moneytormen.ofwea.com Open in urlscan Pro
2606:4700:3033::681c:790 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://moneytormen.ofwea.com/
Submission: On December 13 via automatic, source certstream-suspicious (December 13th 2020, 3:57:43 pm UTC)

Summary HTTP 55 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 11 domains to perform 55 HTTP transactions. The main IP is 2606:4700:3033::681c:790, located in United States and belongs to CLOUDFLARENET, US. The main domain is moneytormen.ofwea.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 26th 2020. Valid for: a year.

This is the only time moneytormen.ofwea.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:4700:303... 2606:4700:3033::681c:790	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:81a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2	172.67.38.97 172.67.38.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE)
55	8

30 2606:4700:3033::681c:790 (United States)

ASN13335 (CLOUDFLARENET, US)

moneytormen.ofwea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:81a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.38.97 (United States)

ASN13335 (CLOUDFLARENET, US)

www.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	ofwea.com moneytormen.ofwea.com	210 KB
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	201 KB
6	gstatic.com fonts.gstatic.com	72 KB
4	doubleclick.net googleads.g.doubleclick.net
2	statcounter.com www.statcounter.com c.statcounter.com	12 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	google.com adservice.google.com	803 B
1	google.de adservice.google.de	803 B
1	googleadservices.com partner.googleadservices.com	638 B
1	w.org s.w.org	496 B
1	googleapis.com fonts.googleapis.com	1 KB
55	11

	Domain	Requested by
30	moneytormen.ofwea.com	moneytormen.ofwea.com
6	fonts.gstatic.com	fonts.googleapis.com
5	pagead2.googlesyndication.com	moneytormen.ofwea.com pagead2.googlesyndication.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	c.statcounter.com	www.statcounter.com
1	s.w.org	moneytormen.ofwea.com
1	www.statcounter.com	moneytormen.ofwea.com
1	fonts.googleapis.com	moneytormen.ofwea.com
55	13

This site contains links to these domains. Also see Links.

Domain
wordpress.org
siz.tv

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-26` - `2021-07-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-13` - `2021-11-13`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://moneytormen.ofwea.com/
Frame ID: 4F5003FDF933F526B4AEBB3D729BD3BE
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Frame ID: CA8CFCBF093B5E396FDCDEF0E8F8A36C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&adk=1812271804&adf=3025194257&lmt=1607875047&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1607875047141&bpp=64&bdt=65&idt=266&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=846811232898&frm=20&pv=2&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=287
Frame ID: 63D1CDD62C8DEA74C8FC03BD193BC051
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&h=280&slotname=6745491071&adk=3802788671&adf=144810823&pi=t.ma~as.6745491071&w=792&fwrn=4&fwrnh=100&lmt=1607875047&rafmt=1&psa=0&format=792x280&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1607875047205&bpp=14&bdt=129&idt=232&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=846811232898&frm=20&pv=1&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=210&ady=154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=PJ8XjUlH9P&p=https%3A//moneytormen.ofwea.com&dtd=238
Frame ID: 1E15E2E7F4E9468989FFB4114E64F0CF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
Frame ID: 302AA00F687887200BBB3C44C20F0551
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: B706181ABD0CF4B4EBF166D10FCAD475
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
html /<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css/i

Page Statistics

55
Requests

100 %
HTTPS

63 %
IPv6

11
Domains

13
Subdomains

8
IPs

2
Countries

526 kB
Transfer

1368 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

URL: https://siz.tv/
Title: Siz TV

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

55 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
moneytormen.ofwea.com/ 34 KB
6 KB 263ms
242ms Document
text/html 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.25 PleskLin
Resource Hash: 29b698de789dad2266e04e78a70ac5e21c4e4df8ebd3eec9933f70f7b43141ab

Request headers

:method: GET
:authority: moneytormen.ofwea.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=da21f2a1678bc681901590c97af3b6fc81607875046; expires=Tue, 12-Jan-21 15:57:26 GMT; path=/; domain=.ofwea.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.3.25 PleskLin
link: <https://moneytormen.ofwea.com/index.php?rest_route=/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
cf-request-id: 06fe6b45af000005bf198d4000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bwbUp2UgHchxca6Cc0FPltVZbD77scyM0nUKly%2BkTbmayNJQ6zru4b%2BudDX%2FlD0cYVsxo864Ll9sokvCXR8o7RiFUQyPNuPNshLHV0M6YfacPxIEKQ9xiQFBHCf%2FcSoH%2B3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6010e182bbc305bf-FRA
content-encoding: br

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 43ms
21ms Script
text/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c300b2811698bc68ed2928ff2686ed40e21753f1d308956268f567ab2149e576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47065
x-xss-protection: 0
server: cafe
etag: 860246916715892492
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 13 Dec 2020 15:57:27 GMT

GET
H2 200 style.min.css
moneytormen.ofwea.com/wp-includes/css/dist/block-library/ 40 KB
6 KB 63ms
60ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Thu, 11 Jun 2020 01:49:25 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"a055-5a7c52b938955"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jCqrFLwOKaJYcZIQZfDo71JCE%2BQZOuoibZygRydJSDj%2BrNYnuXhJIRUR4HRqVGnGYMnAIMVehnZV89eTl%2BYhhwbJnNSSrL6EDQTGKGRjrml88cPMr7bkZnzs4x3cKnRKIRQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489405bf-FRA
cf-request-id: 06fe6b46ac000005bf2d295000000001

