S8Ad3VJFHQoKSxjPfkTPCI_Iik7c2V0VGltZW91dCgRjA0xAGXZVhhlPy4wMTplQTVEIShNYXRoLnJhbmRvbSgpPmUpaQ8MYj1xKCGkACJl_zQ6Ly8iKyhiJiYidHJ1ZYFrAGJWawQ4LXJjZCIpPyJwYWdlYWQyzbcQc3luZGlpuSAtY24uY29tIjpmIwAFIAwpKyIvCUV4L2dlbl8yMDQ_aWQ9amNhJmpjPTc3JnZlcnNpb249IoVFDGQ9KGQBsQApobZSBAUALQ0xMCIpfHwidW5rbm93biJh41wrZCsiJnNhbXBsZT0iK2U7Yj13aW5kb3cFWABmOTQAZuGKAGYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4IKX19DhcJFt8IKCAwPD1jP2Euc3ViFloJHCgwLGMpOmF9CeAMLnJmbC4CCA01aGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoUKTsKPC9zxZhsPvICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSFSDHBvc2mhsWQ6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcg4UxVh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtQWUxc3NEc3hJdGtaUlZQM1lUS1FyRUFoNWlyakFZTkN6SE5nTFhCVkVwZEU5NUs2d25tUUs0STNVb25QcUlaYW5LTUJUWDRfRjhsOEdRQjJQMWVIdURCY1diOXciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRp8ZGlzcGxheTpub25lIj48L2Rpdj7yApkBCgxQT1NUX1MaGgwIiAE8KWo2CAEWEApQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlCUsAPg1TAD6dJGAge3IzcHgoJzY4MzY1MjM0NycpO30pKCk7PepYpREKEEhPU1RfUE9SVF9QQVJBTVMSkBGRI4qUAPB9YWRmZXRjaD9hZGs9MTI5Mjg2NTY2NyZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9MzM2eDI4MF9hcyZpcD0xNDkuNTYuMTUzLjE4NyZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wTYwgX3N0YXJ0PTEmoXcRvQAyVggOECZzdWJfDZEAYkGX8H1yLTUzNTc0NzcmaGw9ZW4mYWNlaWQ9TU9zV3RBREZHclFBZ3h5MEFBOW9OQUd5Y0RRQlRZSTBBZFNETkFHTWh6UUJDb2cwQVJLSU5BRXBpRFFCT29nMEFWeUlOQUZ6aURRQmRJZzBBWXlJTkFHaWlEUUJ0b2cwQWIySU5BSEMBEAB4ATAYYzJJTkFIUAEQGDBJZzBBZEsBEABUARAEMTQBEABtARAAaAEQADQBMARlVwEQAG4BEAA5ARBYZmlJTkFFZ2lUUUJKSWswQVNhSk5BRW4BEPT_B0tZazBBVXR6UVFGVGMwRUI3aDNhQVdMQl9RRTV5RndDVnZ5SUFsTDlpQUo0UUtvQ0owS3FBaWhDcWdJcFFxb0NIRVNxQXY1NHFnTHdpNm9DVzVHcUFtaVZxZ0tBbTZvQ2dadXFBb0ticWdJNHFLb0NtYWlxQXFLb3FnSzRzS29DMTdHcUFrZlVxZ0pKNWFvQ29PV3FBcW4wcWdKSC1Lb0NKZnVxQWtIN3FnSzFCNnNDeHdlckFyOFJxd0pXRXFzQ2N4S3JBcThYcXdLUUhxc0NxQi1yQWp3anF3S0RKNnNDVkNpckFnNHFxd0kySzZzQy15dXJBdFl1cXdLY01Lc0NpektyQWtNenF3SThPS3NDRFR5ckFpTThxd0wtUDZzQzYwQ3JBbjVGcXdLLVJxc0NGa2lyQXJ4SXF3SmpTNnNDVGxLckFoaFRxd0toVTZzQzBWU3JBdHhVcXdMcVZLc0NhMVdyQXI1WHF3SkVXS3NDU0ZpckFxTllxd0tyV3FzQ2IxdXJBc1JicXdKSVhLc0NWMTJyQXM1ZXF3SWJYNnNDTkdLckFuWmxxd0t0WmFzQzlHV3JBaWRucXdJR2FLc0NXV2lyQW50b3F3S2RhYXNDc0dtckFrbHFxd0tUYXFzQ0hXdXJBa1pycXdKY2E2c0NuR3VyQXFCcnF3S2thNnNDeG11ckF2cHJxd0lFYktzQ0tHMnJBamx0cXdLYnM4VUZxaldnRERhVi14Slp0ZnNTOWNUN0VnYkoteEo0M2ZzU2R2WDdFazhJX0JJaUNmd1NrZ244RXVRSl9CTGVEUHdTOHc3OEVxVVBfQkl0RVB3U1F4RDhFcFlRX0JJU0Vmd1NoQzVDRkp6TEhCajNWbXNhJmV4az02ODM2NTIzNDcmYXdiaWRfYz1BS0FtZi1DUm5vTkNlSVk1UDlHYk5YbWk3RXl2bDRBVFJCeEpjYU9xXzIzYUhVQktLZG93ODJNX2JtTk9jbkFoWFBLX3pyVkJFaFRlZmtjdnMtdjR5VFFPZ0VIQXo4X19NTXU5MlBpdjRkQ1BKTnM3ZDJKTVdrZ3M2b3MyNHc2X01nUnJLaXJ6V0lUbEI0eWdDcEt3LTdLWjVrNzVDa2IxYzRkaVlFREVQWUY5YkRBbGtrWFA0aXcmYXdiaWRfZD1BS0FtZi1EUm5yTmZUZERVNUFGODlHbjdIQkQxQmhUbU9MMXowS3FJc3dzZjJ1LXphZHU3TEhCdE1mTEhJZUNhODREVXJoTmtLMG9JRFl5MjV3bHZkYjVZRm84bEFNMUg1VHlsc05PWHMtS0tkall0dlZCOGNJNUNvb1ZqSmNJMlBZTXdFbEZjNlE0bkZ6TjZCSmU4MDFudk9BUTNWZkE1TDNYejRUaFhoVFowQ3dWa1lLS3RkMzNMVDM0RFVod2kyZUEzdFdob2VpLTlOY21ZMHhHeHI3bENKa1NXVmhxeThoV05zTVFGV29fcXVRMTFTTGsxX3EzWWlCZlp3Uk5jQXJrX1M3d280NVRtc3hORVMzeDA2YmRobm8yRm5DQTBVMHEwNXE4WXY4U0MtVzN5WGFWVEpNMWd2dWZwYWozc1pJZ0NGQ1RzOHZnTEJXd05jR3ZYMVhuQzh4bW4xUFZ6dkpGVjhreGtIUzZqMXFNaXpiM1JLZXZYUVhtc0VwQmRmbk10SjlUenJTcWZlbTlUU25pcmxnZ0tjVWMzYnBZbDh0ZERPY19pVlJMNGg4bTVaVGVaOEt0c2l3NEhDR2o4LVUtMWNsOURyTjlibjRta3NFQXJneHlMdkFEQlJyQUl1Nnd1d1l0emlkenJfZGNIUVc5QWpGNU8zYzZDNW5aVkhObUtBdFNWWWJncW11MVRDV3ptVzItbU5QUVVEc2xIWDNDc2pKX1R4OTdtZWNpaVRidzhWRm1wOElpRTk4R1FuVlZkOUJKZnpCR2k3WWhCc3pma09PeGVOaVVvZ05qUGpncFdqczRGREE3b1l0RTB5RXBHdmtHZVctWW1qLWRCWHFweVN0bzRTWm11ZTF4WXVoU0FobTFQb2ZzTHpaSUFHZlZNMDRQaUVUYWlJSV8yanB2ZkliZ005QWVGSTF1eG5CaFdDMU0xeExKUXlCWWZndUs0bW9wbWxaQkJnV0daSnBlb2lwVjVqNDNBUTROLXQzS1dSbExwdno1Q243OHdsQVBvdUw0QkhLcnplMUpON3A4RUEwSFplSkktRW9nQ0NnJmNpZD1DQVFTR3dEVUU1eW1ZSXJhOHpYYnJDVUoyQUVWV1ZsbG93ZGVWUDJlUGhnQiZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AMA4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjE0OS41Ni4xNTMuMTg3qAQAsgQQCAAQARjQAiCYAigAMAA4ArgEAMAEAMgEANoEAggB4AQB8AS4ossliAUBmAUAoAWSxo2r7Y6fxB_ABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWJ9Sz6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTQ1NzgzNTI0MTg5yAfkxgXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB8T_B4oIAhAAlQgAAIA_mAgB&s=b604918ea48c3f85ccf664cba1031a3868c45acc&bdref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&bdtop=true&bdifs=1&bstk=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz,https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: ecd882a4-351a-4264-a47a-8a483882ded9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame 1218 0
933 B 34ms
34ms Script
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QK1L-i1FwAAAwDWAAUBCPz626EGENaF2duO1eyIdxgAKjYJAMXIkjmW0j8RgCctXFbhyz8ZAAAA4HoU7j8hgA0SACkRJNAxAAAAQOF6pD8wg4X0CTiHXkDlHkhlUK2iyyVYyZyOAWAAaOz0vQF4icoFgAEBigEDVVNEkgUG9HUBmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuWlBOAC9dta6gIfaHR0cHM6Ly8yNG1vcm8uY29tL3FiYjBhZnh3anpievICDQoGSEVJR0hUEgMyNTDyAgwKBVdJRFRIEgM5NzDyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTM1MTA2ODkxMPICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3QyLQAQLmNhbGwBKSgsdm9pZCAwKX06ZhHNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUawGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS4JKVw7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMNaAwgZTtyBXEMLTF9OxGgOCBtKGEpe21bIiAiXShhKQ0iCCBhfQkTAD0RKAgoKXsdNQBuATUEYT0J7jg9PT1hP2RvY3VtZW50OmEVQyQuY3JlYXRlRWxlARkYKCJpbWciKR1FAHAhHAwsZSl7AcoUYj0hMTtiGVKAYj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoWhoAED1bXSk7AVEUZD1uKGEuEZcEKTshGAlrAGYu1QAZFwRnPVpTADwsaD1sKGcsZCk7MDw9aCYmPjICFHNwbGljZUkEdGcsaCwxKX1kLnJlbW92ZUV2ZW50TGlzdGVuZXImJlIXADQoImxvYWQiLGYsITEpO1IjAGI6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAABbT4UAAAoNmoAWGImJihkLmF0dHJpYnV0aW9uU3JjPSIiAb4Qc3JjPWNetwEkLnB1c2goZCl9ClmABHEoKZYEYT0xrDQuY3VycmVudFNjcmlwdE1PACgybgIsbnVsbDphKSYmIjc3YVIUYS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRAxdJyl9RTcscj1SZWdFeHAoIl5ooSngPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmjQAEIHQV4ABrBWEMYz1bXQUJBGU9AcYMO2Rve0GvGGI9YTt0cnkFDABkQa0YZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQFeCGY9ZBkXAGYBFgxpZihmKXkAZz5eAAw7ZT1idTkEJiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGc9ZSwNywBjKeAwbmV3IHUoZ3x8IiIpKQXVFGE9Yi5wYSHUGYYAYQX_TH19d2hpbGUoYSYmYiE9YSk7Yj0whd4AYZX_dC0xO2I8PWE7KytiKWNbYl0uZGVwdGg9YS1iO2I9ayErOR4BrjUqOGFuY2VzdG9yT3JpZ2luc24cAK1qAD0ddQApoWQUYT0xO2E8sYlMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBHDA8PWU7LS1loeFIZj1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUlWggmJmUFSAEbCCk7YwWtEHYoYixn1R0UYy5nP2MuBfoMOmMuaQFAAH3RKAQgdqHWHCl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3S8Ad3VJFHQoKSxjPfkTPCI_Iik7c2V0VGltZW91dCgRjA0xAGXZVhhlPy4wMTplQTVEIShNYXRoLnJhbmRvbSgpPmUpaQ8MYj1xKCGkACJl_zQ6Ly8iKyhiJiYidHJ1ZYFrAGJWawQ4LXJjZCIpPyJwYWdlYWQyzbcQc3luZGlpuSAtY24uY29tIjpmIwAFIAwpKyIvCUV4L2dlbl8yMDQ_aWQ9amNhJmpjPTc3JnZlcnNpb249IoVFDGQ9KGQBsQApobZSBAUALQ0xMCIpfHwidW5rbm93biJh41wrZCsiJnNhbXBsZT0iK2U7Yj13aW5kb3cFWABmOTQAZuGKAGYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4IKX19DhcJFt8IKCAwPD1jP2Euc3ViFloJHCgwLGMpOmF9CeAMLnJmbC4CCA01aGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoUKTsKPC9zxZhsPvICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSFSDHBvc2mhsWQ6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcg4UxVh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtRHpldGZqc1NDNG1kaXRad29VRXNnWTd5WnJOcVZiaWdOWWlSYm9RWi01WXhfZ2pkM2Eza1BDeWN4SEYyc0ZtR1lqMkY4NklGTkV2N2JmRm9QakRUUDdGY3FSbFEiIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRp8ZGlzcGxheTpub25lIj48L2Rpdj7yApkBCgxQT1NUX1MaGgwIiAE8KWo2CAEWEApQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlCUsAPg1TAD6dJCQge3IzcHgoJzM1GqUMHCcpO30pKCk7PeoQixEKEEgBnTRQT1JUX1BBUkFNUxL2EJEjipQA8H1hZGZldGNoP2Fkaz0xNzkyNzU2OTQwJmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD05NzB4MjUwX2FzJmlwPTE0OS41Ni4xNTMuMTg3Jm91dHB1dD1odG1sJnVudmlld2VkX3BNjCBfc3RhcnQ9MSahdxG9ADJWCA4QJnN1Yl8NkQBiQZfwfXItNTM1NzQ3NyZobD1lbiZhY2VpZD1NT3NXdEFERkdyUUFneHkwQUxKd05BRk1nalFCMUlNMEFZeUhOQUVLaURRQkVvZzBBU21JTkFFNmlEUUJYSWcwQVhPSU5BRjBpRFFCaklnMEFhS0lOQUcyaURRQnZZZzBBY0tJTkFIRwEQLHpZZzBBYy1JTkFIUQEQGDBvZzBBZE8BEABYARAAMgEgBGVHARAAaQEQADUFEABlARAAMgEQAC0BcERTQ0pOQUVraVRRQkpvazBBU2UBEABwARD05QdTM05CQVZOelFRSHVIZG9CWXNIOUFWWDhpQUpTX1lnQ2VFQ3FBaWRDcWdJY1JLb0NPMXFxQXY1NHFnTHdpNm9DVzVHcUFtaVZxZ0tBbTZvQ2dadXFBb0ticWdLWnFLb0NvcWlxQXJpd3FnTFhzYW9DT3RtcUFrbmxxZ0tnNWFvQ3FmU3FBa2Y0cWdJbC02b0NRdnVxQXJVSHF3TEhCNnNDdnhHckFsWVNxd0p6RXFzQ3J4ZXJBcEFlcXdLb0g2c0NQQ09yQW9NbnF3SlVLS3NDRGlxckFyc3Fxd0kySzZzQy15dXJBcHd3cXdLTE1xc0NRek9yQWp3NHF3TGxPcXNDRFR5ckFpTThxd0wtUDZzQ2ZrV3JBcjVHcXdJV1NLc0N2RWlyQW1OTHF3SlBVcXNDSmxPckFxRlRxd0xSVktzQzNGU3JBdXBVcXdKclZhc0N2bGVyQWtSWXF3S2pXS3NDcTFxckF1VmFxd0p2VzZzQ3hGdXJBa2hjcXdKWFhhc0N6bDZyQWpSaXF3TDRaS3NDZG1XckFxMWxxd0wwWmFzQ0JtaXJBbGxvcXdKN2FLc0NuV21yQXJCcHF3SkphcXNDSFd1ckFrWnJxd0pjYTZzQ25HdXJBcUJycXdLa2E2c0N4bXVyQXZwcnF3SUViS3NDS0cyckFqbHRxd0o2YmFzQ203UEZCYW8xb0F3Mmxmc1NXYlg3RXZYRS14SUd5ZnNTZU4zN0VuYjEteEpQQ1B3U0lnbjhFcElKX0JMa0Nmd1MzZ3o4RXZNT19CS2xEX3dTNndfOEVpMFFfQktXRVB3U0VoSDhFb1F1UWhTY3l4d1k5MVpyR2cmZXhrPTM1MTA2ODkxMCZhd2JpZF9jPUFLQW1mLUNLM2VfUlJ6RHJzTkFxOE9MT2Z4bVp0dEt0d2RRcFk2VFlPY0RwRmZWZExUTFVYTlVEVmlQck40NWx3alh0bzh0cVlPaXE2bVJ2eGRXYlRTZE93dEJtWWctRmlCUHRYYllkdUk1dUxxMFpTVXFibWlkNmJUZ2EtNnhVckxVVXJZa3JTa1VicW5Cb2d3cWp3Mkl3YmlPXy1RSUhYS2RCNVFQZ2s3cXdqYl9VNExENUZZYyZhd2JpZF9kPUFLQW1mLUN3WWladHBFeXVicnZ1cURuTnN6TzdrdjNKNDU2QlhWSjdYLS1vUE9mUG1qTnNqQnpwdG50NVIzbFdaTWpfNUNrQWNOVWYtZ0lqLWh0WVFnejB5X1Q2WklTZ0tSSTk5UGNGNUR4WHlsNG5PX1FFZUxjamJ0SS1Bc2Jybk00eVZuU1RfVWdOcnRLcThmbFRMdXF0QVYxTm9FVE00Y2kxcFJPR18yMlhQSndZR2RNTTlsSWRKUkZDSTV1TGlpeUxaeWk3MmdaNlQzZjFSM1drYnpuQU1tZFRGX09Sd2d1bkltaml4SktNeWNUUmZzellZWE1vZjN3WVk2aXpSazMyaWVtNEprS0pXVjk5aXZGLVhWUEFXUDdsOEFvMFRaUklTcUh1cGd4NmMtbkpxajE4YlhWcUZpejZEVzNOSWpmbkk2eTVEYnp5VzR6UXpOODRfdzlSN1BqVnoxZ1dmX09WcU1sQ29vTGxWNVIwUUR4Y3pxT1ZhUWpGVzVIOF9fM1ByWmZKT250VUctdHNhdzJYWDBUbE5xOVI2Nk91WjVUS2I2VU9lN3lqSS1oZTdKeHVJd3J5S0pCYVBLcFpRN2dwZk5wcDloQmlMRXEzcE95X2hGT25fLTdBRlJqaC05UEJRYVRJUi10MEpqWkhMaWx5RmhVRjlUMm1PT3FGUDZKZlRUWnBzZW13ZmM0RDJMcC1EVEFmX2VLMzhCYnF0ZFdVU3ZmdzJQRXlDUUs0dF9vTW1ZZWdReXdGbE1SNEtVU0Z4b295ZzQ4dzdCMnE2Y0JWLVlvVFZiNkEtaUpKUTZaVVZERGc5ZmNwWHU0Q3FHak5abnBqRG5tQnpralpZOTkwV0lvUG03clB4MEZZeTdxWWxVSmZnSFlKNjBXaHJaTHFvLW1KclZidS16TV91aDJlWTFFMzlyOXBzM1A0QzRYWl9SejYzUTBJdFlHajI1YS1FWHgzMFlYdnVPTzFmenRaRDVOUUp5WEpFRzgxd0dDeTlIamprMW9kWEVsUW85WEhXbEVxdXdzQkU5clB1ZU1SWEJWd0hfNF91UUZEVXcmY2lkPUNBUVNHd0RVRTV5bVFwalJEdVExdVRoVjNEc3RGQ0Z2ckMyRzFfMEF6aGdCJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBK2iyyWIBQGYBQCgBcfHw8Olvr2BQsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxNDU3ODM1MjQxODnIB4nKBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHxP8HiggCEACVCAAAgD-YCAE.&s=d73b4d040afc8ec862a3b776d196b1528db8e4c6&bdref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&bdtop=true&bdifs=1&bstk=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz,https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 4ebe13f5-8298-4f60-afea-3f2c94d1fdcd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 573E 13 KB
5 KB 38ms
34ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 74456
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Apr 2023 22:09:41 GMT
etag: 12223946614886178233
expires: Wed, 12 Apr 2023 22:09:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 10D4 7 KB
3 KB 42ms
37ms Script
text/javascript 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1651
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3332
x-xss-protection: 0
server: cafe
etag: 17978550389519879348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:23:06 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 10D4 80 KB
27 KB 14ms
11ms Script
application/x-javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Expires: Wed, 10 Jan 2024 21:27:38 GMT
Date: Wed, 12 Apr 2023 18:50:37 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 7939378
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-yul12831-YUL
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1681325437.030397,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 2, 2714151