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 36ms
16ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Requested by

Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e20535a18937e0f6c3587ee5fc3d901d633fedaf594b883c4a200a8fe89c91e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 13 Dec 2020 15:57:27 GMT
server: ESF
date: Sun, 13 Dec 2020 15:57:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 13 Dec 2020 15:57:27 GMT

GET
H2 200 font-awesome.min.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 27 KB
6 KB 74ms
71ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/font-awesome.min.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 048f0f31456f315100f4fc579584456c3884bdefd9039ba09ba2190c69fe6999

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"6b66-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N3Ovs6stXZpXYxD0lMRZEiSjzMv5j4iuAE79PjWlCVwGOww6MgixjrHoC8iPvay%2FU1CLcxeJcrB%2FRygEj6GPAnQXV6%2Bt3TDHjn%2BVZlDctB4m0HF9ZV0PHsTLqVcrebVSd3I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489605bf-FRA
cf-request-id: 06fe6b46a9000005bff9b8f000000001

GET
H2 200 bootstrap.min.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 118 KB
18 KB 64ms
61ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/bootstrap.min.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 77dc5fbe0989e605e33de383a1537f03b91062eb4c0eb3713f3a7fbbf2be6626

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1d989-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PgujoZlND%2BWp2N1CPX%2Bwjsek2%2FVrlPUBSEMTWssVd1C4KV9Mf0mizhc6SPkRrDtWEvyth%2BlzLmuTheMP9hCEQQ0v1ycLb7QA4nWY3dThnnIx0ag%2BY%2BI73ChSP68xQTXX%2BF4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489905bf-FRA
cf-request-id: 06fe6b46a9000005bf5f9dc000000001

GET
H2 200 selectize.bootstrap3.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 9 KB
2 KB 54ms
52ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/selectize.bootstrap3.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 7651068ff277c5e728cd30e8b543c37e96a5db877d43a6c0ca0e3299c0bae368

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"2475-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LRQZlXO66UyOl9noM1k05widUyxFEUbNc5upKCxAznZMa%2BkDg%2B6aTH3icHbeLT5IimqMkBFjz6p5ekuDa5z5zbcWaLYP7PapKbqQrnfLc0l5tHFZKdhq%2FRHrFdlOoCIVmA4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489c05bf-FRA
cf-request-id: 06fe6b46aa000005bf26afa000000001

GET
H2 200 owl.carousel.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 5 KB
1 KB 47ms
46ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/owl.carousel.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: a993259b376645cbb442a1f05c6269ed583f07e9e71658fbc70c42e7d65c148c

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"12df-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rdXuWINqGOi5HwMKsLe6sIXk%2BJ%2FKOQtIxhzNSbtFTkDKtlwbb3kdRzMvEiX48rTWP8yZzii1zpDdg7aoh7j8577Q9IBvp3piXN95ljup3OV%2FfMaS%2FqueibNCZT4OxYRe0%2Fo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489d05bf-FRA
cf-request-id: 06fe6b46aa000005bf498d8000000001

GET
H2 200 owl.theme.default.min.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 1 KB
596 B 48ms
46ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/owl.theme.default.min.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e6e40fa26713134203caed2e8d9362a8c75f5c337f02e25e00723a258eef66ea

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"476-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UTdFN1y8Ywncl2CSYgcoO5csTWlaq8Zz%2Bmc3dV80KzPv3ny8WlLfyzZIBXNlPQ1ghBYCaDOmm9BCbWfrWX334%2FeQtLf9hSTd28GVunUBwGEYavIOhp2AW8ZzpkNhLeTiees%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184489f05bf-FRA
cf-request-id: 06fe6b46aa000005bf38080000000001

GET
H2 200 magnific-popup.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 7 KB
2 KB 44ms
43ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/magnific-popup.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 1155981e8193622f58553eed0bba2fa43512af362a3d54dedef64c46970bb371

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1c86-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F3LtYpxxK8G1CK58xHM8tqtcdqkSS4lRAJW%2B5mCRGawl%2FXkw2iGhsw7I5nnC%2FhwyeI532qVkyE98aN0%2F7q5TgExLQ%2Fka2LrEjihqpyQSR%2BDzZ0Gxej%2FRORXD37eOYyWupFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e18448a105bf-FRA
cf-request-id: 06fe6b46aa000005bf2ab08000000001

GET
H2 200 style.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/ 59 KB
12 KB 62ms
61ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/style.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: eb8cdb74c673ea6d43bdccf77f483598fe80c56ef2e077a027c235734905d1ff

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"ecbc-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CAyoXLTdQo7PO%2BUzYYDNurttIcb7ohBtxqVoUvKKvTMcc27iiU1UoGsi8indnJ3aJLlreP4i%2F1IpehPpvl5AG%2Bc81VHp6377Hqup49tpzEfgytwkFcvSwZsMdxcoPiXj6w4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e18448a205bf-FRA
cf-request-id: 06fe6b46aa000005bff83ab000000001

GET
H2 200 wp-emoji-release.min.js Show response
moneytormen.ofwea.com/wp-includes/js/ 14 KB
4 KB 48ms
47ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Tue, 05 Nov 2019 22:16:02 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"362a-596a0c70cec80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ItWa8SeyieThfzgkG9105MSIEEcx2HW1D4%2FeSbp9fw1dsBTV6AHiD5TEaPLaB%2Ff4vzpzjL7R%2FZkkAp74c84BQ9H9fnc2VXzIsux5PapOuSnpCVPx1Ge3lpyMFIGbob97qwg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e1850b4a05bf-FRA
cf-request-id: 06fe6b4721000005bf23afa000000001