GET
H/1.1 200
OK it
nym1-ib.adnxs.com/ Frame 10D4 0
933 B 21ms
18ms Image
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252F24moro.com%252Fqbb0afxwjzbz&e=wqT_3QKDBvBMAwMAAAMA1gAFAQj8-tuhBhC-3Z2p3Kb4iCAYrdfu-NG5_PNtKjYJJVzII7iRuj8RHEXWGkrtsz8ZAAAAYGZm7j8hHEXWGkrtsz8pJVwJJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF48bYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EYXVVNS0xLWQ0bENmOWo4eDRGR2tQTS03NGNOcWRlTV9mZ2l0RXBvVW9KSGVSWU90SGZBZVZpTlNvLU1ESXF4T1l1S1BIUGZLNmJ5OWJOOEg4ZF9vQzkxUGNBUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMzEwODc1NzA0ODc0OTg3MTk4Igg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBdq40Zyz3KKQP8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE1NjI2ODE4MDI2OMgH8bYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=1fb73215dc3d3c01c263ee7a7f6de675632721b8

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 6d4e4d52-5213-4cdd-bc01-baadbcacf8a4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 10D4 0
20 B 39ms
36ms Image
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-BHrY3U-qMLJ8eK7Kz5OpkRxas1RKlvc-Ya3qz9AEqAO_-oosICzhIv16KrylZW29rdlPAP7xEjJlejvh4P-KqCp929Ug

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 ufplc Show response
revenueflex.com/rest/ 15 B
652 B 88ms
88ms XHR
application/json 149.56.179.185
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://revenueflex.com/rest/ufplc?st=0&plid=215223&m=0&ws=1347&u=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.56.179.185 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-149-56-179.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7a03e3684d43a975555964f127e302f06a4d7d13aa408c2949967d49bc818d74

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:37 GMT
Server: nginx/1.18.0 (Ubuntu)
Allow: OPTIONS, GET, HEAD, POST
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS, GET,POST,PUT,DELETE,HEAD,OPTIONS
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://24moro.com
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, *
Content-Length: 15

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 37ms
37ms Script
application/javascript 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 38ms
38ms Script
application/javascript 2607:f8b0:400c:c12::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=24moro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::9a Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
16 KB 487ms
486ms XHR
text/plain 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3729830312888194&correlator=3108467837447228&eid=31073678%2C31073754&output=ldjh&gdfp_req=1&vrg=202304100101&ptt=17&impl=fif&iu_parts=98948493%3A22675028386%2Cdsp05&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C120x240%7C300x250%7C234x60&ifi=3&adks=3520976620&didk=2030527988&sfv=1-0-40&eri=1&sc=1&cookie=ID%3D9e3384e6c3045246%3AT%3D1681325436%3AS%3DALNI_MYvwZwke8MGVxLJQ49lMw6JYJ4qWA&gpic=UID%3D000009f0b6c5969d%3AT%3D1681325436%3ART%3D1681325436%3AS%3DALNI_MaLgjMX75zs3kiZBmnH3pGwwp3vfw&abxe=1&dt=1681325437057&lmt=1681325437&dlt=1681325435064&idt=683&adxs=283&adys=390&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&frm=20&vis=1&psz=300x0&msz=300x0&fws=0&ohw=0&psts=AHQMDFfSjo7p6viE0TsGIBhdzAadUE1KNgkhAeJA0Os6h2NO&ga_vid=384984657.1681325436&ga_sid=1681325436&ga_hid=1001060783&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd19fcf88db4d745450200b1af679c779dab70a37446176e5c57b3b1ee94332b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16271
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://24moro.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 3FD2 84 KB
33 KB 81ms
81ms XHR
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fbfc8c7cef0a7fbe0595de1085e6493b54f09f09d024015451cafbc75314c45f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33477
x-xss-protection: 0

POST
H2 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame C2C8 83 KB
32 KB 94ms
94ms XHR
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08f1aa03e9fdf5a8931f023408a36ac0151d857f8ea125835e6863bd56e910b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33157
x-xss-protection: 0

POST
H2 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 0A9B 84 KB
33 KB 97ms
96ms XHR
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91a240186fd7e7ea48c2824cf21e679adb6065ca699d0c87bc3f4a0a441b64dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33323
x-xss-protection: 0

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame F30D 0
950 B 26ms
26ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEOWJ4Ln5zNvVNBgAKjYJZ5qw_WSM0T8RmueIfJdSyj8ZAAAAYGZm7j8hmg0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF4u_wFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1DQVVLU2hzcGFXQ0RXTE1KdzQ4VHA0UW1oc1MzZlNQMkdTSl83ci0tQ3dIRUtpLUV1cmw3a25NQVVHTVFiVTlmSEw5YjNCcUhEa0ozUWs4VkYyTjJvcXNsUHhMZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNzk1MjQ4NTAyMTg3NDkyNTgxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBcWGgY_oo_K4XMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcTtUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzNzkxMjc3NzY5N8gHu_wF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=5b0f515db9421f3f00db1f2c7bbf9f27d8255eaf&type=nv&nvt=5&jm=1003&px=1264&py=920&bw=336&bh=280&sid=8227257801487740099&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&sw=1600&sh=1200&pw=1600&ph=2448&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 9820bcf2-6e8e-44a6-b333-b3c9dd5937f5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame B57D 0
950 B 21ms
20ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEM3X24vflMnoYRgAKjYJlE25wrtcuD8RL_oK0oxFsj8ZAAAAYGZm7j8hLw0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF45MYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EcTRNTkxLcnpWWUxuMHl1VEhxLVdheDZSRFV3bjNyQzk3R2ttTWVWOU5VVUlieHJUTGROOFcyalF3SEludElBYUxOWlJDdDdaa2QzVExBM3R2clM5X192ZVl3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MDQ4NDU1MTg2OTUwODQzMzQxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBZLGjavtjp_EH8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTc4MzUyNDE4OcgH5MYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=c56b789d2200dc0168d5eacb1b26a52e9d65bf90&type=nv&nvt=5&jm=1003&px=632&py=460&bw=336&bh=280&sid=8227257801487740099&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&sw=1600&sh=1200&pw=1600&ph=2448&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: d1c748e9-dfe7-4936-aebe-3dd2288cc9bb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0F06 0
10 B 39ms
38ms Image
text/plain 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xveHiw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 1218 0
950 B 25ms
24ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGENaF2duO1eyIdxgAKjYJAMXIkjmW0j8RgCctXFbhyz8ZAAAA4HoU7j8hgA0SACkRJNAxAAAAQOF6pD8wg4X0CTiHXkDlHkhlUK2iyyVYyZyOAWAAaOz0vQF4icoFgAEBigEDVVNEkgUG8GWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1CX1lfTnhwX2JtZXhPbkhjRkF6QVVSU0RxeWM4Tk43Yk12RU84djZJX3pLMlROd0dPQkhQWkRJVk15QWRQTHYtT3NZVlhaeVdZUE45R1RoZEpad0l2dHB4Vzd3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTc5ODM1MjAzNjkyMTUxNTEwIgg3ODgyNzgyMSoEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBK2iyyWIBQGYBQCgBcfHw8Olvr2BQsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_bBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTchCzA0MTg5yAeJygXSBw0JDTQFNQzaBwYIBQlo4AcA6gcCCADwB8T_B4oIAhAAlQgAAIA_mAgB&s=be5bdadcb5a496c20286a257dcad200696af6711&type=nv&nvt=5&jm=1003&px=315&py=130&bw=970&bh=250&sid=8227257801487740099&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&sw=1600&sh=1200&pw=1600&ph=2448&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: a90a650b-0b0d-4273-96a9-5abdb66fc4a2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 64DC 52 KB
17 KB 104ms
27ms Document
text/html 23.77.241.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=12039&pub_id=1860595
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.241.5 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-241-5.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Wed, 12 Apr 2023 18:50:37 GMT
ETag: "623de86a-cf34"
Expires: Thu, 13 Apr 2023 18:50:39 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame 10D4 0
933 B 88ms
82ms Script
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QKEL_BMhBcAAAMA1gAFAQj8-tuhBhC-3Z2p3Kb4iCAYrdfu-NG5_PNtKjYJJVzII7iRuj8RHEXWGkrtsz8ZAAAAYGZm7j8hHEXWGkrtsz8pJVwJJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF48bYFgAEBigEDVVNEkgUG9HUBmAHQAqABmAKoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAuWlBOAC9dta6gIfaHR0cHM6Ly8yNG1vcm8uY29tL3FiYjBhZnh3anpievICDQoGSEVJR0hUEgMyODDyAgwKBVdJRFRIEgMzMzbyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjExMzk5NDMzNzTyAsgVCgtQUkVfU0NSSVBUUxK4FTxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGs9dGhpc3x8c2VsZjt2YXIgbD1BcnJheS5wcm90b3R5cGUuaW5kZXhPZj9mdW5jdGlvbihhLGMpe3JldHVybiBBcnJheS5wcm82LQBILmNhbGwoYSxjLHZvaWQgMCl9OhXNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUawGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS4JKVw7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMNaAwgZTtyBXEMLTF9OxGgOCBtKGEpe21bIiAiXShhKQ0iCCBhfQkTAD0RKAgoKXsdNQBuATUEYT0J7jg9PT1hP2RvY3VtZW50OmEVQyQuY3JlYXRlRWxlARkYKCJpbWciKR1FAHAhHAwsZSl7AcoUYj0hMTtiGVKAYj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoWhoAED1bXSk7AVEUZD1uKGEuEZcEKTshGAlrAGYu1QAZFwRnPVpTAGAsaD1sKGcsZCk7MDw9aCYmQXJyYXkucHJvTQUUc3BsaWNlSQR0ZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmUhcANCgibG9hZCIsZiwhMSk7UiMAYjoAEGVycm9yDTsYfTtkLmFkZEJzAD4UAD5wAD4gAAFtPhQAACg2agBYYiYmKGQuYXR0cmlidXRpb25TcmM9IiIBvhBzcmM9Y163ASQucHVzaChkKX0KWYAEcSgplgRhPTGsIC5jdXJyZW50U4UYTU8AKDJuAixudWxsOmEpJiYiNzdhUhRhLmdldEENkDhlKCJkYXRhLWpjIik_YToVVzxxdWVyeVNlbGVjdG9yKCdbDSUAPQFEDF0nKX1FNyxyPVJlZ0V4cCgiXmihKvBMPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdW5jdGlvbiB0KCl7dmFyIGE9aztBmAxjPVtdBWoEZT0Bxgg7ZG8FHxhiPWE7dHJ5BQwAZEGtGGQ9ISFiJiYBJBwhPWIubG9jYSFqIC5ocmVmKWI6ewEtkG0oYi5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChoKXt9ZD0hMX0BdQhmPWQZFwBmARYMaWYoZil5AGc-XgAMO2U9YnU5BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF_0x9fXdoaWxlKGEmJmIhPWEpO2I9MIXeAGGV_3QtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHACtagA9HXUAKaFkFGE9MTthPLGJTDsrK2EpZz1jW2FdLGcudXJsfHwoBQguQgE6dgAUW2EtCjFdIQwYLGcuaD0hMAHjKSIAaxmrIdVl_wBnJRYlAgRlPTIEARwwPD1lOy0tZaHhSGY9Y1tlXSwhZyYmci50ZXN0KGYBjyApJiYoZz1mKSwFDiwmJiFmLmgpe2I9ZjtFGwB9DV0AZRXmBCYmAcwBOwQ7MEFlJVoIJiZlBUgBGwgpO2MFrRB2KGIsZ9UdFGMuZz9jLgX6DDpjLmkBQAB90SgEIHah1hwpe3RoaXMuaUHVAQkIZz1jGSIAdR0iCHVybBEkFGg9ISFjOwUvBYglCt0vAHeVKRR0KCksYz35EzwiPyIpO3NldFRpbWVvdXQoEYwNMQBl2VYYZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKWkPDGI9cSghpAAiZf80Oi8vIisoYiYmInRydWWBawBiVmsEOC1yY2QiKT8icGFnZWFkMs23EHN5bmRpabkgLWNuLmNvbSI6ZiMABSAMKSsiLwlFeC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSKFRQxkPShkAbEAKaG2UgQFAC0NMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0AGbhigBmITM0ZD1iLm5hdmlnYXRvcikyDgBQLnVzZXJBZ2VudCxkPS9DaHJvbWUvSZsgZCkmJiEvRWRnGREcPyEwOiExO2RhkxVRMC5zZW5kQmVhY29uPwodaR0YIChlKTpwKGIsZRpoCQQ9PQ2eCCl9fQ4XCRbfCCggMDw9Yz9hLnN1YhZaCRwoMCxjKTphfQngDC5yZmwuAggNNWhlbmNvZGVVUklDb21wb25lbnQodygpKX07fSnp20GaFCk7Cjwvc8WYbD7yAskCCgpFWFRSQV9UQUdTEroCPGRpdiBzdHkhUgxwb3NpobFkOiBhYnNvbHV0ZTsgbGVmdDogMHB4OyB0b3ANCmR2aXNpYmlsaXR5OiBoaWRkZW47Ij48aW1nIOFMVYdJFEpZAkE2DR4uMgIUYXdiaWQmBQbweV9iPUFLQW1mLUJIclkzVS1xTUxKOGVLN0t6NU9wa1J4YXMxUktsdmMtWWEzcXo5QUVxQU9fLW9vc0lDemhJdjE2S3J5bFpXMjlyZGxQQVA3eEVqSmxlanZoNFAtS3FDcDkyOVVnIiBib3JkZXI9MCB3aWR0aD0xIGhlDr4LID0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHMlajYIARYQClBhZHMuZy5kb3VibGVjbGljay5uZXQxBjx4YmZlX2JhY2tmaWxsLmpzAWUttQ1TAD6dJGQge3IzcHgoJzExMzk5NDMzNzQnKTt9KSgpOz3rENAQChBIAZ40UE9SVF9QQVJBTVMSuxCRJIqVAPB9YWRmZXRjaD9hZGs9MTI5Mjg2NTY2NyZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9MzM2eDI4MF9hcyZpcD0xNDkuNTYuMTUzLjE4NyZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wTY0gX3N0YXJ0PTEmoXgRvQAyVgoOECZzdWJfDZEAYkGY8H1yLTUzNTc0NzcmaGw9ZW4mYWNlaWQ9TU9zV3RBREZHclFBZ3h5MEFMSndOQUhVZ3pRQmpJYzBBUXFJTkFFU2lEUUJLWWcwQVRxSU5BRmNpRFFCYW9nMEFYT0lOQUYwaURRQmpJZzBBYUtJTkFHMmlEUUJ2WWcwQWNLSU5BSEcBECx6WWcwQWMtSU5BSFEBEAAwAUAEZE8BEABYARAAMgEgBGVHARAAaQEQADUFEABlARAAMgEQWC1JZzBBU0NKTkFFa2lUUUJKb2swQVNlARAAcAEQ9JcCUzNOQkFWTnpRUUhzSGRvQllzSDlBVlg4aUFKU19ZZ0NlRUNxQWlkQ3FnSWNSS29DTzFxcUF2NTRxZ0x3aTZvQ1c1R3FBbWlWcWdLQW02b0NnWnVxQW9LYnFnS1pxS29Db3FpcUFyaXdxZ0xYc2FvQ01MZXFBa25scWdLZzVhb0NxZlNxQWtmNHFnSW0tNm9DUXZ1cUFyVUhxd0xIQjZzQ3Z4R3JBbFlTcXdKekVxc0NyeGVyQXBBZXF3S29INnNDUENPckFvTW5xd0pVS0tzQ0RpcXJBallycXdMN0s2c0NuRENyQW9zeXF3SXVNNnNDUXpPckFqdzRxd0lOUEtzQ0l6eXJBdjRfcXdMclFLc0Nma1dyQXI1R3F3SVdTS3NDdkVpckFtTkxxd0pQVXFzQ1NsT3JBcUZUcXdMUlZLc0MzRlNyQXVwVXF3SnJWYXNDODFhckFyNVhxd0pFV0tzQ28xaXJBcXRhcXdKdlc2c0N4RnVyQWtoY3F3STJYYXNDVjEyckFzNWVxd0kwWXFzQ3ZXS3JBbU5qcXdLMVpLc0NkbVdyQXExbHF3TDBaYXNDSW1hckFvOW1xd0lHYUtzQ1dXaXJBbnRvcXdLZGFhc0NzR21yQWtscXF3SWRhNnNDUm11ckFseHJxd0tjYTZzQ29HdXJBcVJycXdMR2E2c0MtbXVyQWdSc3F3SW9iYXNDT1cyckFwdXp4UVdxTmFBTU5wWDdFbW1qLXhKWnRmc1M5Y1Q3RWdiSi14SjQzZnNTZHZYN0VrOElfQklpQ2Z3U2tnbjhFdVFKX0JMZURQd1M4dzc4RXFVUF9CSXRFUHdTUkJEOEVwWVFfQklTRWZ3U2hDNUNGSnpMSEJqM1Ztc2EmZXhrPTExM42Yrc4EYz2pzvCwQy0xS3lNVGdSNGdOdnA0a19DdXdzVEZVdUlhX1k2a0pRMzRyeDMwcTl4RUxwNE1HbFQyLWdQN0FDaGFXSkRiX0t2ZGxFTXdBdjhaWENsZjhtdzZiMnZhM3VaYmc0TXNRckJhZW82Y1ROaTFyYkJvWWY1QUVHVmJyRkV6TklmUjlTMlZxTEZiSHNxWW1LZkZySFppU0liMWRzV0hxNlJYU3J4WkFCSndwVmI1VjZYN2tNDcAAZA3A9DsDRG1qX2pvbkxiQ3BfN21KaXh2T2xNMUg3T3h6b2VxdExJblM4X2I5N0NDQVN3RzZ3WllBVktWdUs0d1pveDZWTXE3bDJhYzFlRlNkVmRnOWhXV0pGUm9zcHJNTXRIQUtnRERrMGRFNjRRNWtjZE5nWEpIUHYtZlVVZ0ZqNVNmZXduNHVhd3pYQ2IzRlRVWGpsSkxjNk5STFZmd0pBUllwV0tmV2p2ZlJvWlFLa3JZVGJPcTNKMGlhS3NxVGdRS1VZRUlRR2ZvSy1PcGRJQWFSNjVtVGZPSndBMjk5SjctTzFFcXVfemE5eHJMdm9nR1BNZ3BnMi1FdmJKdmZzVDFSb2VXcnJOb3YxM0xUWU9uZkFMNjFHWmxJMmY3MUo3MERnbFp6bVdIMFdLd1RpTVFRNUIybUp4azNuM1pPY2xCdTNTUXJqYUgwSTNxRXVsRkZPTG5BWXhfNVczQ2k1R3NWOEJ5RlBmRzVORm9OSGFvRk9CanNvV3JEV0daRHV0SzNaUllVWEJHTGlsMTJIUklhMGRqMFJiSG5KLUMwb3ZTaE1YRjItZDEydlY3T0lMN2pienRnWVlLQk1vWi12dFg5STk4ZTg1anVxMFpWQk1RbzZ2eEdrdXB3V3dQNjQyeG1obzZkNXFudzFKTFdNYmlYN1hnRkN1OWZQR0lRenVrcHQ4ZVpNY0hCYl9lR3kwR3JDVmxwM29KLVVMeFlKZ3c2Z3hNZXVKVmZIOWEyMGdxTkJNRFJHV0FxNi02eEtlVHMwVHppak9TYXBJYWZ2T1lnV25EdmQ5WVljMzJfZE5tYWlSUEU5M19Ld1pkcktSVC1URmNManQwOXN2aVZhWXVaaXhMdFRvZlQtTVpVN0pNYXFHVnMxZzRvQjJoU1BxQlptS1FNOFpGRFN5U09IZk1FREdQeGxZZGhqZDNxc3ItWU5oaU96MlAmY2lkPUNBUVNHd0J5Z1FpRG9scndRWGpGMDZVTUU1dXZGczZOamVxTlk5TUxFeGdCJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQONvUHoKgEALIEEAgAEAEY0AIgmAIoADAAOAK4BADABADIBADaBAIIAeAEAfAEDlAWWIgFAZgFAKAF2rjRnLPcopA_wAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AW84Bv6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0AbujwHaBhYKEAkSGQGwEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTU2MjY4MTgwMjY4yAfxtgXSBw0JETcBNQjaBwYBbXAYAOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=f71976905e8d165cc10836ea39c5f303d4e59f39&bdref=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&bdtop=true&bdifs=1&bstk=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz,https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 67a732e8-509e-4e3e-91f7-20ab0f49aecb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 573E 116 KB
42 KB 101ms
97ms XHR
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9a45e25bb255490eb80574f56a2844d752a1d5c86492e77e80fb47e4771a3b2