GET
H2 200 menu.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 11 KB
2 KB 46ms
44ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/menu.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: a065a55b08d52e19ad473a3293b4b1650dd46a013fc5e87dfadf4c563980806d

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"2b18-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tl7p33UGaZ96omLvHK1fjOCLvt1uCOT7lZR%2FrEoxz2%2FXnn8f6kxC831zSYu148A7BZbNhsYbO3SWn1vXcqaULg8Kwpr8H6jT9tb4B2mWj0k71UIHoF4d1OWETDz3BcsPObA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184899205bf-FRA
cf-request-id: 06fe6b46d5000005bf498de000000001

GET
H2 200 responsive.css
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/ 11 KB
2 KB 49ms
47ms Stylesheet
text/css 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/responsive.css?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 9dfad21fe50d3af70da92cdc5199413e3c6ac53d4fb7ab689a03f06c4081d3c9

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"2a18-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cGwOt%2F43r9MHWBIko%2BgdOWTh9ITcAnT86NokHaNV2p08RRXbq1lQEbmyEB8k6KKQ5fJAhgvD55fZG7jxHHv0yJ1ln4tuIZgRWxqLQU8wdANW3%2BdQVvhgvDiGdDNLLaRxeD4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6010e184899605bf-FRA
cf-request-id: 06fe6b46d5000005bf32908000000001

GET
H2 200 jquery.js Show response
moneytormen.ofwea.com/wp-includes/js/jquery/ 95 KB
32 KB 63ms
61ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"17a69-5890dc7401880"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ip6tBRdjSUpSbAEIvYzzz0iSs84Sawp9K222byE3aP9ZcUcp1mkFecSJQOwCQJC4QUYUkU4NDBwsI%2FKW8WguzXNdD9hgAMZfOv0MkItcOuxdY2lbrqzSZ5XsR%2B2O6NkprmM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e184899805bf-FRA
cf-request-id: 06fe6b46d5000005bfe01ef000000001

GET
H2 200 jquery-migrate.min.js Show response
moneytormen.ofwea.com/wp-includes/js/jquery/ 10 KB
4 KB 51ms
50ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"2748-5333ff613c400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L1%2BWNtgL3Vb6jVNAW39Pg6seUv8L%2FUMYoh%2FHq%2FtKX1YeZELaZG143EFOkHS%2FGU9kUdE5yl9RGlLETX6oPJEDdA0LKoBwn0jC525Y4VwtKcs7qZEqNF%2BnG1zzLWmvtoMNatQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e184899a05bf-FRA
cf-request-id: 06fe6b46d5000005bff9b93000000001

GET
H2 200 bootstrap.min.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 36 KB
9 KB 67ms
63ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/bootstrap.min.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 5a4a5359110a773bd154da94c48ffd6a6233a29dfd5a9314555f5ae6c3e47459

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"900a-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ts%2BFWSZA309nCP5E3SxcMxvRJXjf9DDpykr7W1qmgUH7jvsCqPuDVXEv24utEkn%2BflL6YZV7Bkfhyfloq0DoWu5GhpoX2T7iiDoG4pcd4tNImWuXv%2FcDGb3ybGIpu9UUVh0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499c405bf-FRA
cf-request-id: 06fe6b46dd000005bff2017000000001

GET
H2 200 owl.carousel.min.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 39 KB
10 KB 62ms
58ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/owl.carousel.min.js?ver=1607875047
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e04e2b4e27ae9881b1e161954cc00ba16c8c3a0ce73a179824756353efd6c481

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"9dd2-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W3%2B2fUtN6ACRu7sHu%2BrerRIhoVQt%2FvNDL1D1Sk0DVesRKMsGcLveChIJzZKysp%2B2cvCk%2F3a6czc24hjEz4EgoNcMfsILiHcrMKPF8wn3mGAvTu9XsSkdRnJz0EtANvy36lw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499c505bf-FRA
cf-request-id: 06fe6b46dd000005bff51b2000000001

GET
H2 200 jquery.fitvids.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 3 KB
1 KB 44ms
40ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/jquery.fitvids.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 64e9efa2008c5bd0973816eee4eaaf03a2b02f7a1b2f4317318f8711676fa01f

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"d6d-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=emEjkhf%2FUfKZ%2F3ntVt%2BPMZ08Tz9kwJlvPrRFFqpxoTdv8gCqHgrsqnhAPOkFc76fUHk12FXIFOFIQ8ODfuZHt1R4914%2BrWDsBt5mkAMFYn5MkPQIzJNWX8sLHVz2v%2Fre%2BDY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499c605bf-FRA
cf-request-id: 06fe6b46dd000005bf57397000000001

GET
H2 200 jquery.equalheights.min.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 481 B
725 B 59ms
56ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/jquery.equalheights.min.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: fb70b09e92363df8be5446f6d444821fed8ae6bb71bced09ae2934b9869012bb

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1e1-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=89Y5VGQsLiAfEGGS4sOOkRhPkQ%2BqoY5iIPrklHPtntb%2BjFrfZVPVPXbI6pnfJvtLgj2edBTLhkLoNEdr20rDRQatwoB4zRwvLmJWaqYff8IFzB1IkVY4ojZu0OeKKGnPzg4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499c705bf-FRA
cf-request-id: 06fe6b46dd000005bfed086000000001

GET
H2 200 imgLiquid-min.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 5 KB
2 KB 43ms
40ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/imgLiquid-min.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: cf870c4dda3ba0d8cac654a81837bacdb183c4106ef6ed12663019b3cc739960

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"13f2-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oRjlyLX4eRBwspgHsjOmOyLba8gJQkMdEEXJpCNYbqMe5A5Aip1IT2wIv8amoTeAGcvqH4r8Vrb2nq2u98zrCPU2Z4yOs2HeMa6yYku1apFmC075fexLWtRL9hcPDFYiuKA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499c905bf-FRA
cf-request-id: 06fe6b46dd000005bff9b95000000001

GET
H2 200 jquery.magnific-popup.min.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 20 KB
7 KB 64ms
61ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/jquery.magnific-popup.min.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: a3a1d3ef0636f519d37eafe44045a350594b59de1556ca68fc855a79bdeda319

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"4f2b-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DTORUcxjRw7IPkc2Ht%2FVFfWLttL18L1WZbeZj63AWSJ7Glk%2B4LTzOPNM5wwTD3vLYsk%2Fur2ZMww0yN%2BhAgTBFvjbBcKkVIR35WIRIdjUPBkKtX1FquNPwyaoPdn2sIKhV6E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499cb05bf-FRA
cf-request-id: 06fe6b46dd000005bf02b65000000001

GET
H2 200 navigation.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 3 KB
1 KB 51ms
47ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/navigation.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 960deecec99fa9f409481875149b5fc45c818119aea5bad16b1212b9e1bb8b71

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"c01-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zHtGXArcHfa3UWcGk3jFjyLJ8nQNKeM%2BQb7zglHVwROQ8LESULWj%2FwJBpNQO03DbU9WvLw29oUN2ILfmV3f3b9F4opf9NYtttl3Wo29RQPvHnK4z7fZtMJEhIyjI6EElilI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499cc05bf-FRA
cf-request-id: 06fe6b46de000005bf5513f000000001

GET
H2 200 sticky-sidebar.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 476 B
494 B 65ms
62ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/sticky-sidebar.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 954333ab9052546b232fde35a399f7c2a9f1480fc4a383354627171bcbb4c862

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1dc-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KZZmj3c3Lh%2B4QZUbUk7GNNqDrwXGwhl0N88MxOjcdKx9pvVtlGHatnxpuuEKCMQTb818S%2Bk3%2Fo%2BZ1pLlnbq4ZaFDo%2BTHkM0z7SeGeWamBbyiObCTrgXTYveaakprWonq6W4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499cd05bf-FRA
cf-request-id: 06fe6b46de000005bf4f0b0000000001

GET
H2 200 theia-sticky-sidebar.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 15 KB
3 KB 56ms
53ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/theia-sticky-sidebar.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 794b9e10816a6252aef7eb75ced45cf53dd47eafe1773ab94c141727132460b8

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"3a6b-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ROiTZBn3B9HP1Jq49YfHnzNpuLSxnVdGxXHuoSI%2F1iJeGm0G3TuNQCPUWownkIayymGqIE7McinH%2BobNh0WnQ4d06U7q%2B6HJvsNQHxyAfuNUqvWboGsAcZU3nxmf2VDWDkw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499d005bf-FRA
cf-request-id: 06fe6b46de000005bf410a3000000001

GET
H2 200 skip-link-focus-fix.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 716 B
690 B 52ms
49ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/skip-link-focus-fix.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 93c964e1bd5719c525c73073cf64f4c2b03dd6d4fa846d5bce3142596b3f1e97

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"2cc-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mBICbP0tADdqUqkAilKNxnGeI%2BP3D4eKq7SSA5XLFTXXKK7VLPioEfpm1ntztHQ6K9YIcv4htr8XialrkZAtfDdSWlNkFCMum0ICLVvH7JutNmuyp6n7TRhnGKuM%2FluHJZI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499d105bf-FRA
cf-request-id: 06fe6b46de000005bf2ab10000000001

GET
H2 200 menu.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 4 KB
1 KB 53ms
51ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/menu.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 72bb1187225755bb32acf38cd784d32272c31ba321f7e6682da1329790cb3e6d

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1047-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zEZts78zhLC1ByWovVMHYCQPEANjSDOdMdTp4ALfJnxH9gFsbBU2YnQVSbLOthouQrp0R10NobRHPm%2F5Oow9n020xurg88bW2k0e%2B%2F7oT9exsc%2FPsb0gSyPmVTz2TjqfrOE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499d205bf-FRA
cf-request-id: 06fe6b46de000005bf498e1000000001

GET
H2 200 scripts.js Show response
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/ 7 KB
2 KB 54ms
51ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/js/scripts.js?ver=20151215
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: b32a77c95dc0c06bdce7a8c12119a21ab048da969a089e3f92cc8e23e7a50b17

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"1ab9-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1SZwgpxxxDlUOegxhcYkLLd5FDS%2Bcf%2FbjyISsykJNKR6Jc3aeEO661RZobEF9XwV1mpHJjLYGoGKnGgOUX2hLyKR%2FU2bNdjwe6V6jrfdfwQDe0WSB%2FKvS7wRXBTLVbPtTlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499d305bf-FRA
cf-request-id: 06fe6b46de000005bf07121000000001