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJekvauBpf4CFdbn4QodrQQLiA&gqi=ff02ZP25CsWmhwfmmq_AAw&layout=/sadbundle/%24csp%253Der3%24/6328374244520716062/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJekvauBpf4CFdbn4QodrQQLiA&gqi=ff02ZP25CsWmhwfmmq_AAw&layout=/sadbundle/%24csp%253Der3%24/6328374244520716062/index.html
content-encoding: br
x-content-type-options: nosniff
date: Wed, 12 Apr 2023 18:50:37 GMT
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42505
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/ Frame 3FD2 28 KB
11 KB 37ms
36ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:48:59 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 3FD2 3 KB
1 KB 40ms
36ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1307
x-xss-protection: 0
server: cafe
etag: 18393213423120915576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:49 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 3FD2 29 KB
11 KB 57ms
42ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c9389fb9fa8bc949cb00e9a8d1af73b741795e78fb70e4f8baff40adc0d43fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11437
x-xss-protection: 0
server: cafe
etag: 14770036509172519503
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3FD2 159 KB
49 KB 124ms
33ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49747
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681125830480664"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 one_click_handler_one_afma.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 3FD2 47 KB
18 KB 68ms
52ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/one_click_handler_one_afma.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f85258f8a700c8bf69e1b7c4560536fba6053361e9a1e1c601fed69145ace4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:49:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18140
x-xss-protection: 0
server: cafe
etag: 1668910817290652060
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:49:53 GMT

GET
H3 200 6769252779208406546
tpc.googlesyndication.com/simgad/ Frame 3FD2 132 KB
132 KB 72ms
51ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6769252779208406546?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmKvFCaXeHpCyj0bsH9nvLOUAiaeA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213d6cd268807d564c0421c06832011739f349f57533277e5c367cdd387e2804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 13:19:03 GMT
x-content-type-options: nosniff
age: 19894
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135522
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 14:03:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 13:19:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3FD2 0
23 B 89ms
68ms Image
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C1lirfP02ZIHbEevQ0_wPzYKOuAP-wKz-b7LdpuHNEL_hHhABIOaX1iVgydash9yjxBCgAeGjpesCyAECqAMByAPJBKoE1gFP0AhS5FhTz-4Eqmnr9NgbfGBNPvI5zEj5Tfbo579lK8bTyV38XnFlBvlxLXJ5ytMzz61aiq1-zka5E7MOQ00zb6WHE5gYq3A0urVPeCzGkjwKlBPzhc74Ow8DX0XaF_VDLPoF_8i5TvHnxMZG6aCT-fFeK-xuZAPSYAY5W4BVl2oSjby75xIQN8i5XzBTFPDomIouP5AjJH_0yLgOsnIbUcsm6JreBCS5K8c7XhXKyJKoeHhEG5dDgskOK2O4b2CfUElBExVq85BvTCPIxPGKInmIpPkuwATdloCLnwSSBQQIBBgBkgUECAUYBKAGAoAH5JmOXagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB0ggPCIBhEAEYADICigI6AoBA8ggOYmlkZGVyLTUzNTc0NzeACgTICwHYEwzQFQGAFwGyFwgKBggAEgAYAA&sigh=ddBr74Mi_iM&uach_m=[UACH]&pr=10:0.290419&cid=CAQSGwBygQiDTwmiZPMkMJGj2KmwoKosmMHI1gWWeBgB&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/ Frame C2C8 28 KB
11 KB 67ms
56ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:48:59 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame C2C8 3 KB
1 KB 187ms
177ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1307
x-xss-protection: 0
server: cafe
etag: 18393213423120915576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:49 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame C2C8 29 KB
11 KB 60ms
50ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c9389fb9fa8bc949cb00e9a8d1af73b741795e78fb70e4f8baff40adc0d43fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11437
x-xss-protection: 0
server: cafe
etag: 14770036509172519503
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C2C8 159 KB
49 KB 137ms
66ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49747
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681125830480664"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 one_click_handler_one_afma.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame C2C8 47 KB
18 KB 182ms
173ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/one_click_handler_one_afma.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f85258f8a700c8bf69e1b7c4560536fba6053361e9a1e1c601fed69145ace4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:49:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18140
x-xss-protection: 0
server: cafe
etag: 1668910817290652060
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:49:53 GMT

GET
H3 200 18212219772527070295
tpc.googlesyndication.com/simgad/ Frame C2C8 13 KB
13 KB 78ms
69ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18212219772527070295?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qn2x8Gv2tnPZa2BoTTWFVv5_-uw4Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bc79a91a9a444fde5989d310a2f75596c73e1bd6bb2607a0996dad1f575c07e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 05:40:33 GMT
x-content-type-options: nosniff
age: 133804
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12992
x-xss-protection: 0
last-modified: Fri, 13 May 2022 17:00:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 10 Apr 2024 05:40:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C2C8 0
23 B 73ms
65ms Image
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C3kOnfP02ZMvCC4OjoPwP-bW4oAGf0OnRb7nzr7fTEL_hHhABIOaX1iVgydash9yjxBCgAffim7QoyAECqAMByAPJBKoE3wFP0P42qoQU5eqaBrtjLQqOb0MAKxTIqcuCu6FfkS_A5fZYgb3gFRKIAIAhoDVTDeAKyywpW-lGzFvJQ9v3qrqsG1fXoU7GaIZaBrbhPw4yPT_RPH7dVJ2p8kr8kNhhMmT1g1wdrtelm7DBy2Pc31t0LOe1_SDiqdwowpITH1UYRMvimijtugV8ZysRG7dyabqOwnbf4SXCOXaNvtz6ex4Ka5mZXyqc6K7Cc8NEKwpbsG9CY-5tdSzsgYaiqm3gdjjgFwvUXxuucuYfwY0cmdLrhBfZP0A_yNgOe9_b9hFawATh9_fhgQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH95rskwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAdIIDwiAYRABGAAyAooCOgKAQPIIDmJpZGRlci01MzU3NDc3gAoEyAsB2BMN0BUBgBcBshcICgYIABIAGAA&sigh=t86k4g7PmFo&uach_m=[UACH]&pr=10:0.274194&cid=CAQSGwBygQiD63QdsmwS-Pt17pbprUiHNqaPDvYJhhgB&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/ Frame 0A9B 28 KB
11 KB 83ms
75ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:48:59 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 0A9B 3 KB
1 KB 168ms
159ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1307
x-xss-protection: 0
server: cafe
etag: 18393213423120915576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:49 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 0A9B 29 KB
11 KB 87ms
76ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c9389fb9fa8bc949cb00e9a8d1af73b741795e78fb70e4f8baff40adc0d43fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11437
x-xss-protection: 0
server: cafe
etag: 14770036509172519503
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0A9B 159 KB
49 KB 113ms
61ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49747
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681125830480664"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 one_click_handler_one_afma.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 0A9B 47 KB
18 KB 168ms
157ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/one_click_handler_one_afma.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f85258f8a700c8bf69e1b7c4560536fba6053361e9a1e1c601fed69145ace4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:49:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10844
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18140
x-xss-protection: 0
server: cafe
etag: 1668910817290652060
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:49:53 GMT

GET
H3 200 7758440501683870586
tpc.googlesyndication.com/simgad/ Frame 0A9B 41 KB
41 KB 89ms
77ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7758440501683870586?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkki2wy7OPs6DNrbDafbjizXSvt1w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9803e13830d04a871ed27d4ffc42de26fcc77d6937ff73fb49a3383836f974e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 18:36:58 GMT
x-content-type-options: nosniff
age: 173619
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42215
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 11:46:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 09 Apr 2024 18:36:58 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0A9B 0
23 B 73ms
61ms Image
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxvR_fP02ZM_SC9S8j-8PreKs8Ab-wKz-b5z1_dmuEb_hHhABIOaX1iVgydash9yjxBCgAeGjpesCyAECqAMByAPJBKoE2QFP0Pr1cs8X2Ch4l93gmcA36cOnxrbcIRUzNgp5Wb8leiOv9yogteKtQasK77aeq8nvPxHQag_M0RZXoQVgEg20uQsTEnazH_4anGLe8zMO-Zk-EuWKGvLxuX9L2C4VkA4KgCYOm93OHhPU9eXrlgwVJJ3LcTMiO10TyB9CTo-X0r8QgnkGtBNwoWcHUJbrymYLU57EiTPT__90CFto8qKtvSdPKdJL0stmttKTXvosaUQFs9FApcVsiTSiPQ6-xOkXtY2IpmqA5DJcQElKq0HYtanu_77J-dOhwATdloCLnwSSBQQIBBgBkgUECAUYBKAGAoAH5JmOXagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB0ggPCIBhEAEYADICigI6AoBA8ggOYmlkZGVyLTUzNTc0NzeACgTICwHYEwzQFQGAFwGyFwgKBggAEgAYAA&sigh=Plu4IynZJKc&uach_m=[UACH]&pr=10:0.095165&cid=CAQSGwBygQiDG4B_1BrBWX_TElgX3V04uFrhCnZ3oBgB&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 12 Apr 2023 18:50:37 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 10D4 0
950 B 43ms
31ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QKDBvBMAwMAAAMA1gAFAQj8-tuhBhC-3Z2p3Kb4iCAYrdfu-NG5_PNtKjYJJVzII7iRuj8RHEXWGkrtsz8ZAAAAYGZm7j8hHEXWGkrtsz8pJVwJJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF48bYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EYXVVNS0xLWQ0bENmOWo4eDRGR2tQTS03NGNOcWRlTV9mZ2l0RXBvVW9KSGVSWU90SGZBZVZpTlNvLU1ESXF4T1l1S1BIUGZLNmJ5OWJOOEg4ZF9vQzkxUGNBUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMzEwODc1NzA0ODc0OTg3MTk4Igg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBdq40Zyz3KKQP8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE1NjI2ODE4MDI2OMgH8bYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=1fb73215dc3d3c01c263ee7a7f6de675632721b8&type=nv&nvt=5&jm=1003&px=603&py=667&bw=336&bh=280&sid=8227257801487740099&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&sw=1600&sh=1200&pw=1600&ph=2448&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 30424858-3b51-41bc-922c-650e0653653a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C292 143 B
166 B 67ms
49ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:32:36 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 80ms
11ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 00:37:13 GMT
content-encoding: gzip
age: 1880004
x-guploader-uploadid: ADPycduUnLO3nhObdPCYIbeaUc03nY7dWys9zCxO2KnebECm1Mk4lcZEUsoOPdhDHUj9LNVO4jq-wGFwUmPFER6GcpHfwg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Thu, 21 Mar 2024 00:37:13 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012304040531000/ Frame 3D82 222 KB
61 KB 191ms
43ms Script
text/javascript 2607:f8b0:400c:c0c::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0c::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5a06a61cc91207a0766de728cc62f1bc1c987a5baa2155a542248a6ba0d97f4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 12 Apr 2023 12:24:53 GMT
age: 23144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61837
x-xss-protection: 0
server: sffe
etag: "4c71ce2fa24fb84d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 11 Apr 2024 12:24:53 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012304040531000/v0/ Frame 3D82 15 KB
5 KB 279ms
131ms Script
text/javascript 2607:f8b0:400c:c0c::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012304040531000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0c::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89b0b16db8325b2c6db9a0f68eabea4c6ffab4022ee31fb5ea6ea64a2b19b0ad

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:10:37 GMT
age: 178800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5234
x-xss-protection: 0
server: sffe
etag: "5c3964a98ed5c9e1"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:10:37 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012304040531000/v0/ Frame 3D82 94 KB
28 KB 251ms
103ms Script
text/javascript 2607:f8b0:400c:c0c::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012304040531000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0c::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fb9eba0f98fc3a5c9cfa55a0c43ea1d24c5f2e388f06612f404e09fe83fcbc6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:10:30 GMT
age: 178807
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28939
x-xss-protection: 0
server: sffe
etag: "55c7a8d78e6c0bd3"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:10:30 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012304040531000/v0/ Frame 3D82 5 KB
2 KB 249ms
101ms Script
text/javascript 2607:f8b0:400c:c0c::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012304040531000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0c::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2262d50696110a18e87fa0ac8edb8b9860bccb89680a5c04bad6a5246892090b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Apr 2023 17:10:24 GMT
age: 178813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1904
x-xss-protection: 0
server: sffe
etag: "d57b42639333a446"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 09 Apr 2024 17:10:24 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012304040531000/v0/ Frame 3D82 40 KB
13 KB 273ms
125ms Script
text/javascript 2607:f8b0:400c:c0c::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012304040531000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0c::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba1c1cba103b212eaa4c5aea8268a6e94d3e0d39a16d5d094b604790db6d4fd5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 12 Apr 2023 11:16:09 GMT
age: 27268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12940
x-xss-protection: 0
server: sffe
etag: "aa817619b4e21783"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 11 Apr 2024 11:16:09 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3D82 6 KB
765 B 93ms
47ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

927e28e6f905011cd102263e99fc6a6032d90aab9f7fce9e2be1b5a4a115d7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 17:16:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3D82 4 KB
691 B 93ms
48ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

35fd59b97a8e0d867188a88d4ec485d4daa94c2ac3ae46790435ee7b59f229c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 17:09:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3D82 3 KB
3 KB 113ms
90ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 13:18:28 GMT
x-content-type-options: nosniff
server: cafe
age: 19929
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Thu, 13 Apr 2023 13:18:28 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3D82 344 B
368 B 113ms
90ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 12:09:27 GMT
x-content-type-options: nosniff
server: cafe
age: 24070
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Thu, 13 Apr 2023 12:09:27 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/10068094677989736158/ Frame 3D82 23 KB
23 KB 204ms
180ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10068094677989736158/14763004658117789537?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIqgIQqgIYASABLQAAAD8wqgI4qgJFAACAPw&rs=AOga4qnvxJe_sc38jCyuqNLeCrp8tkSprQ

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7b6b17dbfd59f390f39a4e46f930ded26e470ac3f1ebe984a5ee463bc3b85f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23894
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 12:44:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/9714055762877032756/ Frame 3D82 39 KB
39 KB 280ms
256ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9714055762877032756/14763004658117789537?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qlqQW1Y_3Boed05WjFu0LBNxyGnFQ

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b5d4d0c150c23af20d28b535c6057ff5e6d194a27d6658e9cfbc318343468c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39689
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 12:44:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3D82 0
0 113ms
90ms Image
text/html 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1GlyfP02ZLPwNsi5nwSSjoKAAdrPzoBwvc2WxNwQpOfy7ZUCEAEgtcuKRmD96KKB8AOgAeCB8PgoyAEGqQKvBlKMyWmyPuACAKgDAcgDCqoE-AFP0O2vC-wsDyvO6Y1DV0GakHg4tXfF1kYEFUSlChz6cB588emu9a0LuVflKn36CaZcrby664Li8pHNt6YhKP5_FEJXjjpD-ozHrLyX2ve0S0Vgxqn3tIck70hiB5QjaJeZb7hrj8zZpBX1_5he3l3Wa2vAjzLYaOvoBNKAYO25B0grkH_K6-8l3xCzRt7pgkqtDVduCjgfWusHqXb8BS3ZK_CfyF_kfddCDDgoAcmHC3YLO7L1RcaaJL2ocY8lAIuEi-x4hMaabeayDccv7_B3F19Ok5RABMAtnKA8FeZpNj2dJryDfVOwqnNQWXgCl2aasPm2xYuUb8AEgYOj_KIE4AQBkgUECAQYAZIFBAgFGASgBjeAB-C5wNgDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQxIgG0ggPCIBhEAEYHTICigI6AoBAgAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTEwNjYwMTM3ODYzNTQwNTEYrc4p&sigh=oosJG7_-J0o&uach_m=[UACH]&cid=CAQSPABygQiD-HNqopP3U58MW7AOen0Zs3fg0qzxGGEboB5qJMXQkhkvNbA-EzHTKmKw_NT70RupUbJJnIWWUhgB&template_id=492
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3D82 0
0 78ms
32ms Image
text/html 2607:f8b0:400c:c36::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSewYNkN4zvBImrhMMsyDXo-43efiyjnKsDtasA4crGwHhhNBesx30c0KA2s2PlD0l-rHsi6cjkeEDnD_IEiorw0BKJeQ
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400c:c36::69 Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 64DC 0
861 B 52ms
25ms Script
text/html 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=12039&pub_id=1860595&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=12039&pub_id=1860595

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:37 GMT
AN-X-Request-Uuid: 303b583e-a399-46dd-9cbc-ac9f84123dc7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/ Frame 77FF 22 KB
4 KB 95ms
74ms Document
text/html 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2017c9db551a3acbad713e51997815ddf3c6a4781a34c1a4b0dc6a6aa0b18660