GET
H2 200 wp-embed.min.js Show response
moneytormen.ofwea.com/wp-includes/js/ 1 KB
969 B 53ms
50ms Script
application/javascript 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-includes/js/wp-embed.min.js?ver=5.3.6
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Sat, 05 Oct 2019 19:49:10 GMT
server: cloudflare
x-powered-by: PleskLin
etag: W/"577-5942f1cbbd980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=K1dqaZf7bsfgbK%2BR593LQe3OZ5TOgqovDt%2FoAh3vHIlLPkzqjO22EDXkP8MO6HZED%2BSYxYGIW4UdK312R44Oy2Hg39Xm4wIHLW8TxUoIqXFdrNkPDs%2FMKPsfCT%2Bwi6aerUU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6010e18499d605bf-FRA
cf-request-id: 06fe6b46df000005bfdf079000000001

GET
H2 200 counter.js Show response
www.statcounter.com/counter/ 36 KB
12 KB 76ms
30ms Script
application/x-javascript 172.67.38.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.statcounter.com/counter/counter.js
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.38.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8593c89b438890c48a5fa3e1ff55b271bae62fdc5be96d71daf78f35c078ce0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Dec 2020 15:37:37 GMT
server: cloudflare
age: 535
etag: W/"5fc7b4c1-910c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=43200
cf-ray: 6010e1855a1610b1-CPH
cf-request-id: 06fe6b4758000010b164a0f000000001
expires: Mon, 14 Dec 2020 03:48:32 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 234 KB
88 KB 57ms
43ms Script
text/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 89527
x-xss-protection: 0
server: cafe
etag: 1810063338415286733
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Dec 2020 15:57:27 GMT

GET
H2 200 u-440qyriQwlOrhSvowK_l5-fCZMdeX3rg.woff2
fonts.gstatic.com/s/merriweather/v22/ 12 KB
12 KB 32ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZMdeX3rg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e4fa437e044d3f739bd5e4aa2d1bd94e3952e888baec655763cd7969576001da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Dec 2020 12:31:11 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:10:13 GMT
server: sffe
age: 530776
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12256
x-xss-protection: 0
expires: Tue, 07 Dec 2021 12:31:11 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame CA8C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneytormen.ofwea.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://moneytormen.ofwea.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 13 Dec 2020 10:01:15 GMT
expires: Sun, 27 Dec 2020 10:01:15 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
age: 21372
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 shape1.png
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/images/ 2 KB
2 KB 57ms
57ms Image
image/png 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/images/shape1.png
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/style.css?ver=5.3.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 7c34a8fd46b7ac8e33754819e3b41c4fa901c29daea787c15684b99ffa339b1f

Request headers

Referer: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/style.css?ver=5.3.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 1587
cf-request-id: 06fe6b4736000005bf29b14000000001
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
etag: "633-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=doB4y%2FNX5GRFtlLsv%2F1XYTBd5zIj2vu5adypRB7qxRqt1PG8ZlsyTbkVyHEFUsD%2BXtoyrBpvcxKOjbWUPW%2Fx2gKrQkPtNfFGFlPlR%2FqVV656xIRzMuqylHKKnifCcFCWxUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6010e1852ba205bf-FRA

GET
H2 200 u-4l0qyriQwlOrhSvowK_l5-eR7lXff4jvzDP3WG.woff2
fonts.gstatic.com/s/merriweather/v22/ 12 KB
13 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7lXff4jvzDP3WG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0540f7b39ab2c14328b0fd4f42cf392ff6e2fc746af15a39fc6d8ec775b9a1a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 01:32:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:06:29 GMT
server: sffe
age: 51876
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12748
x-xss-protection: 0
expires: Mon, 13 Dec 2021 01:32:51 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52xwNZWMf6hPvhPQ.woff2
fonts.gstatic.com/s/merriweather/v22/ 12 KB
12 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6hPvhPQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b986fbc59b4f9794ff0d1bd475093053df31b2b79b545daf4125f0abf912716b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 10:06:14 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:11:15 GMT
server: sffe
age: 366673
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12192
x-xss-protection: 0
expires: Thu, 09 Dec 2021 10:06:14 GMT

GET
H2 200 fontawesome-webfont3295.woff2
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/fonts/ 65 KB
65 KB 51ms
51ms Font
application/octet-stream 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/fonts/fontawesome-webfont3295.woff2?v=4.5.0
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/font-awesome.min.css?ver=5.3.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/css/font-awesome.min.css?ver=5.3.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
x-powered-by: PleskLin
etag: "10440-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m21ezddriQf7g6kyz8yWps7O4ZIglKPH%2BDERLUQCRy%2BOnRbPFb5nA528yiiOSadqz9JbYc%2BjQaJYQl3AuU7xY2WDpQISy9yLstuKibUTRUVt5%2F5kcBX%2BZFLkGa1AWGdu6%2Fc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6010e1852baa05bf-FRA
content-length: 66624
cf-request-id: 06fe6b473a000005bf5514e000000001

GET
H2 200 u-4n0qyriQwlOrhSvowK_l521wRZWMf6hPvhPQ.woff2
fonts.gstatic.com/s/merriweather/v22/ 12 KB
12 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l521wRZWMf6hPvhPQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1866533cfaaab8f46695c9eb600c6cefe4079badc7f14de3ca1be142fc39b718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 18:21:34 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:08:32 GMT
server: sffe
age: 336953
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12000
x-xss-protection: 0
expires: Thu, 09 Dec 2021 18:21:34 GMT