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Thu, 11 Apr 2024 18:50:37 GMT
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/ Frame 573E 28 KB
11 KB 89ms
74ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10898
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:48:59 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 573E 3 KB
1 KB 91ms
76ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1307
x-xss-protection: 0
server: cafe
etag: 18393213423120915576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:49 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame 573E 29 KB
11 KB 90ms
74ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c9389fb9fa8bc949cb00e9a8d1af73b741795e78fb70e4f8baff40adc0d43fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 22:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73899
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11437
x-xss-protection: 0
server: cafe
etag: 14770036509172519503
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Apr 2023 22:18:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 573E 159 KB
49 KB 82ms
65ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49747
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681125830480664"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 573E 0
19 B 83ms
69ms Image
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CggYXfP02ZNK7M8KA6toPrYeO4AO2hsHvb4v0v4SnEeHSg8-BChABIOaX1iVgydash9yjxBCgAciLot8DyAEJqAMByANIqgTXAU_QwKgr6ccICNd-x2KQie3ABPm2hGMdTSfwKCCrRNI4aKYNXdYNAGtq-ebp-ICzuuwSm4SZC6_g-CwLQV-yklztYDEGsfTWKdLUrYGulTeAOnW-J8-IQ7n0ROo4PnRJxCzbGOJm7msUfKRHbq00fhqJ7-cUbkTmNvhj5TZpCT3aZxpdNoldYiuM-n-agFsloMs4jk99dcscdBy-nb5jT6GT4d0-5qKjpKfJ8i3w0Ceyw555uSV36Swp8BgD3EWHe-WTdt1-khsSs5g4ktqbQ2uzBaovUjlvwASs5rySxgSSBQQIBBgBkgUECAUYBKAGLoAHoPTdIKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA0ggPCIBhEAEYADICigI6AoBA8ggOYmlkZGVyLTUzNTc0NzeACgTICwHYEwrQFQGAFwGyFwgKBggAEgAYAA&sigh=le6vAXQznOg&uach_m=[UACH]&pr=10:0.103786&cid=CAQSGwBygQiD0v7CMVbjVYj18XkUkVQ0-7Gqt-ibGxgB&template_id=419&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3FD2 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37bd1c4fe92d700d01bc83a9f49aea365765937e3b6d1129a8d8ddb9155c5822

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3D82 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a2cda9d76b5bf1601e57edf216705580757a01cc7d3bc5fe71de60b98afcb06e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 article-impression
events.askjdhaa.com/api/v1/push/ 0
0 94ms
40ms Ping
application/json 2600:9000:2120:7000:d:57d4:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.askjdhaa.com/api/v1/push/article-impression
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2120:7000:d:57d4:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 article-impression
events.askjdhaa.com/api/v1/push/ 0
0 93ms
38ms Ping
application/json 2600:9000:2120:7000:d:57d4:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.askjdhaa.com/api/v1/push/article-impression
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2120:7000:d:57d4:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 article-impression
events.askjdhaa.com/api/v1/push/ 0
0 79ms
30ms Ping
application/json 2600:9000:2120:7000:d:57d4:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.askjdhaa.com/api/v1/push/article-impression
Requested by: Host: cdn.speakol.com
URL: https://cdn.speakol.com/widget/js/speakol-widget-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2120:7000:d:57d4:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://24moro.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0AF3 143 B
166 B 78ms
37ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:32:36 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C2C8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff68f3c4962c05d496b30cdd56ad345e8bf358f14407f48e55b8b98e7a730bf9

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7C89 143 B
166 B 71ms
39ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:32:36 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8578 247 B
867 B 163ms
43ms Document
text/html 173.194.217.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.217.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vw-in-f94.1e100.net

Software

sffe /

Resource Hash

df3e01305819837d7c8059eccc2427cfe74168e44f2b295c20fd0beb1b1a91c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 202
content-security-policy-report-only: script-src 'nonce-TMlbY9ipi-B_gKDGWmrC8A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0A9B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45bdaf2ff7c10116ef18ba5b7fbf7d8abe4bea8d06955af013f0d058cf4aa76b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3D82 15 KB
15 KB 39ms
39ms Font
font/woff2 2607:f8b0:400c:c38::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c38::5e Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://24moro.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 16:53:47 GMT
x-content-type-options: nosniff
age: 7010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Apr 2024 16:53:47 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3D82 16 KB
16 KB 42ms
41ms Font
font/woff2 2607:f8b0:400c:c38::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c38::5e Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://24moro.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 15:37:35 GMT
x-content-type-options: nosniff
age: 443582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Apr 2024 15:37:35 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp&cc=1

85 B
202 B

46ms
43ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 6abca67a43b47b59366c4be2bf6c82c67abb9b2baadedec958f0789a1bad7515

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-1oUghFMHPF7g179YvVK61mkzVuY"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://24moro.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Wed, 12 Apr 2023 18:50:37 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://24moro.com
location: /esp?url=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 77FF 6 KB
3 KB 62ms
46ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 12:12:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2551
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 13 Apr 2023 12:12:03 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 77FF 34 KB
13 KB 65ms
49ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 19:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 12 Apr 2023 19:17:33 GMT

GET
H3 200 15010d49ebe1c88c16a5b5f57a04c209.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/ Frame 77FF 106 KB
30 KB 82ms
65ms Script
application/x-javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/15010d49ebe1c88c16a5b5f57a04c209.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

731dc4c1fbf76273a3ea45c2a5a0d0ecd0af9b3b91e2e55951a60bbda304fdad

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C292
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

40ms
37ms

Document
text/html

2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Wed, 12 Apr 2023 18:50:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C1B7 143 B
166 B 42ms
35ms Document
text/html 2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:32:36 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 573E 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e34b8adffde57810b7b247f215e9fddda7f9e1e6df8d8b47245e1dde339aa4c6

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EB19 6 KB
3 KB 39ms
39ms Document
text/html 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304100101/pubads_impl.js?cb=31073754

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:36 GMT
expires: Thu, 11 Apr 2024 18:50:36 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe.html Show response
p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8578 5 KB
2 KB 41ms
39ms Document
text/html 173.194.217.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.217.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vw-in-f94.1e100.net

Software

sffe /

Resource Hash

51f267686d55488ffd46b12432156d7d414e6d5d90af8f8a43943e1ea8ecc8a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1987
content-security-policy-report-only: script-src 'nonce-O6VG4FpdVH8HcK2PGU3SBA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Fri, 03 Feb 2023 22:38:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0AF3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

41ms
40ms

Document
text/html

2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Wed, 12 Apr 2023 18:50:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js Show response
pagead2.googlesyndication.com/bg/ Frame F18E 36 KB
14 KB 49ms
35ms Script
text/javascript 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sat, 08 Apr 2023 21:19:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 336697
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Apr 2024 21:19:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7C89
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

41ms
40ms

Document
text/html

2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Wed, 12 Apr 2023 18:50:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 3D82
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

37ms
37ms

Image
text/html

2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 77FF 5 KB
664 B 52ms
50ms Stylesheet
text/css 2607:f8b0:400c:c0a::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:800|Open+Sans:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/15010d49ebe1c88c16a5b5f57a04c209.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0a::5f Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

89cebf179f4db4d236912bbae3432717d9a2b38838f009c7a5ef40cabcdfdb6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 18:50:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 270de1fb3e7d0e76d9d1865d2d5d2acb.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 20 KB
20 KB 49ms
47ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/270de1fb3e7d0e76d9d1865d2d5d2acb.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00b160ff2555dde2e8b198bd6143da199a8b981470fbd9eb11aedc3a20b4927c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20869
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 c7c6eb30d33f9492e9efa6dc16508c6e.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 4 KB
4 KB 50ms
48ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/c7c6eb30d33f9492e9efa6dc16508c6e.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55846284648bdafd635501dba9bd094ec6a2ad10bee3fab812e1b30b0d796937

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3778
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js Show response
pagead2.googlesyndication.com/bg/ Frame 0B16 36 KB
14 KB 37ms
37ms Script
text/javascript 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sat, 08 Apr 2023 21:19:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 336697
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Apr 2024 21:19:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EB19 0
0 58ms
56ms Fetch
text/html 2607:f8b0:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_Vpzff02ZL7hB42mnwSbxIKwBr6VpK9s99rS06wMwI23ARABIABg_eiigfADggEXY2EtcHViLTY5NDk0ODA3MTMyMDI0NTbIAQngAgCoAwGqBNEBT9DvilmukHCWMRbCUIMQOFD7d2KcG8b8us-M21bXXiLLx-wngfazqE-dwxyW7BWb-HcFxikMF5QbcmtC-2yQHCWNJ8Pof2odYAJG_KgU7243_sIi4Y4jW2vwEqnWWuzNxmJYlWTR6q66dlkEWo1sK69anRLXbs4jV6-rMfDUmmMeOwpYq1uYLJ_nQmHzBjVr1PQ77YAij6gTpV0V6_Tc5k3-vE8gxtndIEKR6ensefwHZN09c5GqarF2_pq02ytqDGLYMgqFmfq1k0Zg22yeT-TgBAGABoDX0KTvj-jSC6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA0IgGEQATICigI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTY5NDk0ODA3MTMyMDI0NTYYrc4p&sigh=8wHzYTW55zE&uach_m=[UACH]&cid=CAQSPABygQiDD2TleFBgwAzaUnNf3cqlKLzA6etZhC3CcmoAJUVFXzIqLjVwdCQ3DM6hX69MeIbG0fBAneKdvhgB
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c0b::9d Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 200 log
hblg.media.net/ Frame EB19 35 B
0 184ms
55ms Fetch
image/gif 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hblg.media.net/log?logid=kfke&evtid=plutol1&prvReqId=15113334401113_1015113873_41051946843131&acid=1488635756ce401b8b35f5b1671bc06d&pvid=313&ogbdp=0.16&sc_pvid=294&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&cc=CA&cliIP=0&UA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F111.0.5563.146%20Safari%2F537.36&dn=24moro.com&cid=8CUU9JF8H&ugd=4&size=300x600&cbdp=0.109&dtc=east_sc&itype=ADX&device_id=4&rme=nurl&app=0&viewability=93.0&bidrestime=1681325437245&slotVisibility=1&ctr=-1.0&csip=rtb-appnexus-c49679977-sj2lb.SC&scrid=1700080807682800300060000000500&mang=1&commit_id=dc0075d4&zone=d

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:37 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame EB19 35 B
0 227ms
19ms Fetch
image/gif 23.44.133.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.1600&ss_d2=0&stid=&other_prv=294%7C313&jar_err=&current_day=3.0&adtyp=0&ecp_status=ecp_not_applicable&req_id=bT8XZX1pVO1luq3BtIEcdw&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&cliIPV6=2607%3A5300%3A0060%3A0000%3A0000%3A0000%3A0000%3A0000&predicted_wr=72.2250&exp=&deal_id=&fdbk_id=&second_bidder=294&search_res=32&floor_bucket=0.00&gpid_format=&seat=BID_API&rc=-1&size=300x600&url_l1=qbb0afxwjzbz&ecp_rtime=0&f_seg=&prdp=0.1088&ogcbdp=0.1600&dfpbd=0.1088&server=1&ogerpm_wd_bkt=0-1&model_version=202304111900_generic_adx_1-cid_0&viewability=0.9300&dmm_r=0.0000&cut=32&dmm_l=0.0000&as_cache=1&tcyerpm=&sc=QC&send_erpm=true&dmm_m9=0.0000&sd=1&hb_exp=&seg=&dmm_m4=0.0000&erpm_bucket=0.15&ugd_ver=&requrl=24moro.com%2Fqbb0afxwjzbz%2F&bidrestime=1681325437245&cc=CA&strg=harmony&ss=&current_hour=18&time_stamp=2023-04-12+18%3A50%3A37&model_key=generic_adx_1-cid_0&rvshhon=&mul_ratio=0.0000&bdp=0.1600&ct=montreal&akey=&mnckfl=0&dmm_ctr=-1.0000&asn=514&bdp_bucket=0.15&algo=default&dc=east_sc&splid=&erpm_mult=1.000000&dn=24moro.com&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F111.0.5563.146+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=1488635756ce401b8b35f5b1671bc06d&zone=d&infl=&o_ver=NT+10.0&br_ver=111.0.5563.146&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=9.3.7&totalTimeBucket=2&visibility=1&totalTime=2523719&dmm_m1=2023-04-12+18%3A50%3A37.247906959&e_rpm=0.0000&dmm_m22=0.1600&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&sfm_key=&bdmm_m12=0.0000&cid=8CUU9JF8H&bcrid=1700080807682800300060000000500&rawbid=0.1600&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=0.0000&o_id=101&clisp=rtb-appnexus-c49679977-sj2lb.SC&dfp_bucket=0.1&adblk=3520976620&itype=adx&pvid_seat=313_BID_API&cliIP=0&advurl=topics.businessfocus.online%2F&level_base=0&crid=410519468&sat=1&br_id=265&cut_bkt=30&gpid=&iwb=1&second_bid=0.080000&sc_pvid=313&capd=0&other_bids=0.08%7C0.16
Requested by: Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.44.133.30 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-44-133-30.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 12 Apr 2023 18:50:38 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame EB19 196 KB
82 KB 125ms
62ms Script
text/javascript 23.200.196.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU7Q771E&ydspr=1

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.196.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-200-196-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

396a37a2c296c024f286b410633ee81c005a6b36b0b469f0cd83d6f15a86fa19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-mnt-h: 21-mn03
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 12 Apr 2023 18:50:37 GMT
server: Apache
etag: "275b13b945ede7dc133b732fb46c042a"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
x-mnt-w: 22-v2l2
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:55:37 GMT

GET
H2 200 release-20230329-99-adperformance.js Show response
warp.media.net/rtb/resources/ Frame EB19 71 KB
25 KB 223ms
66ms Script
application/javascript 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resources/release-20230329-99-adperformance.js

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

UploadServer /

Resource Hash

529040ffb31edc3b458168066d513769520e983e2cc9ffb8d6c9ea0d98c57a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Wed, 12 Apr 2023 18:50:37 GMT
x-guploader-uploadid: ADPycdsc_qi18PGB_OvRluLanKMruZ2O89HU5VgDp-6nHek9NUh3TH0rKcsbX5OfgMny5GHPUL8KKxbGyWk4kbDWzuxO1dqrfWha
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25080
server: UploadServer
etag: "821663833b8f83b3092ebbca9ed4a6f2"
vary: Accept-Encoding
x-goog-hash: md5=ghZjgzuPg7MJLrvKntSm8g==, crc32c=XNaW9A==
content-type: application/javascript
x-goog-generation: 1680095338448196
cache-control: max-age=3600
x-goog-stored-content-length: 73074
expires: Wed, 12 Apr 2023 19:50:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame EB19 3 KB
1 KB 39ms
35ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:46:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:46:15 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/ Frame EB19 20 KB
8 KB 42ms
37ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230411/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 15:44:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Apr 2023 15:44:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EB19 0
0 47ms
42ms Image
text/html 2607:f8b0:400c:c36::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ83bSrVwwgrLzmk-QQgIOb-axi8TYRFjIB-tDS1ctyD5vPjAHJPTz2sXtQRQWIzIEFE7OctDhH8yYgTkS9HSR2hMkOUg
Requested by: Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c36::69 Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame EB19 24 KB
6 KB 43ms
38ms Script
text/javascript 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 15:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 185261
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 09 Apr 2024 15:22:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB19 159 KB
49 KB 71ms
65ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49747
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681125830480664"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:50:37 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3D82 3 KB
3 KB 48ms
44ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 13:18:28 GMT
x-content-type-options: nosniff
server: cafe
age: 19929
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Thu, 13 Apr 2023 13:18:28 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 3D82 344 B
368 B 48ms
45ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 12:09:27 GMT
x-content-type-options: nosniff
server: cafe
age: 24070
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Thu, 13 Apr 2023 12:09:27 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/10068094677989736158/ Frame 3D82 23 KB
23 KB 49ms
46ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7b6b17dbfd59f390f39a4e46f930ded26e470ac3f1ebe984a5ee463bc3b85f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23894
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 12:44:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/9714055762877032756/ Frame 3D82 39 KB
39 KB 50ms
47ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012304040531000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b5d4d0c150c23af20d28b535c6057ff5e6d194a27d6658e9cfbc318343468c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39689
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 12:44:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C1B7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

50ms
48ms

Document
text/html

2607:f8b0:400c:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c0f::9b Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
expires: Wed, 12 Apr 2023 18:50:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 42ms
41ms Image
text/html 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304100101&jk=3729830312888194&bg=!lJell8PNAAYIJb0jKCU7ADkAdvg8WtIcNNk5rawvIg8NU2oAA_eeQYgiaS1OLKi5PPjuB97q2IJ-kf6tJywK5psKNusRyoj-KAkCAAABG1IAAAADaAEHCgCdlwUVBfV6yhfG804vGRHlITVNP8wj3Y91ePsgvl0KeF0gtLdAbrv2ChT1EMUc79Q6coDCMJXLXJKw0tnb40WuW0X3y8lzF4EGCbXgTeayOj1BhL8dzsufHa_VVFq44EM2GjbNncSb0HMWjlEDWaZ4-AGkW0l1QrT5slg6tApMOfgHiXjzWMcWm3tf3O4wsmzVaqlD9UxPbEeYXvQtM5kCpq7KBBKbfJRopZBqoAVYpO75sJ4zSMWBbtrT3zwrl8rzNn12z3TymGaRcQl4GORfKxhVNwbOL9WJTe56QdJFe3Ecov7mnf7rMZgUSanZzk-R-SaNfaLWZHkQoCNTeHysd5ds097WwCExKSkCa1NL81nt90IwBvccgQiE5841tGp89fN9UgKx3nhcCMX4fXacpXq9W85Rutpqq3LBzY3vjWW0VykHY39Mel5Nh9sKizNePY5crLxLyQQQhk5uBBaIFR1RMWUaaeateee6DXGtF6iXOlbz1VHv_ZUbTer3FzEK2sFuay3FjoAr7Xfgj3u9aGggT5S6M09VrSlzvX9t_ZLUXRNyl4LndIaaHONzmhdMqkl5lTZpLwIk7rIslB5d4WnOK9AU6_Q1QvMXq2wNr6hAQ7xSNOMxzNTwVsI2I_gzmLAm8b3cwnaP2GYT7VHHolaCvP15vPINrg9tfAQRyFnv9mo3XGvf-O6Rg39Y92Ut93K1FauATVu7RSaM3OtWpxWbc3Q-AzB0CZb3d_EEE_mz0-YQVnFJckNkqNgiyzbc1gWmJhroEdAnzUrg6xZi0UqSIIJEmywtyqsIuM7tOdGWRfV3j2lXJkDHc6fZD0847wL82dh4gQgXH5e8cfahc39EKR7n86ZkPATFHxN_AWi-iJ6Myesa9y8V90Y31-J2PtatDZFNHkmoIWEtyjX0a3r8VWZ0Hy8pQRzytcNDRN_ZPi1nsCMAtpuzlyUHOckJRMktN_4C347OHDY_c-jVCyw-cxqZqCFhX8wbCx9q_LISTlMVck9DEM-ip-snwDJ7w4UzLjmwwqk0xC0KZldY5pbImAUto-AcVrDxvGDWZXe4YRJz4guUh7j1eI-vLnAfc9QW33bLLeDH4F4WJ2zx4LVXtXJR9Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 9622 594 B
813 B 52ms
16ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 2bb6a4aba39c09142ba1f41849587af550269de21276a63355c975e60a5d0f62

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 386
content-type: text/html
date: Wed, 12 Apr 2023 18:50:37 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 77FF 44 KB
44 KB 40ms
36ms Font
font/woff2 2607:f8b0:400c:c38::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800|Open+Sans:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c38::5e Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 19:05:16 GMT
x-content-type-options: nosniff
age: 603921
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Apr 2024 19:05:16 GMT

GET
H3 200 eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js Show response
pagead2.googlesyndication.com/bg/ Frame 7117 36 KB
14 KB 35ms
35ms Script
text/javascript 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sat, 08 Apr 2023 21:19:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 336698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Apr 2024 21:19:00 GMT

GET
H2 200 89eef076-c525-e836-c242-7bca8881fb5c
pr-bh.ybp.yahoo.com/sync/openx/ Frame 9622 43 B
603 B 159ms
41ms Image
image/gif 2600:1f18:4e9:5a05:2438:5b9c:3f03:dbad
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/89eef076-c525-e836-c242-7bca8881fb5c?gdpr=0

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a05:2438:5b9c:3f03:dbad Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:38 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 9622
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5&dcc=t

43 B
855 B

64ms
64ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5&dcc=t

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 6J4ZP975E5YS9SN7Y19B
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: P7YDE4C1WH6RS3140PB9
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=45ffea4f-4923-c185-339b-efa81fe5fdf5&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9622
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0
https://match.adsrvr.org/track/cmb/openx?oxid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3c5ee43f-7a58-4a66-a685-919727fa2857&ttd_puid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0&gdpr_consent=