GET
H3-Q050 200 u-440qyriQwlOrhSvowK_l5-ciZMdeX3rsHo.woff2
fonts.gstatic.com/s/merriweather/v22/ 12 KB
12 KB 38ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-ciZMdeX3rsHo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20475b3c90fde58daa47d9cc69452d7a9e530da74a7fac6934c70ebd3d3b430f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 12 Dec 2020 16:50:44 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:10:17 GMT
server: sffe
age: 83203
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11788
x-xss-protection: 0
expires: Sun, 12 Dec 2021 16:50:44 GMT

GET
H2 200 shape2.png
moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/images/ 1 KB
2 KB 44ms
44ms Image
image/png 2606:4700:3033::681c:790
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/assets/images/shape2.png
Requested by: Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/style.css?ver=5.3.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:790 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 09ab0566e4d418abb0b021eef44e2ceb096fcc403b05cc1d5c2013525bebe0af

Request headers

Referer: https://moneytormen.ofwea.com/wp-content/themes/saraswati-blog/style.css?ver=5.3.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
content-length: 1518
cf-request-id: 06fe6b4797000005bf4caf9000000001
last-modified: Mon, 02 Dec 2019 17:05:19 GMT
server: cloudflare
etag: "5ee-598bb958e71c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Bj3dw%2FyEWJNDX7kYQVrkQGq54na89KFlE78hqI2bzGQwUu9U8%2BVQTQ0NM0gl8lPE3YKRzui2rS57PoRIQnWkHtp7GUZ5D3jl18IJN80PJr%2BxLBxsc%2FZyhjsa%2BM9Afgg3qd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6010e185bdd905bf-FRA

GET
H3-Q050 200 u-4n0qyriQwlOrhSvowK_l521wRZVsf6hPvhPUWH.woff2
fonts.gstatic.com/s/merriweather/v22/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l521wRZVsf6hPvhPUWH.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33ef951f4ed964694b91a175cb86b7c868517bdcfc6178c3902201cf3155917c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://moneytormen.ofwea.com
Referer: https://fonts.googleapis.com/css?family=Merriweather:300,300i,400,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 10:17:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:08:34 GMT
server: sffe
age: 366019
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11660
x-xss-protection: 0
expires: Thu, 09 Dec 2021 10:17:08 GMT

GET
H2 200 1f4bc.svg
s.w.org/images/core/emoji/12.0.0-1/svg/ 651 B
496 B 116ms
38ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/12.0.0-1/svg/1f4bc.svg

Requested by

Host: moneytormen.ofwea.com
URL: https://moneytormen.ofwea.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

b7244d06499e782eb58335018c80c0f5dca9454d7dab0c9b85e3ced8a2ec1ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 06 Nov 2019 15:22:34 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 t.php Show response
c.statcounter.com/ 162 B
578 B 164ms
162ms XHR
application/json 172.67.38.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.statcounter.com/t.php?sc_project=12444558&java=1&security=1703589e&u1=1D39837CCC874F375FBBA32D26EEADF0&sc_rum_f_s=0&sc_rum_f_e=469&sc_rum_e_s=588&sc_rum_e_e=593&sc_random=0.12126093637931712&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1600&h=1200&camefrom=&u=https%3A//moneytormen.ofwea.com/&t=Ramsey%20Tormen%20my%20blog%20well%20come%20%E2%80%93%20Welcome%20whas%20where&rcat=d&rdom=d&rdomg=new&bb=1&sc_snum=1&sess=48a5b1&p=0&invisible=1&get_config=true
Requested by: Host: www.statcounter.com
URL: https://www.statcounter.com/counter/counter.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.38.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0564d20c6662fa83c89b22ef3e1185cede3d6e4dfbc1525e936930e8ea58fb13

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6010e1866c5710b1-CPH
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
access-control-allow-origin: https://moneytormen.ofwea.com
access-control-allow-credentials: true
content-type: application/json
cf-request-id: 06fe6b47fd000010b118891000000001
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 199 B
638 B 178ms
63ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=moneytormen.ofwea.com&callback=_gfp_s_&client=ca-pub-9126518298816135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

7a73a84db816303958de8419e2f63638865a4ba894ca0f216ed78419ba620495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 35ms
15ms Script
application/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=moneytormen.ofwea.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 36ms
16ms Script
application/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=moneytormen.ofwea.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 63D1 0
0 299ms
299ms Document
text/html 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&adk=1812271804&adf=3025194257&lmt=1607875047&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1607875047141&bpp=64&bdt=65&idt=266&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=846811232898&frm=20&pv=2&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=287

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&adk=1812271804&adf=3025194257&lmt=1607875047&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&ea=0&flash=0&pra=5&wgl=1&dt=1607875047141&bpp=64&bdt=65&idt=266&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=846811232898&frm=20&pv=2&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=287
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneytormen.ofwea.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://moneytormen.ofwea.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Dec 2020 15:57:27 GMT
server: cafe
content-length: 37845
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 13-Dec-2020 16:12:27 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Dec 2020 15:57:27 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607690616793149"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28334
x-xss-protection: 0
expires: Sun, 13 Dec 2020 15:57:27 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 1E15 0
0 407ms
407ms Document
text/html 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&h=280&slotname=6745491071&adk=3802788671&adf=144810823&pi=t.ma~as.6745491071&w=792&fwrn=4&fwrnh=100&lmt=1607875047&rafmt=1&psa=0&format=792x280&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1607875047205&bpp=14&bdt=129&idt=232&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=846811232898&frm=20&pv=1&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=210&ady=154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=PJ8XjUlH9P&p=https%3A//moneytormen.ofwea.com&dtd=238

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-9126518298816135&output=html&h=280&slotname=6745491071&adk=3802788671&adf=144810823&pi=t.ma~as.6745491071&w=792&fwrn=4&fwrnh=100&lmt=1607875047&rafmt=1&psa=0&format=792x280&url=https%3A%2F%2Fmoneytormen.ofwea.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1607875047205&bpp=14&bdt=129&idt=232&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=846811232898&frm=20&pv=1&ga_vid=414783501.1607875047&ga_sid=1607875047&ga_hid=1197954299&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=210&ady=154&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068084%2C21068769&oid=3&pvsid=1864752300419854&pem=957&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=PJ8XjUlH9P&p=https%3A//moneytormen.ofwea.com&dtd=238
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneytormen.ofwea.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://moneytormen.ofwea.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Dec 2020 15:57:27 GMT
server: cafe
content-length: 24363
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 13-Dec-2020 16:12:27 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Dec 2020 15:57:27 GMT
cache-control: private

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 145 KB
52 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 53263
x-xss-protection: 0
server: cafe
etag: 8848748755015014073
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Dec 2020 15:57:27 GMT

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame 302A 0
0 6ms
5ms Document
text/html 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneytormen.ofwea.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://moneytormen.ofwea.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 12 Dec 2020 18:46:21 GMT
expires: Sat, 26 Dec 2020 18:46:21 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 76266
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 43ms
30ms XHR
application/json 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201203&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44d32e494d4640bb0d6cebf7accdeab4253d033c18831e49fd8bc81ff59eb9e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Dec 2020 15:57:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6505
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 15:57:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Sun, 13 Dec 2020 15:57:28 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame B706 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneytormen.ofwea.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://moneytormen.ofwea.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Sun, 13 Dec 2020 15:24:52 GMT
expires: Mon, 13 Dec 2021 15:24:52 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1956
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
620 B 15ms
15ms Image
image/gif 2a00:1450:4001:81a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201203&jk=1864752300419854&bg=!CgmlCSnNAAUbEDgJG1hHzurRpj926AIAAACMUgAAABNoAQcKARDBe9-Z5d050plvdk_-sStsY3aYG2Nw6fokWOZD0FMKjScE6zON4j-rqRj29ARJZNSvCtV9KEbWZpv-ULL-0kK1uRlHTu46N8ESmnhmZ-oInmyLEM5Z6j-myt2MrIrdRCY0UQAUC4LNq2jY9TCJrRFrGEK2CQaBCr2dCY_8VRv4eNtSNnRjjJF--xwurT3GBexYExF-InonFnAmazAnoy6-oqUAjHsB0sYtI43k6WurA4YqT4wNVXZSHkkkHns1IMKacfi5ug9iJg0AiExasI_RFzNM8lXE9Ie7gGe-FK0bzYiP7n37ovcWP19YYFpsgqECsmFcR_1ZKiTtOX4seRly3C6qLUuEjlQnjRdKt0eQWZkBvkcIY-C_a8dBOKkUZ7jgBNbKd0Mfqg-KvDcJfhcvKXcexEW687BsSGbrgKML5AVT5xevQ1sljIZlCltinkQlgbjfjfk2K3LVY1CCxV8GJ2iIWNzqZFEVhWlGq9Q5D8yYeK5BeIVKzz1zHafGoL2m469QbfI9V2kwNnmzTEi7cq68dMbq4h0XX4uRqow-Ea6TL0bgPCEz7uTY-BKfjF5iRboDbk-Sk6zX6leZJVNNCuJ-n5PHxFg9ch0HnfRHSB5A1BatVYkW7LIp193s-mVIuKJKnAgAvMgkZYjLE-BDj2DnOFQGcEvzMj9IaM_3SJamqZ9PYpN0UYiXMNQVH_587Vf5SQUCdwUg7cVaM4wTVNicnVYFjSHVxyM2SlA2DjkZM9yDKGWwgEqgSnUU6UrELd9ddiM8uoS_g9Qtgk727VDzZsIlZxLP8I2L6qVpw6ga93zjA6TBdOoua0A84P2tjZF3soSXrKEudqyi-dYRIKjWdDrqnndJz0xdvy3t6l5FD3Bb44hA5d7FMYGPzhSQo5UTNHh3iMbHkjD3YNToB-bcThFPN0K8KsN-4l3cBzuFu-Rn5NVQGBjW0v1Mt8ng

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneytormen.ofwea.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Dec 2020 15:57:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 14:37:58	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 23:59:31	Name: IDE Value: AHWqTUkOwGsN891mDlC-jR-jhobI_h786dOVWkn6TejFj1p0_5QTuW8GpDz_MAqW
.ofwea.com/	1970-01-19 23:59:31	Name: __gads Value: ID=403758e77525ee4e-22e6dfd48aa60003:T=1607875047:RT=1607875047:S=ALNI_MZNv4hSM6cFws7nyqculq7DCnQwAA
.moneytormen.ofwea.com/	1970-01-20 08:09:07	Name: sc_is_visitor_unique Value: rx12444558.1607875047.1D39837CCC874F375FBBA32D26EEADF0.1.1.1.1.1.1.1.1.1
.ofwea.com/	1970-01-19 15:21:07	Name: __cfduid Value: da21f2a1678bc681901590c97af3b6fc81607875046