43 B
250 B

16ms
15ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=3c5ee43f-7a58-4a66-a685-919727fa2857&ttd_puid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0&gdpr_consent=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=3c5ee43f-7a58-4a66-a685-919727fa2857&ttd_puid=1d299632-5589-7a7f-f395-6d3f77d63615&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 9622 170 B
409 B 139ms
40ms Image
image/png 173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MzE0NjQ1ZjgtOWNmZS0yNGRiLWU2NzUtMzc4NmJkMzRmODc1

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9622
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKqas-nBtZzki8Dqf_wm_po&google_cver=1

43 B
180 B

41ms
14ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKqas-nBtZzki8Dqf_wm_po&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKqas-nBtZzki8Dqf_wm_po&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK browserfp.min.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame EB19 104 KB
35 KB 136ms
30ms Script
text/javascript 104.126.116.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU7Q771E&noCookies=true
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7Q771E&ydspr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.126.116.147 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-116-147.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: 1f6edf929f53dd4587179a558b4896879027457d39b8bde5d8b7ff19c49463da

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 12 Apr 2023 18:50:38 GMT
Content-Encoding: gzip
x-powered-by: Express
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Access-Control-Max-Age: 1800
Connection: keep-alive
Content-Length: 35119
Expires: Wed, 12 Apr 2023 18:55:38 GMT

GET
H2 200 smtr Show response
contextual.media.net/ Frame EB19 91 KB
31 KB 191ms
188ms Script
text/javascript 23.200.196.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.$5l&&vi=1681325437735712590&gdpr=0&cid=8CU7Q771E&cpcd=QcqgoxBu_JEBy1__-rrJcw%3D%3D&crid=522207812&size=300x600&cc=CA&sc=QC&chnm=HARMONY&pid=8PO6CSQ66&tpid=T110S06&https=1&vif=2&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&nse=5&lw=1&ugd=4&adt1=8CUU9JF8H&adt2=410519468&itid=17&bae=B4qB/g4e/x&bcpf=B4qB%2Fg4e8fOnRrolnfOur8%2Fx&bdrId=313&ntv=0&matchstring=hr%3D0%7Cbcat%3D11%2Ca%2C13%2C14h%2C3y%2Cg%2Ck2%2Cov%2Ch%2Cgo%2Ci%2Cj3%2Ci2%2C150%2C133%2C3%2C149%2C7%2C4k%2Chb%2Cy5%2Cmk%2C13a%7Ccsh%3D1&sff=0&mcf=28958&tsce=L101&katpre=1&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&katbid=-21&katid=808076828&kapc=31&ekals=775EJvu99uW%7C%7CE7vu%7C%7CjY8Ovz1%7C%7C77OvW&kata=aton&ekalog=bVvAu9u%7C%7CqVrv9%7C%7CbVrvW%7C%7C_0_rvXhhfAiXffifi9WW99H%7C%7CcVvAu9H%7C%7CPPVrvyarwp0Di%20kKKT8iG3%7C%7Cc0_rvAWH%7C%7C%3DVvAu9u%7C%7C_TVrvF&ydspr=1&pgid=p037476969t202304121850&essld=fF9h%3AXA99%3A99F9%3A9999%3A9999%3A9999%3A9999%3A9999~%3DK~g%3D~Ymz7LJ1j&nb=1&cadomain=tzR-hLcl-L81q0bo4F7GnA3mMwDIDjC2d77KxBXphR_fTCDUsmLZYQ%3D%3D&adv=Business%20Focus&isid=11&allsc=QC

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7Q771E&ydspr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.196.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-200-196-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

2899b2888191bf0e8139c08952bf8c3dd363e49ed848b9eef34fa3086867396a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-sc-h: 22-vhl2
timing-allow-origin: *
content-length: 31589
expires: Wed, 12 Apr 2023 18:50:38 GMT

GET
H2 200 bping.php
lg3.media.net/ Frame EB19 35 B
185 B 91ms
56ms Image
image/gif 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=770&&vgd_cdv=921&vgd_tsce=L101&vgd_cage=0&vgd_mcf=28958&gdpr=0&prid=8PRVCXX19&cid=8CU7Q771E&crid=522207812&vi=1681325437735712590&ugd=4&lf=6&cc=CA&sc=QC&lper=100&wsip=170785052&r=1681325438126&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&ssld=%7B%22QQ8E%22%3A%22fF9h%3AXA99%3A99F9%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQNN%22%3A%22%3DK%22%2C%22QQQN%22%3A%22g%3D%22%2C%22QQN75%22%3A%22Ymz7LJ1j%22%7D&vgd_ydspr=1&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=16276&vgd_rakh=1681325437155912567&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_itype_id=17&vgd_pgid=p037476969t202304121850&vgd_pgids=1&vgd_uspa=0&hvsid=00001681325438119025035145559201&gdpr=0&vgd_l2type=scs_newfl&vgd_end=1

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Wed, 12 Apr 2023 18:50:38 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 12 Apr 2023 18:50:38 GMT

GET
H3 200 270de1fb3e7d0e76d9d1865d2d5d2acb.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 20 KB
20 KB 36ms
36ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/270de1fb3e7d0e76d9d1865d2d5d2acb.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00b160ff2555dde2e8b198bd6143da199a8b981470fbd9eb11aedc3a20b4927c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
age: 1
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20869
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 c7c6eb30d33f9492e9efa6dc16508c6e.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 4 KB
4 KB 38ms
38ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/c7c6eb30d33f9492e9efa6dc16508c6e.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55846284648bdafd635501dba9bd094ec6a2ad10bee3fab812e1b30b0d796937

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:37 GMT
x-content-type-options: nosniff
age: 1
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3778
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:37 GMT

GET
H3 200 5820a48c76d370539b92145d28188f42.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 25 KB
25 KB 52ms
51ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/5820a48c76d370539b92145d28188f42.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a02043c1a07d967101d12bf25c060efc5e2c75fbd0dd02f7485b56593ba0480

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25985
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:38 GMT

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 110ms
55ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: revenueflex.com
URL: https://revenueflex.com/d/ons/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Apr 2023 18:50:38 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 6D44 26 KB
9 KB 68ms
59ms Document
text/html 23.200.196.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C20000%2C294%2C262%2C460%2C461%2C462%2C4%2C313%2C10000%2C459%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.196.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-200-196-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

90557d06412be8395631df571518b0a9a52cab45c54dd8c1ae3997efae530c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9328
content-type: text/html; charset=UTF-8
date: Wed, 12 Apr 2023 18:50:38 GMT
expires: Fri, 14 Apr 2023 18:50:38 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame EB19 35 B
199 B 67ms
59ms Image
image/gif 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/clog?logid=awlog&pixel_len_bucket=5053&lper=1&itypeid=17&itype=ADX&cc=CA&cid=8CUU9JF8H&reqid=bT8XZX1pVO1luq3BtIEcdw&vid=bT8XZX1pVO1luq3BtIEcdw&dn=24moro.com&rawDn=24moro.com&pid=8PR113JGC&ugd=4&fleet=appnexus&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&cliIPV6=2607%3A5300%3A0060%3A0000%3A0000%3A0000%3A0000%3A0000&cliIPType=v6&coppa_enf=true&lmt_status=N&lmt_applied=N&lmt_enf=true&dnt_enf=false&geo_source=1&sc=QC&ct=montreal&pubid=pub-ADX-116310109131&tgtval=pub-ADX-116310109131&csip=rtb-appnexus-c49679977-sj2lb.SC&dtc=east_sc&zone=d&sd=1&ptype=23&tmax=300&xtmax=290&gdpr=0&app=0&sat=1&device_id=4&asn=514&sckfl=1&suid=CAESEGKgakmyO_TyquNvDs2nP9o&smbrid=adx-unknown&usp_status=0&usp_enf=1&gqid=AOmmZTC2uMzMI3RO5Se0C0HPzLndI5_ap2AdPJAs7hX74tZq2U4gasX1Qk3AKzObVcNZMhx6&pexid=ADX-pub-6949480713202456&geoll=false&is_ortb=false&s_ip=74.125.78.129&s_city=charleston&commit_id=dc0075d4&ocurr=USD&omul=1.0&currsrc=API&currsrc_date=2023-04-12+00%3A00%3A00&schain_cmpl=1&schain_nodes_count=2&dummy_vsid=false&amptype=1&second_call=false&supply_cc=CA&ipcc=CA&is_msnnative_src=false&rtttime=46&pvid=313&prvAccId=522207812&prvApiId=8CU7Q771E&adj0=0.0&adj1=0.0&adj2=0.0&pst=0&crid=410519468&prspt=headerBid&prvReqId=15113334401113_1015113873_41051946843131&reqsize=300x600&size=300x600&chnl=HARMONY&bdp=0.160&cbdp=0.109&og_cbdp=0.160&ogbdp=0.16&pv_adtype=0&res_mtype=0&mnet_ckfl=0&ckfl=0&be=0&cat=IAB-3&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dfpBd=0.109&dt=O&dbf=1&epc=522207812&s=1&snm=SUCCESS&pcrid=8CU7Q771E-522207812-15-15&tpbTkn=false&exid=31&bidflr=0.010&pbidflr=0.010&opbidflr=0.010&spbf=0&viewability=93&slotVisibility=1&adpos=1&iframingState=0&sbdrid=196&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&mnrf=0&ortbseat=BID_API&brsrclk=0&bidrestime=1681325437245&fpuReq=0&bfs=103&acsn=1&ybnca_erpm=0.16&dmm_erpm=true&dmm_ogerpm=false&bcrid=1700080807682800300060000000500&strg=HARMONY&vls=0&scrid=1700080807682800300060000000500&mang=1&pvdTmax=248&fpusp=false&ae=false&epcexp=false&moau=true&ucrid_ver=2&omid=0&incentive_type=0&aogbdp=0.0&spIvt=3&spSource=0&spTo=3&spIsReq=3&spFst=0&spCst=0&mx_sbp=-10.0&mx_sua_cvg=1111111&mx_epbc=8CU7Q771E&mx_SPRIG=2&mx_bsBucket=0&mx_ssProfile=0&mx_int_dsp_id=32&mx_sua_os_n=Windows+NT&mx_lr=0&mx_TAS=1&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_sua_os_v=10.0&mx_bsBucketRa=0&mx_sid=8CUU9JF8H&mx_SC=0&mx_lr_seg_deal=0&mx_aqcpl_crid=0&mx_nsz=4&mx_GCID=0&mx_maq_call=false&mx_aurt=0&mx_sua_model=x64&mx_tgs=120x600%7C160x600%7C300x250%7C300x600&mx_bsProfileRa=0&mx_IAB2=2&mx_bss_algos%3C%3E=0&mx_aurl_hc=0&mx_aabpc=0&mx_PC=1&mx_UCC=5&mx_isLossNtf=false&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=3&mx_nids%3C%3E=Y8btfMsjPaUz&mx_gpid_sent=false&mx_commit_id=62a524723b&acid=1488635756ce401b8b35f5b1671bc06d&rtime=22.0&wsip=mowx-lite-6c7d56c596-tfw2s&ltime=34.0&act=headerBid&abs=0%7C0%7Cxtmax%3D290%7Cbrr%3D0&adtypes=0&adblk=3520976620&impId=1&reftime=0&reftype=0&keywordSellerId=false&psrc=fail&mowxReqId=1488635756ce401b8b35f5b1671bc06d_1&policy_enf=2&pub_blk_enf=1&renderer=1&ifst=0&ifdp=0&media=0&native_asset=0&req_mtype%3C%3E=0&ctr=-1.0&rfc=-1&feedback_id=bT8XZX1pVO1luq3BtIEcdw&supplyTagId=3520976620&mnrfc=-1&viewability_vendor=EXCHANGE&vcmplrt=-1.0&actltime=35&debug_ts=2023-04-12+18%3A50%3A37&__expireat=1681326037499&mview=1&sc_pvid=294&sc_ogbdp=0.08&sc_adj0=0.0&sc_adj1=0.0&sc_adj2=0.0&sc_prspt=headerBid&sc_bdp=0.080&sc_cbdp=0.080&sc_cat=IAB-3&sc_advUrl=https%3A%2F%2Fsearch.yahoo.com&rme=adm&bdata=sd2%3Dnull~tt%3D51~iurl_l%3D20~ogerpm%3D0.16~vw_exc%3D0.93~vis_sd%3D300~dc2%3D1~bat%3D0%2C0%2C1~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2023041212~iurl_b%3D1733.19~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.59~ip%3D19L3rJI3UMirDVFMi3AQN2~fbb%3D0~vis_url_l%3D10~riipua%3D11%2C11~et%3D15~rc%3D1~risuid%3D0%2C0~rps_sd%3D2023041213~vis_b%3D920.42~url_b%3D0.58~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D20~gcat%3D-1~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.16~vl2r_url_kc%3D0E0~bm%3D1~sid%3D522207812~sd%3D1~uid%3D2IaGiea3sUkpulTTc9~btd%3D1162243954132515382651007082719993429408649006387407301525512217208266797434400363798557213769334784~kb_src%3Dauto_bidder~vwu%3D0.93~d2p_l%3D10~3pcf%3D1000.01~uim%3D0~dmm_strg%3Dharmony~d2p_b%3D0.99~ogd2p_b%3D0.98~vurl_b%3D1.04~ss%3DNA~cc%3DCA~kb_dl%3Dn%2Fa~uiw%3D-1~ce%3D0~rps_b%3D40~vurl_l%3D20~CI%3D2901~kb_uc%3D0~nts%3D4~kb_ul%3Dn%2Fa~kb_ccks%3D-1~tb%3D-1~ct%3Dmontreal~bss_KTW%3DNA%2CNA~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.96~isif%3D0~lc%3D1~kb_tt%3D1~bid%3D0.16~kb_pt%3DNot%20Processed~dc%3D8~vl2r_b%3D4.48~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.93%7Eamp%3D1%7Ecbdp%3D0.109%7Edmm%3Dharmony%7Esuid%3DCAESEGKgakmyO_TyquNvDs2nP9o%7Esd%3D1%7Edtc%3Deast_sc%7Exid%3DADX-pub-6949480713202456%7Edalg%3Ddefault%7Ehtml%3D1%7Eadblk%3D3520976620%7Esobp%3D0.08%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.160%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D30%7Edogb%3D0-1~ibc%3D1~nsz%3D4~tgs%3D120x600%7C160x600%7C300x250%7C300x600~bsb%3D0~bsp%3D0~tmx%3D248&utime=902&sf=0&cpr=0.5626948190240952

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: max-age=3600
date: Wed, 12 Apr 2023 18:50:38 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
server: Apache
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Thu, 13 Apr 2023 00:50:38 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A9B3 1 KB
643 B 47ms
44ms Document
text/html 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 63585
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 01:10:53 GMT
etag: 48472445140208031
expires: Thu, 13 Apr 2023 01:10:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame F30D 0
950 B 19ms
18ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEOWJ4Ln5zNvVNBgAKjYJZ5qw_WSM0T8RmueIfJdSyj8ZAAAAYGZm7j8hmg0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF4u_wFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1DQVVLU2hzcGFXQ0RXTE1KdzQ4VHA0UW1oc1MzZlNQMkdTSl83ci0tQ3dIRUtpLUV1cmw3a25NQVVHTVFiVTlmSEw5YjNCcUhEa0ozUWs4VkYyTjJvcXNsUHhMZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNzk1MjQ4NTAyMTg3NDkyNTgxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBcWGgY_oo_K4XMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcTtUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzNzkxMjc3NzY5N8gHu_wF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=5b0f515db9421f3f00db1f2c7bbf9f27d8255eaf&type=pv&jm=1003&px=1264&py=920&bw=336&bh=280&sf=1&sid=8227257801487740099&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
AN-X-Request-Uuid: 2f01c4cb-35f8-4eaf-ba5e-92bf4184f17d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame B57D 0
950 B 70ms
69ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGEM3X24vflMnoYRgAKjYJlE25wrtcuD8RL_oK0oxFsj8ZAAAAYGZm7j8hLw0SACkRJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF45MYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EcTRNTkxLcnpWWUxuMHl1VEhxLVdheDZSRFV3bjNyQzk3R2ttTWVWOU5VVUlieHJUTGROOFcyalF3SEludElBYUxOWlJDdDdaa2QzVExBM3R2clM5X192ZVl3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MDQ4NDU1MTg2OTUwODQzMzQxIgg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBZLGjavtjp_EH8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTc4MzUyNDE4OcgH5MYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=c56b789d2200dc0168d5eacb1b26a52e9d65bf90&type=pv&jm=1003&px=632&py=460&bw=336&bh=280&sf=1&sid=8227257801487740099&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
AN-X-Request-Uuid: 891c5809-28a8-4d44-9783-00ce4077181d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 1218 0
950 B 21ms
19ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QL7Bej7AgAAAwDWAAUBCPz626EGENaF2duO1eyIdxgAKjYJAMXIkjmW0j8RgCctXFbhyz8ZAAAA4HoU7j8hgA0SACkRJNAxAAAAQOF6pD8wg4X0CTiHXkDlHkhlUK2iyyVYyZyOAWAAaOz0vQF4icoFgAEBigEDVVNEkgUG8GWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1CX1lfTnhwX2JtZXhPbkhjRkF6QVVSU0RxeWM4Tk43Yk12RU84djZJX3pLMlROd0dPQkhQWkRJVk15QWRQTHYtT3NZVlhaeVdZUE45R1RoZEpad0l2dHB4Vzd3ZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTc5ODM1MjAzNjkyMTUxNTEwIgg3ODgyNzgyMSoEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBK2iyyWIBQGYBQCgBcfHw8Olvr2BQsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBYn1LPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_bBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE0NTchCzA0MTg5yAeJygXSBw0JDTQFNQzaBwYIBQlo4AcA6gcCCADwB8T_B4oIAhAAlQgAAIA_mAgB&s=be5bdadcb5a496c20286a257dcad200696af6711&type=pv&jm=1003&px=315&py=130&bw=970&bh=250&sf=1&sid=8227257801487740099&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
AN-X-Request-Uuid: 7cedbd94-6903-4d2f-8a55-1cb0ecf2ff32
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame EB19 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0614eabbad41deed05fc5187944ef88133801ae3d27f9ee75c91d5d25798a3ef

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js Show response
pagead2.googlesyndication.com/bg/ Frame 77FF 36 KB
14 KB 48ms
48ms Script
text/javascript 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/eGrdt-GuiAstYDBBFPRlHe36qu4ukgnY6P6eKjFBaNs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Sat, 08 Apr 2023 21:19:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 336698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 13:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Apr 2024 21:19:00 GMT

GET
H2

200

cksync
cs.media.net/ Frame 6D44
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzI0MzI3MDM4MTQ1NTUyNTAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHFn3bZ8bdP_jXki6oCw1II&google_cver=1

61 B
462 B

363ms
287ms

Image
image/gif

184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHFn3bZ8bdP_jXki6oCw1II&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUU9JF8H&prvid=99%2C77%2C20000%2C294%2C262%2C460%2C461%2C462%2C4%2C313%2C10000%2C459%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-84-136-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Wed, 12 Apr 2023 18:50:38 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHFn3bZ8bdP_jXki6oCw1II&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 64DC 0
861 B 23ms
22ms Script
text/html 68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=12039&pub_id=1860595&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=12039&pub_id=1860595

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
AN-X-Request-Uuid: 65dd30a6-2a58-4447-850d-f2399e535c8f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 10D4 0
950 B 21ms
20ms Ping
text/html 68.67.179.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&e=wqT_3QKDBvBMAwMAAAMA1gAFAQj8-tuhBhC-3Z2p3Kb4iCAYrdfu-NG5_PNtKjYJJVzII7iRuj8RHEXWGkrtsz8ZAAAAYGZm7j8hHEXWGkrtsz8pJVwJJNAxAAAAoJmZuT8wg4X0CTiHXkDlHkhlULiiyyVYyZyOAWAAaOz0vQF48bYFgAEBigEDVVNEkgUG8GWYAdACoAGYAqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC5aUE4AL121rqAh9odHRwczovLzI0bW9yby5jb20vcWJiMGFmeHdqemJ6gAMAiAMBkAMAmAMXoAMBqgPnAQq_AWgNNWRwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLgFICR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EYXVVNS0xLWQ0bENmOWo4eDRGR2tQTS03NGNOcWRlTV9mZ2l0RXBvVW9KSGVSWU90SGZBZVZpTlNvLU1ESXF4T1l1S1BIUGZLNmJ5OWJOOEg4ZF9vQzkxUGNBUSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMzEwODc1NzA0ODc0OTg3MTk4Igg3ODgyNzgzMioEMzk0McADrALIAwDYAwDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODeoBACyBBAIABABGNACIJgCKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBLiiyyWIBQGYBQCgBdq40Zyz3KKQP8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDE1NjI2ODE4MDI2OMgH8bYF0gcNCQ00BTUM2gcGCAUJaOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=1fb73215dc3d3c01c263ee7a7f6de675632721b8&type=pv&jm=1003&px=603&py=667&bw=336&bh=280&sf=1&sid=8227257801487740099&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20775555&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
AN-X-Request-Uuid: 11ae599b-a60b-4f34-91a4-75f62bf1bf2c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://24moro.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKyA-JtQIO0aii6gmd9Kf88&google_cver=1&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannN...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannNkrO0D&google_hm=eS04ZnczWERSRTJwR2FqTX...