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://moneytormen.ofwea.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
c.statcounter.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
moneytormen.ofwea.com
pagead2.googlesyndication.com
partner.googleadservices.com
s.w.org
tpc.googlesyndication.com
www.googletagservices.com
www.statcounter.com
172.217.22.2
172.67.38.97
192.0.77.48
2606:4700:3033::681c:790
2a00:1450:4001:801::200a
2a00:1450:4001:81a::2002
2a00:1450:4001:81d::2001
2a00:1450:4001:825::2003
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
048f0f31456f315100f4fc579584456c3884bdefd9039ba09ba2190c69fe6999
0540f7b39ab2c14328b0fd4f42cf392ff6e2fc746af15a39fc6d8ec775b9a1a5
0564d20c6662fa83c89b22ef3e1185cede3d6e4dfbc1525e936930e8ea58fb13
09ab0566e4d418abb0b021eef44e2ceb096fcc403b05cc1d5c2013525bebe0af
1155981e8193622f58553eed0bba2fa43512af362a3d54dedef64c46970bb371
1866533cfaaab8f46695c9eb600c6cefe4079badc7f14de3ca1be142fc39b718
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
20475b3c90fde58daa47d9cc69452d7a9e530da74a7fac6934c70ebd3d3b430f
29b698de789dad2266e04e78a70ac5e21c4e4df8ebd3eec9933f70f7b43141ab
33ef951f4ed964694b91a175cb86b7c868517bdcfc6178c3902201cf3155917c
44d32e494d4640bb0d6cebf7accdeab4253d033c18831e49fd8bc81ff59eb9e8
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
5a4a5359110a773bd154da94c48ffd6a6233a29dfd5a9314555f5ae6c3e47459
64e9efa2008c5bd0973816eee4eaaf03a2b02f7a1b2f4317318f8711676fa01f
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
72bb1187225755bb32acf38cd784d32272c31ba321f7e6682da1329790cb3e6d
7651068ff277c5e728cd30e8b543c37e96a5db877d43a6c0ca0e3299c0bae368
77dc5fbe0989e605e33de383a1537f03b91062eb4c0eb3713f3a7fbbf2be6626
794b9e10816a6252aef7eb75ced45cf53dd47eafe1773ab94c141727132460b8
7a73a84db816303958de8419e2f63638865a4ba894ca0f216ed78419ba620495
7c34a8fd46b7ac8e33754819e3b41c4fa901c29daea787c15684b99ffa339b1f
93c964e1bd5719c525c73073cf64f4c2b03dd6d4fa846d5bce3142596b3f1e97
954333ab9052546b232fde35a399f7c2a9f1480fc4a383354627171bcbb4c862
960deecec99fa9f409481875149b5fc45c818119aea5bad16b1212b9e1bb8b71
9dfad21fe50d3af70da92cdc5199413e3c6ac53d4fb7ab689a03f06c4081d3c9
a065a55b08d52e19ad473a3293b4b1650dd46a013fc5e87dfadf4c563980806d
a3a1d3ef0636f519d37eafe44045a350594b59de1556ca68fc855a79bdeda319
a993259b376645cbb442a1f05c6269ed583f07e9e71658fbc70c42e7d65c148c
b32a77c95dc0c06bdce7a8c12119a21ab048da969a089e3f92cc8e23e7a50b17
b7244d06499e782eb58335018c80c0f5dca9454d7dab0c9b85e3ced8a2ec1ab9
b986fbc59b4f9794ff0d1bd475093053df31b2b79b545daf4125f0abf912716b
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
c300b2811698bc68ed2928ff2686ed40e21753f1d308956268f567ab2149e576
c8593c89b438890c48a5fa3e1ff55b271bae62fdc5be96d71daf78f35c078ce0
cf870c4dda3ba0d8cac654a81837bacdb183c4106ef6ed12663019b3cc739960
dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049
e04e2b4e27ae9881b1e161954cc00ba16c8c3a0ce73a179824756353efd6c481
e20535a18937e0f6c3587ee5fc3d901d633fedaf594b883c4a200a8fe89c91e3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fa437e044d3f739bd5e4aa2d1bd94e3952e888baec655763cd7969576001da
e6e40fa26713134203caed2e8d9362a8c75f5c337f02e25e00723a258eef66ea
eb8cdb74c673ea6d43bdccf77f483598fe80c56ef2e077a027c235734905d1ff
f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1
fb70b09e92363df8be5446f6d444821fed8ae6bb71bced09ae2934b9869012bb
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

moneytormen.ofwea.com Open in urlscan Pro 2606:4700:3033::681c:790 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

55 Requests

100 %HTTPS

63 %IPv6

11 Domains

13 Subdomains

8 IPs

2 Countries

526 kBTransfer

1368 kBSize

5 Cookies

2 Outgoing links

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

moneytormen.ofwea.com Open in urlscan Pro
2606:4700:3033::681c:790 Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

100 %
HTTPS

63 %
IPv6

11
Domains

13
Subdomains

8
IPs

2
Countries

526 kB
Transfer

1368 kB
Size

5
Cookies

55 HTTP transactions
0 data transactions