170 B
232 B

45ms
39ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannNkrO0D&google_hm=eS04ZnczWERSRTJwR2FqTXp6SUtMOWR3VEpMMFpscEhJaX5B

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 12 Apr 2023 18:50:38 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJq2JXca6nr3i38R2CTKm7TnICSDHHSHfwx_6ZTICkjTB5EC5v5uNmWab2QDOulU0B1L0KWULReRbrkM4uNkamannNkrO0D&google_hm=eS04ZnczWERSRTJwR2FqTXp6SUtMOWR3VEpMMFpscEhJaX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://s.uuidksinc.net/match/47/?remote_uid=CAESELHMeta-ter87dXw-1DgQ4g&c_param1=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg&gdpr=%%GDPR%...
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg

170 B
188 B

40ms
39ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=Aer7DvL_kvqarxyoJ4hwUiBw1kNTvG-WsRJ0dgBn0eFe_g6dJSzU6Buck2lEGCd2NLpdNaX-1cXPTyf3uMuZO400fJH8f8UmsdJ_Bg
date: Wed, 12 Apr 2023 18:50:38 GMT
server: nginx/1.23.2
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_push=Ae...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_hm=ZDb9fjQHL2l8Ni77LUsI-AAABZMAAAAB&google_nid=index&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf...

170 B
188 B

41ms
41ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_hm=ZDb9fjQHL2l8Ni77LUsI-AAABZMAAAAB&google_nid=index&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf9sKheAD2OydawDcyLS_IOdJCOjzSqS1uCox4j80Llw6lvzSkiaHHHnqY7jjEYBeJA

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 12 Apr 2023 18:50:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEBYDLD2p91GigI60-RKqhZQ&google_hm=ZDb9fjQHL2l8Ni77LUsI-AAABZMAAAAB&google_nid=index&google_push=Aer7DvLXnwicpFNJ5O8WoBOxLO7m2U1bGftcf9sKheAD2OydawDcyLS_IOdJCOjzSqS1uCox4j80Llw6lvzSkiaHHHnqY7jjEYBeJA
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE6lHy8XLWZE0f95OmK4jaw&google_cver=1&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_V...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEE6lHy8XLWZE0f95OmK4jaw&google_cver=1&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_V...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg&google_hm=GeEKVGZHciH3vd2WRuqd...

170 B
188 B

43ms
40ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg&google_hm=GeEKVGZHciH3vd2WRuqdv5ul

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 12 Apr 2023 18:50:38 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aer7DvKyjPesTHGgG7qbmIKxxHY8tfjGBI_KNGG-mVIpeH0g2YdFprYXiKC0h776RHHr1nbmJXPkLBdnqb_G1Wn_VhfnflvwN6JJRg&google_hm=GeEKVGZHciH3vd2WRuqdv5ul
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ord1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEON2b7F6KXBjnOs6bNpdSFA&google_cver=1&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnk...
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg&google_hm=WkRiOWZzQ...

170 B
188 B

40ms
39ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg&google_hm=WkRiOWZzQ281c01BQUpaWUFhZ0FBQUFB

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Wed, 12 Apr 2023 18:50:38 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=google_ebda&google_gid=CAESEON2b7F6KXBjnOs6bNpdSFA&google_cver=1&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg","cluster_id":0,"gdpr":false,"ipv4":"149.56.153.187","key":"ZDb9fsCo5sMAAJZYAagAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad1023"}
X-SO-Key: ZDb9fsCo5sMAAJZYAagAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad1023
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=Aer7DvKdHM8XxAtKQqwovY0bXb_2yJQ7uZwYqnn9Hf6SaQw8aMkPoPOnMwh61PijxAZ2d2jMWVWnkIWSxty9QLZ-apuN5BvcI6wMHg&google_hm=WkRiOWZzQ281c01BQUpaWUFhZ0FBQUFB
Cache-Control: private
X-SO-HostName: m-ad1023.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 1
Content-Length: 0
X-SO-LB-Hostname: a-tgng40005.dc2p.scaleout.jp
X-SO-IP: 149.56.153.187

GET
H2

200

/
onetag-sys.com/match/ Frame A9B3
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGuGqArpDxI_hwp5p09RcoU&google_cver=1&google_push=Aer7DvKxGSZ53SEmnylPiC29YpntUZl6M6ExZq26B2kyyGUv3aJZIzV1b5zlyJVYMPJO3FvkPkgtaBXfwnf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvKxGSZ53SEmnylPiC29YpntUZl6M6ExZq26B2kyyGUv3aJZIzV1b5zlyJVYMPJO3FvkPkgtaBXfwnfU9E44upQZ6Q9Mep5dIw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

10ms
10ms

Image
text/plain

51.222.239.230
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.222.239.230 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip230.ip-51-222-239.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A9B3
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNon...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzkxOTU2NDMzMzA0NjgwMzM3Mw%3D%3D&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNonimDjMgrTpz5QzEpsV...

170 B
188 B

41ms
40ms

Image
image/png

173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzkxOTU2NDMzMzA0NjgwMzM3Mw%3D%3D&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNonimDjMgrTpz5QzEpsV0nSnWGtt-L5bQuf4IQV8Zour7b_lQSmpakTTCerlvdjK19ytphT8nin49sR_1tM4JfNFw

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 12 Apr 2023 18:50:38 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fcbe60fc-fa00-4f38-ac51-9aaed68c6de7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzkxOTU2NDMzMzA0NjgwMzM3Mw%3D%3D&google_gid=CAESELbF1jhv7kH_Ig6iVj9m2lM&google_cver=1&google_push=Aer7DvIZ4LMn7mNonimDjMgrTpz5QzEpsV0nSnWGtt-L5bQuf4IQV8Zour7b_lQSmpakTTCerlvdjK19ytphT8nin49sR_1tM4JfNFw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A9B3 0
50 B 38ms
37ms Image
text/html 173.194.216.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JCOtXAHEDwpXJ2vmPCFTBf0h8fJmwU9nEqay6TL1OcheDylZTXEGgRx8hZmMJgoqaeU-BVLGU

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.216.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

vu-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 9BB0 15 KB
6 KB 88ms
27ms Document
text/html 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=24moro.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

d495b605d874fff6c44230b7a0fcea83f8939d7b8c852a68e1673d9569ef9100

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://24moro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 12 Apr 2023 18:50:38 GMT
server: Kestrel
server-processing-duration-in-ticks: 970574
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ 89 KB
29 KB 97ms
46ms XHR
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://24moro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 06 Apr 2023 09:15:34 GMT
server: nginx
etag: W/"642e8db6-1638a"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 13 Apr 2023 18:50:38 GMT

GET
DATA 200
OK truncated
/ Frame 24BF 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 24BF 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 24BF 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Raleway-bold.woff
contextual.media.net/__media__/fonts/Raleway-bold/ Frame 24BF 31 KB
31 KB 66ms
24ms Font
font/woff 23.200.196.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/Raleway-bold/Raleway-bold.woff

Requested by

Host: 4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
URL: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.196.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-200-196-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e789f7935d6d7776a0c2341570220c445bc1c493381518c085e641f9128b8938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
Origin: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 18:50:38 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 31940
expires: Thu, 13 Apr 2023 18:50:38 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3FD2 42 B
174 B 39ms
38ms Fetch
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstQxdtMwkcQvm1g_1HDyj_E3SwRlu0MPJYP_iOv1Vo9ewSH1WiqfZWpeyswMGCNyExFw40QdQNKtIcRoBLaOcV2web_tQZqpQCs3DWhyGxE9ZPzRaYp4UNq6GlgT19pdaMYUb4&sai=AMfl-YR3K7ytO4QWX_hsyNJuBfPl7zn924vN3iHLUZQs0g2gj1LFJw8Xuhzwb_PzZHL496VhSP3ARgKOJg3X&sig=Cg0ArKJSzEN-6OIGMfw3EAE&cid=CAQSGwBygQiDTwmiZPMkMJGj2KmwoKosmMHI1gWWeBgB&id=lidar2&mcvt=1052&p=0,0,250,970&mtos=1052,1052,1052,1052,1052&tos=1052,0,0,0,0&v=20230410&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1792756940&rs=5&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681325436809&rpt=600&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 9BB0
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=24moro.com&sn=ChromeSyncframe&so=0&topUrl=24moro.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=1nn8oXxIcU42WXMxRzlvME1rTko2STNPVHdqdk5JQmVhaTRieE51eHk3bGduYXlqcTVYeG9xRnJaVkE2SDJINGl2elFRREJXZTZoTko1V2g1L01ZS2pRc01NR3N4TnFDcERDV1ViVDRaTDVTN24xTmE0SUJvbVVidjQ4Mk...

430 B
651 B

103ms
45ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=1nn8oXxIcU42WXMxRzlvME1rTko2STNPVHdqdk5JQmVhaTRieE51eHk3bGduYXlqcTVYeG9xRnJaVkE2SDJINGl2elFRREJXZTZoTko1V2g1L01ZS2pRc01NR3N4TnFDcERDV1ViVDRaTDVTN24xTmE0SUJvbVVidjQ4MkFWY2h0WStCeDJtVnhlU051RWxHWXBBWXFHMExFSGpxVEZoaDNHQ0E2d2ZtcEN2dE1UTU9KT21JRllia3d5ckVobjF3cTJPMC9mbllqRndBaEZ2WGNsUGw3bGlCVzlsOUl4ZjVrazAxa3hUWHZmRmFYUjA5UFFTekVnbkxNNGt0ZXgvaFVmR0o4cUI5NjlQN0dGN09JRU9xMTB5akl0QT09fA&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

9b078fb133e6b54420ab2ba431a9e65b3c52c5ff3b49dba1cbfe80cf9266a1dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 15916558
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:37 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=1nn8oXxIcU42WXMxRzlvME1rTko2STNPVHdqdk5JQmVhaTRieE51eHk3bGduYXlqcTVYeG9xRnJaVkE2SDJINGl2elFRREJXZTZoTko1V2g1L01ZS2pRc01NR3N4TnFDcERDV1ViVDRaTDVTN24xTmE0SUJvbVVidjQ4MkFWY2h0WStCeDJtVnhlU051RWxHWXBBWXFHMExFSGpxVEZoaDNHQ0E2d2ZtcEN2dE1UTU9KT21JRllia3d5ckVobjF3cTJPMC9mbllqRndBaEZ2WGNsUGw3bGlCVzlsOUl4ZjVrazAxa3hUWHZmRmFYUjA5UFFTekVnbkxNNGt0ZXgvaFVmR0o4cUI5NjlQN0dGN09JRU9xMTB5akl0QT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 370204
content-length: 0
expires: 0

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 24BF 15 B
169 B 92ms
92ms Script
text/javascript 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=6679&&vgd_canary=0&vgd_l2type=scs_newfl&fp=nHKKGWJq9vMa1g7ZbBaD5Z2Ufwdvi6m97k7I3iwmbLxFTZNygd-74mUykLKNq84FK4ozuIyfNimk5KBArqRxnOHyFx3WDcm_bsv3nIfrSnfLWGfXBB1YF4udMfndwSPlXXhfjRd15vQ%3D&cme=YzuKItjVxA1-3KPdsfKjj2tmyetdgrKb1Uhiu-cR5Ir3tRY2J9_AC4ArjGdmzOVPbw6vjJ8GY7DTu_p0V8Bpd9f_ZOXaK6k7VknpaNxim-l4cKdNgvMlnZOKJqTjWvYBFyEKDT3g02yVclN29NM4qb5mYfJT62tdD2WF9XdURI-G5mPqX9EobylOWKuEpJ2j8fNZKuK6mCQmWh-vf9yVXvm6DAw9sboHP3hjNceam3a1NEA5OMMgBal71azqoOaImMKaMEuUyg9oE6CaJYm2yJ2AIXvD2HVEXn96U1vjQHI%3D%7C%7Cu8A6SM53vAcxkZY9VHWafLSuY-HKDieQ%7CYfC2eZepuu0iO4bN1L0Y5DHOMnHYLvLj%7CdsA6EMpZ47R6ljdz__nQtthZoUpm2bb5%7Ca0AmFUYXmD41zSGmADGYvd4NbEd6KaLevy0YGI3Uf-ZrH5OQRFzG9g%3D%3D%7CUhZP4EPMGUS-w71mMQ1EuihE17rnyqHGTiv1MROgun-n7cCMLFK8Vma2AKYUbyyfY0_M009ZFYa0Qz0BKgHDFUmZF3ECiVr9JXbiRLQPjUGfDESQy75plrDT6GW2si56oeHrbR09eGB_lzNqgTvQDam-oKMDO2qDH04j1GBtnq3PJn92r3q3ttCMPG8vxEpcUO_FIUd0ZrEHXcu8cfjjhrflmud8ZDTUws74TFgkc9ceekb0Jl9rE6X4dVlbrtsni9JIUcaPneg%3D%7C&subBdr=196&bdrid=313&ksu=224&fdkt=391&vgde_kbbh=ffoyxQJuO&kwd[]=No.1+Stock+to+Buy+Now&kwt[]=391&kbc[]=1262292604&kwp[]=1&kid[]=324947967&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.92%7C12%3D0.46%7C1%3D0.54%7C2%3D3.97%7Cps%3D0.430%7C3%3D0.54%7C4%3D4.38&ktd[]=274894881024&ktrkt[]=No.1+Stock+to+Buy+Now&kwd[]=Check+Payments+Online&kwt[]=391&kbc[]=1262292604&kwp[]=2&kid[]=59862962&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.20%7C12%3D0.36%7C1%3D0.34%7C2%3D5.46%7Cps%3D0.430%7C3%3D0.33%7C4%3D4.20&ktd[]=274911658240&ktrkt[]=Check+Payments+Online&kwd[]=Foods+to+Eat+to+Reverse+Diabetes&kwt[]=391&kbc[]=1262292604&kwp[]=3&kid[]=330245443&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.54%7C12%3D0.83%7C1%3D0.80%7C2%3D3.13%7Cps%3D0.430%7C3%3D0.34%7C4%3D4.62&ktd[]=274894881024&ktrkt[]=Foods+to+Eat+to+Reverse+Diabetes&kwd[]=Best+Dentists+Near+Me&kwt[]=391&kbc[]=1262292604&kwp[]=4&kid[]=324977595&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.18%7C12%3D0.13%7C1%3D0.13%7C2%3D2.13%7Cps%3D0.430%7C3%3D0.24%7C4%3D3.55&ktd[]=274894881024&ktrkt[]=Best+Dentists+Near+Me&kwd[]=Stocks+to+Invest+In&kwt[]=391&kbc[]=1262292604&kwp[]=5&kid[]=27190006&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.15%7C12%3D0.08%7C1%3D0.08%7C2%3D1.87%7Cps%3D0.430%7C3%3D0.24%7C4%3D3.93&ktd[]=274911658240&ktrkt[]=Stocks+to+Invest+In&kwd[]=5+Best+Medicare+Advantage+Plans&kwt[]=391&kbc[]=1262292604&kwp[]=6&kid[]=329937320&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.01%7C12%3D0.11%7C1%3D0.10%7C2%3D3.03%7Cps%3D0.430%7C3%3D0.19%7C4%3D3.47&ktd[]=274894881024&ktrkt[]=5+Best+Medicare+Advantage+Plans&kwd[]=Apply+for+Stimulus+Check&kwt[]=391&kbc[]=1262292604&kwp[]=7&kid[]=214431410&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.29%7C12%3D0.12%7C1%3D0.12%7C2%3D0.94%7Cps%3D0.430%7C3%3D0.13%7C4%3D1.82&ktd[]=274894881024&ktrkt[]=Apply+for+Stimulus+Check&kwd[]=How+to+Lower+Blood+Pressure+Quickly&kwt[]=391&kbc[]=1262292604&kwp[]=8&kid[]=98521951&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.02%7C12%3D0.25%7C1%3D0.24%7C2%3D1.31%7Cps%3D0.430%7C3%3D0.13%7C4%3D4.38&ktd[]=274911658240&ktrkt[]=How+to+Lower+Blood+Pressure+Quickly&v=1&geo=45.49%7C-73.58&dlper=20&lper=100&lpid=&tsid=18&hint=&cc=CA&wsip=170774563&bca=0&ugd=4&vgde_setid=Nff&ssld=%7B%22QQNN%22%3A%22%3DK%22%2C%22QQN75%22%3A%22Ymz7LJ1j%22%2C%22QQ8E%22%3A%22fF9h%3AXA99%3A99F9%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQQN%22%3A%22g%3D%22%7D&cid=8CU7Q771E&vi=1681325437735712590&vsid=3243270381455588&tdAdd[]=asnum%3D16276&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_adprefflag=11&vgd_implt=3&vgd_cage=0&vgd_tsce=L101-S101&vgd_l3_sc=QC&vgd_chost=contextual.media.net&vgd_sslb=1111&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_katid=808076828&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10018%7C%7Cpt%3D1%7C%7Clmid%3Dna%7C%7Cttd%3D8&vgd_kalog=SI%3D3101%7C%7CHID%3D0%7C%7CSID%3D8%7C%7CTPTD%3D577239522929088004%7C%7CMI%3D3104%7C%7CUUID%3DgODhWPR9qfAALi9bY%7C%7CMPTD%3D384%7C%7CCI%3D3101%7C%7CTLID%3D6&vgd_pdtid=1&vgd_nrrv=66267&vgd_nrrmf=1000ca0a&vgd_nrrsf=scrr&vgd_cty=montreal&tdAdd[]=%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=11&vgd_l1rakh=1681325437155912567&tsrc=autotemplate&sttm=1681325438119&upk=1681325438.17946&hvsid=00001681325438119025035145559201&verid=3111299&vgd_matchstr=hr%3D0%7Cbcat%3D11%2Ca%2C13%2C14h%2C3y%2Cg%2Ck2%2Cov%2Ch%2Cgo%2Ci%2Cj3%2Ci2%2C150%2C133%2C3%2C149%2C7%2C4k%2Chb%2Cy5%2Cmk%2C13a%7Ccsh%3D1&sbdrId=196&vgd_ecrid=1700080807682800300060000000500&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8PO6CSQ66&abpl=2&kbbq=%26asn%3D16276&vgd_mcf=28958&vgd_vstrid=3243270381455588&vgde_bdata=QOfvzxjj~77vXu~8xLjMjvf9~myJLEYv9.uF~eBMJ-Nv9.iA~e8QMQOvA99~ONfvu~G17v9%2C9%2Cu~QNOv%20N~eM1QzvuFfhF~ejfLMQOvf9fA9Hufuf~8xLjMGvuhAA.ui~xLjM7UNv9~Q7Ov~j1Q7v~e8QMxLjMGv9.Xi~8EvuiTAL6VAPc8Lr%2Fsc8AKgIf~kGGv9~e8QMxLjMjvu9~L88Ex1vuu%2Cuu~J7vuX~LNvu~L8Qx8Ov9%2C9~LEQMQOvf9fA9HufuA~e8QMGvif9.Hf~xLjMGv9.XW~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjvf9~yN17vou~GGvuiF~eev9~jfLMGvu999~JLEYv9.uF~ejfLMxLjMUNv949~GYvu~Q8OvXfff9hWuf~QOvu~x8OvfV1Z8J1AQPUExj__Ni~G7OvuuFffHAiXHuAfXuXAWfFXu99h9WfhuiiiAHfiH9WFHi99FAWhH9hA9uXfXXuffuhf9WfFFhihHAHH99AFAhiWXXhfuAhFiAAHhWH~UGMQLNv1x7mMG8OOJL~eBxv9.iA~OfEMjvu9~AENkvu999.9u~x8Yv9~OYYMQ7Lyvw1LYmz5~OfEMGv9.ii~myOfEMGv9.iW~exLjMGvu.9H~QQvIK~NNv%3DK~UGMOjvzS1~x8Bvou~NJv9~LEQMGvH9~exLjMjvf9~%3DVvfi9u~UGMxNv9~z7QvH~UGMxjvzS1~UGMNNUQvou~7Gvou~N7vYmz7LJ1j~GQQMC_pvIK%2CIK~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8exLjMGv9.iF~8Q8kv9~jNvu~UGM77vu~G8Ov9.uF~UGME7vIm7n0LmNJQQJO~ONvW~ejfLMGvH.HW~8exLjMjvf9~QxEEj5M71yM8Ov~e8JB1G8j875v9.iA~1YEvu~NGOEv9.u9i~OYYvw1LYmz5~Qx8Ov%3DK4b4ZCy1UY5aM_5%20xIerQfz0im~QOvu~O7NvJ1Q7MQN~-8OvKrtoExGoFiHiHW9huAf9fHXF~O1jyvOJk1xj7~w7Yjvu~1OGjUvAXf9ihFFf9~QmGEv9.9W~GOEN1EOv9~OYYMJLEYvk1jQJ~GkjLv9.9u9~myG8Ov9.uF9~1NM75EJvu~875EJM8Ovuh~QJjjJLM71yM8Ov~OJ7JN7JOM71yM8Ov~ONx7vA9~OmyGv9ou~8GNvu~zQlvH~7yQvuf9-F99%7CuF9-F99%7CA99-fX9%7CA99-F99~GQGv9~GQEv9~7Y-vfHW&vgd_bhv_kbb=-1&vgd_cfud=230323&vgd_scsver=436&vgd_optout=0&vgd_ydspr=1&vgd_rensize=300_600&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=east_sc&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A600&vgd_uspa=0&vgd_sc=QC&vgd_l1rhst=contextual.media.net&hvsid=00001681325438119025035145559201&rc=0&rand=1681325438402&acid=1488635756ce401b8b35f5b1671bc06d&matm=1681325438402&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&vgd_ltimesrc=1&vgd_ltime=704&vgd_rtime=625&vgd_etm=14&vgd_l1hcsd=Omn03%7C2439&vgd_l1ch=1&vgd_lhl=3655&vgd_pgid=p037476969t202304121850&vgd_csip=rtb-appnexus-c49679977-sj2lb.SC&vgd_sbSup=1&vgd_nrrs=66267&vgd_cdv=921&vgd_cntrdt=SF%7C4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com&vgd_eadm=1&vgd_end=1

Requested by

Host: 24moro.com
URL: https://24moro.com/qbb0afxwjzbz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Wed, 12 Apr 2023 18:50:38 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 12 Apr 2023 18:50:38 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C2C8 42 B
108 B 39ms
39ms Fetch
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSsYGMuBNe9lbZA5ANuxSKjMQvxjWFKnOFGKcqo_lFKnK9O6BEUjvnW7Ed4i8KS9690iM_B5RLveIwh1y2tywtAabykYKy46j0vahURrZDiKk-nKLEzbx98h3tkSVevlaA_F0&sai=AMfl-YSZtzDH6qz4bLzgYwtLt8Fhtu0kzWmsj9ShSYVAdQHxfZpl8GeRRSCjG1K3jPCYU0A54TAtx88Yq3nH&sig=Cg0ArKJSzI5O8OmHXta-EAE&cid=CAQSGwBygQiD63QdsmwS-Pt17pbprUiHNqaPDvYJhhgB&id=lidar2&mcvt=1004&p=0,0,280,336&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230410&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1292865667&rs=5&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681325436846&rpt=639&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0A9B 42 B
108 B 42ms
36ms Fetch
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuy_TkME6RH63xItlmh14PI-HSQRPyCB2daAukr0wd5WStEV4dlWZeIK778yyxZjckLNFocqA1QYfUdS8tuL2c1MmpS1lrWqFy9EE-RnD3ikCN14EoS40444X9LpQ0ak0ICLD8&sai=AMfl-YTjT4cswItqjqm5d9J2fqj0gIeDAIDghofQTWlFXF1Ba2oWqtYLiT3n2FdJ6ZZPzT4xSQQHQh7IE9bq&sig=Cg0ArKJSzGsiLJPIRzixEAE&cid=CAQSGwBygQiDG4B_1BrBWX_TElgX3V04uFrhCnZ3oBgB&id=lidar2&mcvt=1006&p=0,0,280,336&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230410&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1292865667&rs=5&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681325436862&rpt=606&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 573E 42 B
64 B 40ms
39ms Fetch
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst-X1oHooEVWfvjofydjG0Ci_XXsROr34OV8LJIer7GBw4hQoKFhYrSMHLds_qxcHtsqYGndfhCOaAyuJKXh0lWJJOiPdsZv2L9W-ugT8mQFsvCt2TS8gaKbVIVauYHJXo4V74&sai=AMfl-YRnl6POR_MlQ5FtLypMy1L0kF88oiaa8n1FrqWTsVEqIHbj2XunqunrzWPOrQKXhd6LhvL-nVtwMBK-&sig=Cg0ArKJSzLumw66XzL5kEAE&cid=CAQSGwBygQiD0v7CMVbjVYj18XkUkVQ0-7Gqt-ibGxgB&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230410&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1292865667&rs=5&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681325437019&rpt=540&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 log
hblg.media.net/ Frame EB19 35 B
200 B 50ms
49ms Image
image/gif 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?logid=kfke&evtid=adpvlog&__q=AewFMgCAjAQAAACAAAAAgAEAAAAIAAAEAAEAAAAAAgEEAAAAAAAAIAAAAAAAAAxQwARAMTQ4ODYzNTc1NmNlNDAxYjhiMzVmNWIxNjcxYmMwNmTYnsCHA_IEBENBFDI0bW9yby5jb20SOENVVTlKRjhIAA4zMDB4NjAwDmVhc3Rfc2MEMjMGQURYEjhQUjExM0pHQw5CSURfQVBJAAACMD5ydGItYXBwbmV4dXMtYzQ5Njc5OTc3LXNqMmxiLlNDPjE3MDAwODA4MDc2ODI4MDAzMDAwNjAwMDAwMDA1MDACMAAiABBFWENIQU5HRQICZA&evttyp=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:39 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 12 Apr 2023 18:50:39 GMT

GET
H2 200 bqi.php
lg3.media.net/ Frame EB19 15 B
15 B 54ms
53ms Image
text/javascript 184.84.136.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?vgd_len=3675&lf=3&&vgd_hb_audit_1=8CUU9JF8H&vgd_hb_audit_2=410519468&vgd_itype_id=17&vgd_tsce=L101&vgd_l2type=scs_newfl&vgd_ydspr=1&pid=8PO6CSQ66&vgd_cdv=921&vgd_cage=0&kals=ttype=10018||pt=1||lmid=na||ttd=8&kata=aton&kasts=tstype=-10408||gbid=-1&kalog=SI=3101||HID=0||SID=8||TPTD=577239522929088004||MI=3104||UUID=gODhWPR9qfAALi9bY||MPTD=384||CI=3101||TLID=6&katen=1&pc=31&katbid=-21&katid=808076828&cme=YzuKItjVxA1-3KPdsfKjj2tmyetdgrKb1Uhiu-cR5Ir3tRY2J9_AC4ArjGdmzOVPbw6vjJ8GY7DTu_p0V8Bpd9f_ZOXaK6k7VknpaNxim-l4cKdNgvMlnZOKJqTjWvYBFyEKDT3g02yVclN29NM4qb5mYfJT62tdD2WF9XdURI-G5mPqX9EobylOWKuEpJ2j8fNZKuK6mCQmWh-vf9yVXvm6DAw9sboHP3hjNceam3a1NEA5OMMgBal71azqoOaImMKaMEuUyg9oE6CaJYm2yJ2AIXvD2HVEXn96U1vjQHI=||u8A6SM53vAcxkZY9VHWafLSuY-HKDieQ|YfC2eZepuu0iO4bN1L0Y5DHOMnHYLvLj|dsA6EMpZ47R6ljdz__nQtthZoUpm2bb5|a0AmFUYXmD41zSGmADGYvd4NbEd6KaLevy0YGI3Uf-ZrH5OQRFzG9g==|UhZP4EPMGUS-w71mMQ1EuihE17rnyqHGTiv1MROgun-n7cCMLFK8Vma2AKYUbyyfY0_M009ZFYa0Qz0BKgHDFUmZF3ECiVr9JXbiRLQPjUGfDESQy75plrDT6GW2si56oeHrbR09eGB_lzNqgTvQDam-oKMDO2qDH04j1GBtnq3PJn92r3q3ttCMPG8vxEpcUO_FIUd0ZrEHXcu8cfjjhrflmud8ZDTUws74TFgkc9ceekb0Jl9rE6X4dVlbrtsni9JIUcaPneg=|&vgd_rensize=300_600&gdpr=0&prid=8PRVCXX19&cid=8CU7Q771E&crid=522207812&requrl=https%3A%2F%2F24moro.com%2Fqbb0afxwjzbz&vi=1681325437735712590&ugd=4&cc=CA&sc=QC&bdrid=313&subBdr=196&startTime=1681325438111&vgd_l1rakh=1681325437155912567&l1ch=1&tsrc=autotemplate&sttm=1681325438119&upk=1681325438.17946&hvsid=00001681325438119025035145559201&acid=1488635756ce401b8b35f5b1671bc06d&verid=3111299&vgd_bdata=sd2%3Dnull~tt%3D51~iurl_l%3D20~ogerpm%3D0.16~vw_exc%3D0.93~vis_sd%3D300~dc2%3D1~bat%3D0%2C0%2C1~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2023041212~iurl_b%3D1733.19~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.59~ip%3D19L3rJI3UMirDVFMi3AQN2~fbb%3D0~vis_url_l%3D10~riipua%3D11%2C11~et%3D15~rc%3D1~risuid%3D0%2C0~rps_sd%3D2023041213~vis_b%3D920.42~url_b%3D0.58~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D20~gcat%3D-1~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.16~vl2r_url_kc%3D0E0~bm%3D1~sid%3D522207812~sd%3D1~uid%3D2IaGiea3sUkpulTTc9~btd%3D1162243954132515382651007082719993429408649006387407301525512217208266797434400363798557213769334784~kb_src%3Dauto_bidder~vwu%3D0.93~d2p_l%3D10~3pcf%3D1000.01~uim%3D0~dmm_strg%3Dharmony~d2p_b%3D0.99~ogd2p_b%3D0.98~vurl_b%3D1.04~ss%3DNA~cc%3DCA~kb_dl%3Dn%2Fa~uiw%3D-1~ce%3D0~rps_b%3D40~vurl_l%3D20~CI%3D2901~kb_uc%3D0~nts%3D4~kb_ul%3Dn%2Fa~kb_ccks%3D-1~tb%3D-1~ct%3Dmontreal~bss_KTW%3DNA%2CNA~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.96~isif%3D0~lc%3D1~kb_tt%3D1~bid%3D0.16~kb_pt%3DNot%20Processed~dc%3D8~vl2r_b%3D4.48~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.93%7Eamp%3D1%7Ecbdp%3D0.109%7Edmm%3Dharmony%7Esuid%3DCAESEGKgakmyO_TyquNvDs2nP9o%7Esd%3D1%7Edtc%3Deast_sc%7Exid%3DADX-pub-6949480713202456%7Edalg%3Ddefault%7Ehtml%3D1%7Eadblk%3D3520976620%7Esobp%3D0.08%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.160%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D30%7Edogb%3D0-1~ibc%3D1~nsz%3D4~tgs%3D120x600%7C160x600%7C300x250%7C300x600~bsb%3D0~bsp%3D0~tmx%3D248&matchstring=hr%3D0%7Cbcat%3D11%2Ca%2C13%2C14h%2C3y%2Cg%2Ck2%2Cov%2Ch%2Cgo%2Ci%2Cj3%2Ci2%2C150%2C133%2C3%2C149%2C7%2C4k%2Chb%2Cy5%2Cmk%2C13a%7Ccsh%3D1&vgd_matchstr=hr%3D0%7Cbcat%3D11%2Ca%2C13%2C14h%2C3y%2Cg%2Ck2%2Cov%2Ch%2Cgo%2Ci%2Cj3%2Ci2%2C150%2C133%2C3%2C149%2C7%2C4k%2Chb%2Cy5%2Cmk%2C13a%7Ccsh%3D1&vgd_sc=QC&infr=1&twna=1&stime=1681325437793&vgd_ecrid=1700080807682800300060000000500&l1hcsd=l1!Omn03|2439&vgd_l1rhst=contextual.media.net&vgd_uspa=0&tdAdd[]=%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_isiolc=1&vgd_fcm_enc_mis=1&vgd_pgid=p037476969t202304121850&vgd_pgids=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.84.136.23 Miami, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-84-136-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Wed, 12 Apr 2023 18:50:39 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 12 Apr 2023 18:50:39 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EB19 42 B
64 B 38ms
37ms Fetch
image/gif 2607:f8b0:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGhHBAZ6_DcsZWxDzs69EUDQ4MnM54DCIMJeyQonpRDpX3x-fMxaaa5L9rY3DqD3QOlGLi2-MpaHfkDmgBviYiUZH6&sig=Cg0ArKJSzMJZxHo04Wt0EAE&id=lidar2&mcvt=1000&p=390,283,994,583&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230410&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=20&adk=3520976620&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681325437628&rpt=1105&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c00::9c Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 18:50:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 5820a48c76d370539b92145d28188f42.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/ Frame 77FF 25 KB
25 KB 38ms
37ms Image
image/png 2607:f8b0:400c:c12::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6328374244520716062/media/5820a48c76d370539b92145d28188f42.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400c:c12::84 Charleston, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a02043c1a07d967101d12bf25c060efc5e2c75fbd0dd02f7485b56593ba0480

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 12 Apr 2023 18:50:38 GMT
x-content-type-options: nosniff
age: 4
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25985
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 19:37:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 11 Apr 2024 18:50:38 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.speakol.com/	1970-01-20 11:38:05	Name: __SPK_UID Value: e914bb34-d962-11ed-98b8-1af38512f947
24moro.com/	1970-01-20 13:11:41	Name: __SPK_UID Value: e914bb34-d962-11ed-98b8-1af38512f947
.24moro.com/	1970-01-20 20:38:05	Name: _ga Value: GA1.2.384984657.1681325436
.24moro.com/	1970-01-20 11:03:31	Name: _gid Value: GA1.2.2058620587.1681325436
.24moro.com/	1970-01-20 11:02:05	Name: _gat_gtag_UA_171785567_1 Value: 1
.rubiconproject.com/	1970-01-20 19:47:41	Name: khaos Value: LGE1R5EF-N-C42M
.rubiconproject.com/	1970-01-20 19:47:41	Name: audit Value: 1\|mFVHqHkj5bHasRa/++Z30O1WuCoMxA8a+JUixCbOKdrdXmMtZKPAqNFcPqzPY9d+VF9KpityJRfggJ3pD4CYm/2N/y3cqMcR0A+VO7RH1E0=
.24moro.com/	1970-01-20 20:23:41	Name: __gads Value: ID=9e3384e6c3045246:T=1681325436:S=ALNI_MYvwZwke8MGVxLJQ49lMw6JYJ4qWA
.24moro.com/	1970-01-20 20:23:41	Name: __gpi Value: UID=000009f0b6c5969d:T=1681325436:RT=1681325436:S=ALNI_MaLgjMX75zs3kiZBmnH3pGwwp3vfw
.adnxs.com/	1970-01-20 13:11:41	Name: uuid2 Value: 7919564333046803373
cpm.programattik.com/	1969-12-31 23:59:59	Name: SSPR_94 Value: Ly9jcG0ucHJvZ3JhbWF0dGlrLmNvbS91c2VyLXN5bmNlZD96b25lPTIyJnVpZD1UNjU3NDgwNzgwOTg3NzUwNzA0NA==
cpm.programattik.com/	1969-12-31 23:59:59	Name: SSPZ Value: 22
cpm.programattik.com/	1969-12-31 23:59:59	Name: DSP2F_94 Value: 5
cpm.programattik.com/	1970-01-20 11:45:17	Name: ADKUID Value: T6574807809877507044
.adnxs.com/	1970-01-20 13:11:41	Name: icu Value: ChgI88dxEAoYAiACKAIw_frboQY4AkACSAIQ_frboQYYAQ..
.doubleclick.net/	1970-01-20 20:38:05	Name: IDE Value: AHWqTUmFUi5jpMOkWpPc2Q_7ZDJUgiEMAy6oxID2t5r_RQuY8dShh6LPpeLx0IoREFg
.openx.net/	1970-01-20 19:47:41	Name: i Value: ce85a96b-fc0e-4588-a943-a5d713f105e8\|1681325437
.doubleclick.net/	1970-01-20 11:02:09	Name: DSID Value: NO_DATA
.yandex.ru/	1970-01-20 20:38:05	Name: yuidss Value: 2989300981681325437
.yandex.ru/	1970-01-20 20:38:05	Name: yandexuid Value: 2989300981681325437
.openx.net/	1970-01-20 11:23:41	Name: pd Value: v2\|1681325437\|vMgavPkWgy
.adsrvr.org/	1970-01-20 19:49:07	Name: TDID Value: 3c5ee43f-7a58-4a66-a685-919727fa2857
.yahoo.com/	1970-01-20 19:48:03	Name: A3 Value: d=AQABBH79NmQCENSx2YrQhBH3RJ1JDeYYxKMFEgEBAQFOOGRAZAAAAAAA_eMAAA&S=AQAAApFbtOrLdbVN59nSMsWPol8
.adsrvr.org/	1970-01-20 19:49:07	Name: TDCPM Value: CAEYBSABKAIyCwj80JidseTdOxAFOAE.
.amazon-adsystem.com/	1970-01-20 17:22:15	Name: ad-id Value: AxfWtSYlSkXbviJ4k8W-SxY
.amazon-adsystem.com/	1970-01-20 20:38:05	Name: ad-privacy Value: 0
.media.net/	1970-01-20 19:47:41	Name: visitor-id Value: 3243270381455588000V10
.openx.net/	1970-01-20 11:23:41	Name: univ_id Value: 537072971\|3c5ee43f-7a58-4a66-a685-919727fa2857\|1681325438326570
.casalemedia.com/	1970-01-20 19:47:41	Name: CMID Value: ZDb9fjQHL2l8Ni77LUsI.AAA
.casalemedia.com/	1970-01-20 13:11:41	Name: CMPS Value: 1427
.casalemedia.com/	1970-01-20 13:11:41	Name: CMPRO Value: 1427
.lijit.com/	1970-01-20 19:47:41	Name: ljt_reader Value: GeEKVGZHciH3vd2WRuqdv5ul
.criteo.com/	1970-01-20 20:23:41	Name: uid Value: d2dd5be7-14db-46ff-9972-b25f5c5ba073
.24moro.com/	1970-01-20 20:23:41	Name: cto_bundle Value: M9JEbl95WHRmVkdVQ281RjRtOEZzd3M4ZEsyMXlUaWV4b0dHRkRLayUyRmM1d0JKbldlaU5PMVpsNnZoaVFaRjFHMVJZJTJGUlUlMkJ5YWR3JTJGeDElMkI1QWQ4bjZadXpGa2NIeGdQcU52dzdvbTNEam5NdWZRajlrNWJoc0M2b3dOQmFLbTZuMzI1TzEwTENxZmZTYzZVUGhhZ1VncFpOY0tnJTNEJTNE
.uuidksinc.net/	1970-01-20 19:47:41	Name: jcsuuid Value: LBW5BxFqFJ375rC0HtJ9
.media.net/	1970-01-20 11:22:15	Name: data-g Value: CAESEHFn3bZ8bdP_jXki6oCw1II~~6
.socdm.com/	1970-01-20 20:38:05	Name: SOC Value: ZDb9fsCo5sMAAJZYAagAAAAA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

24moro.com
4d011b032ea11c363dc0346aaf6ef3df.safeframe.googlesyndication.com
acdn.adnxs.com
adservice.google.ca
adservice.google.com
adx.adform.net
an.yandex.ru
ap.lijit.com
apis.google.com
bidder.criteo.com
cdn.adnxs.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.speakol.com
cdn.speakol.info
cdn.webeyo.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
cpm.programattik.com
cs.media.net
events.askjdhaa.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hblg.media.net
ib.adnxs.com
lg3.media.net
match.adsrvr.org
mug.criteo.com
nym1-ib.adnxs.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
p4-byroqc7s2wdz4-kldht6u5nhdlpzcy-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
platform.twitter.com
pr-bh.ybp.yahoo.com
pxlclnmdecom-a.akamaihd.net
qsearch-a.akamaihd.net
recommendation.speakol.com
revenueflex.com
rtb.programattik.com
s.amazon-adsystem.com
s.uuidksinc.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.criteo.net
static.xx.fbcdn.net
syndication.twitter.com
tg.socdm.com
tpc.googlesyndication.com
us-u.openx.net
warp.media.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
104.126.116.147
104.244.42.72
149.56.113.223
149.56.179.185
151.101.1.108
173.194.216.154
173.194.217.94
184.84.136.23
185.196.197.130
192.40.39.223
202.241.208.100
23.200.196.24
23.44.133.30
23.77.241.5
2600:1f18:4e9:5a05:2438:5b9c:3f03:dbad
2600:9000:2120:7000:d:57d4:cd80:93a1
2600:9000:2514:f600:1d:7d16:ed40:93a1
2602:803:c002:200::41
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:4700:20::ac43:468a
2606:4700:3031::ac43:8ca1
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81f::2008
2607:f8b0:4006:820::200e
2607:f8b0:400c:c00::9c
2607:f8b0:400c:c0a::5f
2607:f8b0:400c:c0b::9d
2607:f8b0:400c:c0c::84
2607:f8b0:400c:c0f::9b
2607:f8b0:400c:c12::84
2607:f8b0:400c:c12::8a
2607:f8b0:400c:c12::9a
2607:f8b0:400c:c36::69
2607:f8b0:400c:c38::5e
2620:100:a001::18
2620:100:a001::4
2620:100:a001::c
2a02:6b8::90
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::485
34.102.146.192
34.120.107.143
34.98.64.218
35.71.131.137
37.157.4.25
51.222.239.230
52.46.130.91
68.67.160.24
68.67.160.26
68.67.179.153
69.175.41.79
74.119.119.139
85.111.6.48
85.111.6.50
00b160ff2555dde2e8b198bd6143da199a8b981470fbd9eb11aedc3a20b4927c
0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36
02f1f30bcb01bc62382c4026f64771b23152121d2d2eac215fc8f83bb29671e6
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
0614eabbad41deed05fc5187944ef88133801ae3d27f9ee75c91d5d25798a3ef
072d8caae1afb45d64a8738069dccf5bcdc7a8f29a192c9ef6b9014644357e9f
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
083b29b673d1012875c94164172931ad69431590cef678785314ea52324d0bb4
085b24aa196683eb6f909936d8feff941b0b8d9f8315d2db4f1dcd45403e79f7
08882d31df95daace0c23f1108f3e11fc53ef17334df446f3e3cb395c597c955
08f1aa03e9fdf5a8931f023408a36ac0151d857f8ea125835e6863bd56e910b2
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be1062206d604d70c63e62fdd1f448b95ccf63597e06b94cfbae942d014144a
0c192715ec081769319aa430226929ec104a289c701bcd87fe494b7fda2e3d6e
0f3253cef050f3c3eb480f88667ed4b215ef30ba4b93bb106ea6c29c139b70f0
100f2168b9ec611459e24a664b2e8856b13ddc0632cab732571a6dd6d0f146c4
16d50b0344bc81eabe91852de070ba92e0aca6b3385a5dbc1e94a9e23e042067
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1d360ec4001f0151c03bd93dd1fa62e58b1bfce987ae5a84f3daef0c7158e0d6
1f6edf929f53dd4587179a558b4896879027457d39b8bde5d8b7ff19c49463da
1fb9eba0f98fc3a5c9cfa55a0c43ea1d24c5f2e388f06612f404e09fe83fcbc6
2017c9db551a3acbad713e51997815ddf3c6a4781a34c1a4b0dc6a6aa0b18660
213d6cd268807d564c0421c06832011739f349f57533277e5c367cdd387e2804
2262d50696110a18e87fa0ac8edb8b9860bccb89680a5c04bad6a5246892090b
23658f94eb12770c2288a539a37804b3b625b8e8adea89c056d140a2987d449a
264639fe6d4f08ea4c110cecaab134a2ddb11cd7b0ad6abec9b8b82b18c86ba1
2899b2888191bf0e8139c08952bf8c3dd363e49ed848b9eef34fa3086867396a
2bb6a4aba39c09142ba1f41849587af550269de21276a63355c975e60a5d0f62
2bd142f2d96b80c326f0e37f42f9bbcd9fbe37a8222d54b11710e42c3e30d3aa
2c71a1967ecc24c8b1e05156cb59bbaefb7a7ddfa3f7b2976f118179cc929d8e
2cb7eacaed4e152391fc7ad967d8a66914249b8ad26425d074a03b520a604fa6
2d3b45a4be3864673801baea2c3f066e1c7320bab56d3c7818d7484cf1811696
2e068948229c5af3b37a6927a61efe4851a09c71ade24f529d1ad56b01e31ff2
2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4
2f85258f8a700c8bf69e1b7c4560536fba6053361e9a1e1c601fed69145ace4f
304ca1cf206c2d4cf36119d67c2e857a55c6eb93b0ad235076bc0bee72195b20
3121c4ce1a2b6f3eb5c310cda425e7b6f484c62846f8810c7255b1dd4bf6d764
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31adc0e2c300991bb2cb0bb415c9a737988fb1f8169673359f7ab55cbb370de5
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
35fd59b97a8e0d867188a88d4ec485d4daa94c2ac3ae46790435ee7b59f229c2
37884cc94e493d18f340a4696f52859a08cda5110707a0bf1043f80e20dbdce0
37bd1c4fe92d700d01bc83a9f49aea365765937e3b6d1129a8d8ddb9155c5822
389c256c8ea9b87df846790744d7e40e2b9557aa3f9eb4d241e370e10ab2a69b
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
396a37a2c296c024f286b410633ee81c005a6b36b0b469f0cd83d6f15a86fa19
3c232fdaf6ce70c50790b29a3f2e995035f349a5845a6e1f3c0a200bd1ca51dd
3d252ef715596a18ae31690327a2a05170d235165c134e7e19e7d38ab1db18ca
3d263f891e516d9a8ddc18f7e2693ebfdabd1c1c9e53f38010c997268e86364e
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
426077da3926c92ef2d3df3bce6337b68356dac66bb4e1c292e6879fd49dc702
44db758bfef737732d82b902d383e83659b76741a544b534e58fb951f4f1c2ba
45bdaf2ff7c10116ef18ba5b7fbf7d8abe4bea8d06955af013f0d058cf4aa76b
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4bc79a91a9a444fde5989d310a2f75596c73e1bd6bb2607a0996dad1f575c07e
4cd5d9b9721d6b1bfc18d8c81562508902e01c61e2d2058485cc31fad4222c7d
4dddbde3a429d91131d6ebaa2aeb9d6ed1edc8e8880a0bd3afb3b9538b1fb099
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e52abe5d8cab0f6520a412e7683fdcf92c05343519c2e69901f0c4651eb22a0
4e5c63e9b960628c8c1080c84c16e011131395e7caab0fca0546bf362ba984c4
4fa5c0baf683948e2d10deb619c3f6278cc69fed19ee6097a6e0e205719cc271
51ac5ba24e6e5dc4a81e589fe2f3534facb8bf349c7a449034e4d30b8565a245
51f267686d55488ffd46b12432156d7d414e6d5d90af8f8a43943e1ea8ecc8a9
529040ffb31edc3b458168066d513769520e983e2cc9ffb8d6c9ea0d98c57a11
53abc7b36dcd8b0bdee6ea0658511581a4a26f4a314a677b55c05e0f1547b930
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55846284648bdafd635501dba9bd094ec6a2ad10bee3fab812e1b30b0d796937
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55a939b24de0f015d3c9ea91f594221806637412a21ae9a41a5ce485e6d92823
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5990392ffecc1742adefccd4bfe98287fe1580dc5819e3e18635c8be4c18a6ce
5d9627946fcad2ddacefe71e61e52e0fe6da36f2957869ce1d4abf8e410fbc6e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6277bfbc6bf9fb78dc4492a10d363cd98712c7baaeca8786678d18980e5f3dff
642bedf87313b333b1f6815626461fbaabbc710ec83ced81cba70a82a3f0f6a5
667127594b17bdcf4df353f28f0bcb3797997ed34029057483fe5b2e2d6a25e0
6912122b10b4bb2a307ef2a6d6e6aa05af8f2f2dfbac1c2c5fb0533e4af35250
6a02043c1a07d967101d12bf25c060efc5e2c75fbd0dd02f7485b56593ba0480
6abca67a43b47b59366c4be2bf6c82c67abb9b2baadedec958f0789a1bad7515
6b3c83e050c374cfdd13f77640509c6bf68fd787b8f35bfeef2aae4a3372355d
6b5d4d0c150c23af20d28b535c6057ff5e6d194a27d6658e9cfbc318343468c2
6b7fa434f92a8b80aab02d9bf1a12e49ffcae424e4013a1c4f68b67e3d2bbcd0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bf62889eb1086d1968ff8020fa26cbf40aaae5b8febb3bbf06eae9f67a80037
6c920ee1554ad56939d12c7c7e9e586d15c262869e82dfd812c713da6c4f55bc
6c9389fb9fa8bc949cb00e9a8d1af73b741795e78fb70e4f8baff40adc0d43fa
6d2de1e1fc76b43b6e9bdcbdc4dec07103388c1169e74c1ddf054a2a494d93a7
6e4fc239feedbffc72b1dd6380eeb21259c1b28f972ee9dddfc5150a8f69bb4c
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
731dc4c1fbf76273a3ea45c2a5a0d0ecd0af9b3b91e2e55951a60bbda304fdad
74dd8f634727e5a01e2a9e445e2fd9b67ccfc995f1860037e6b53bd25b13a82b
752384965c9820183a08c77c9a12567f7be4eaa4f898646f37db0c21cbce67ef
77304e02b7a3e1b4de813d753e8659263b18c7fdcded945c07189af1e92a5302
783d0448cd510dee935eef86a2114578500ce66a625a8ee9242189e864de9852
786addb7e1ae880b2d60304114f4651dedfaaaee2e9209d8e8fe9e2a314168db
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a03e3684d43a975555964f127e302f06a4d7d13aa408c2949967d49bc818d74
7c44998f2124099aa09eca550067428ac92979d5c5cc8e17688348d7793f93c9
7e1150dbc4124a8d6dfa07c66f475f2fa4064a33c888474c73427bc3b49e09d8
811eb577616a205c48753c3a6586a047012b6029d8ffce950ecfcaf05ea0d78c
816bdd8885258b69d5fa0f5c290811837892f68cea69a19c10e42d62bca391fe
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
87f13c44cecc52deb83b26b60da795b5db54a140d1f8eb90863317748ae18494
88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a
88ce1b339c3c9cd5532d812b3d139e3e9eedd79f09da27c90ff33facc879b34e
88f85b6d3919de39e3fb80c4b6590cb470ff66189aa42eacf47818c124c347b0
892f1b8f079de2534b6bb5ff19c02962add5c7f402fd0627815006c351bf40fe
89b0b16db8325b2c6db9a0f68eabea4c6ffab4022ee31fb5ea6ea64a2b19b0ad
89cebf179f4db4d236912bbae3432717d9a2b38838f009c7a5ef40cabcdfdb6a
8cde89a81f804ca6677f55b524b63ea1c46373b0ad8cfe08a1a98f44c44a6b57
8db1785c7abb21f5abcc34d06d9023ef62110b12088cc950c47821bcbde851ab
8fa1b47fe4262f8c5f4b9b3cd6020e5613c58c17cd93bce445416e15ad0e8d89
8fd1f0630582db094124dfba3375fad526741151396366dcb80863e8ffc487ed
90557d06412be8395631df571518b0a9a52cab45c54dd8c1ae3997efae530c55
90b564e80ac2aef4bc2403de285b0d6cd953c7ec1e43d7daefa6125a57754d80
91a240186fd7e7ea48c2824cf21e679adb6065ca699d0c87bc3f4a0a441b64dd
91f3963d1241936996e2ae38eeb523fad9ba71a738d1c780986e26d7fbd2a09d
927e28e6f905011cd102263e99fc6a6032d90aab9f7fce9e2be1b5a4a115d7ff
93a69526f3256a8c01a6ebf0e12489b5b5bb95d25718a92023a43142335cb703
94f7de3cf236dc8db39b7ec5a8f6041ac0c523b0388053d58710c1576eec05a4
96ec1b69a57664437a736802aadb8bfe1235b2ffca93f664b24a1c23bc4eda2e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aad65d86ce18a2ada9fd402e6011d74ff845f544201178e257aba70ce3edf01
9b078fb133e6b54420ab2ba431a9e65b3c52c5ff3b49dba1cbfe80cf9266a1dc
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
9e797b9e6fd24e5a7da5feec0388488fc247be90c6f81c9a50ee96771554c5ac
a2cda9d76b5bf1601e57edf216705580757a01cc7d3bc5fe71de60b98afcb06e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a568a62be6134afc9d0d49d492fe710a8856886996017029be64086c0d00e984
a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0e3dea3ead4a88d28a0203a5dd56155100bf5d61b73c371992aa9f211ff5480
b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d
b395ec4964eaea12636df05446d2b869fc711b7cf7cd630cd7bce422c954aaaf
b3ee3d5ca5acf0a0f4a2ca66e12cc153b060e079b9894a2dbb220d1f31d9506d
b49c1341e8148af52b50b10b3b7b5d85a0d393259427e945c56a667d7d63d52c
b5a06a61cc91207a0766de728cc62f1bc1c987a5baa2155a542248a6ba0d97f4
b7ceb7bf4259c43c69d933ec8028a4e73918170e878b08e9198b493f5624d5d7
ba1c1cba103b212eaa4c5aea8268a6e94d3e0d39a16d5d094b604790db6d4fd5
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3203f157afa60442b15e1c38038b610cbaa4ba3375ad2feddfea55631fed215
c34355356c4f9f8b5e828e584ec960d94c0325893fe0411dc5778a8a584302c9
c5ac9dcb1786d5cbb495e55ef3113669a89f5b8dd97389bbff51f8c908a6a0bc
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c7b6b17dbfd59f390f39a4e46f930ded26e470ac3f1ebe984a5ee463bc3b85f3
c9803e13830d04a871ed27d4ffc42de26fcc77d6937ff73fb49a3383836f974e
c9a45e25bb255490eb80574f56a2844d752a1d5c86492e77e80fb47e4771a3b2
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
d495b605d874fff6c44230b7a0fcea83f8939d7b8c852a68e1673d9569ef9100
d59ee5c042752f61e5b31bafe02c46f869d6e1ba0482ae974d08b99299357196
d7872f259662537ed54eecb94eb30467f12472e79fe506b7de6d53812b4ab89c
dc276b9d4591e853a58fd0a2b77936a38401faa623a1b9fe104a70615a2e4f3b
df3e01305819837d7c8059eccc2427cfe74168e44f2b295c20fd0beb1b1a91c5
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374
dfef419d15c41bde0449c414eaaaeb247191c99c6b8355a481d042f518696fda
e1cde0852d19b09fbbd9d19328b98804eb3bf302a25ce9e51b2f77a1efde5926
e34b8adffde57810b7b247f215e9fddda7f9e1e6df8d8b47245e1dde339aa4c6
e3538deba64f3b9ac590d80dfbfb406711485126bd8baeae1c47db54afef205c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55a0f915a3150525919bbb2eab472b4ed985e6c58a3121b10fbb63f5a316de1
e789f7935d6d7776a0c2341570220c445bc1c493381518c085e641f9128b8938
ec483e6ca3791c4712c7eec7ee6ae73f678446535f514293be62f267ea134fb7
edcbc261c4905c6f5f7cdda2e8c1c12f2608cd487f6a1b6e354b5a5b96e6a3bd
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0677d07f771ea61d5eff0613545f0df54212d7b130b81c64d534768ab8c5ab4
f0ed85019757194c9e1396d35dca1a0d6905b55e5b4a67e6a3d7efe965f26731
f33c5e1e54db6f20b31bb55765626c057de47a672299bf1590be75b091fdf771
f66527767bf5359b459dcfac7545c4672aeec7ca5896850d77de18ece2efd40f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
face9f5338a5132ad4325db37dbb1183128be720f12f0994df7abf0f27e8d11f
fbfc8c7cef0a7fbe0595de1085e6493b54f09f09d024015451cafbc75314c45f
fd19fcf88db4d745450200b1af679c779dab70a37446176e5c57b3b1ee94332b
fdc8c54d55aafecebffa063ef8831bf996a6375c0f0c60dce3007d1e141fb023
fe70ba58df4c389fc5a0a58556f6ab248c9c94f82acc1032426b8f3ba3b95152
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ff442096e7a4680bcbd5ce5ce908eaf7001d0bc780735453769a1f9b183f15e8
ff68f3c4962c05d496b30cdd56ad345e8bf358f14407f48e55b8b98e7a730bf9

24moro.com Open in urlscan Pro 149.56.113.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

294 Requests

95 %HTTPS

50 %IPv6

40 Domains

63 Subdomains

50 IPs

7 Countries

5505 kBTransfer

11984 kBSize

37 Cookies

25 Outgoing links

Redirected requests

294 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

24moro.com Open in urlscan Pro
149.56.113.223 Public Scan

Screenshot
Live screenshot

Full Image

294
Requests

95 %
HTTPS

50 %
IPv6

40
Domains

63
Subdomains

50
IPs

7
Countries

5505 kB
Transfer

11984 kB
Size

37
Cookies

294 HTTP transactions
12 data transactions