icedodo.onionfist.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://icedodo.onionfist.com/
Effective URL:
https://icedodo.onionfist.com/
Submission: On February 17 via manual (February 17th 2024, 5:46:07 pm UTC) from CA — Scanned from NL

Summary HTTP 333 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 73 IPs in 9 countries across 55 domains to perform 333 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is icedodo.onionfist.com. The Cisco Umbrella rank of the primary domain is 635359.
TLS certificate: Issued by E1 on January 3rd 2024. Valid for: 3 months.

This is the only time icedodo.onionfist.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
106	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:3e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1791	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	93.119.15.97 93.119.15.97	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
1 12	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:4ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::681a:346	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.217.18.102 172.217.18.102	15169 (GOOGLE) (GOOGLE)
2	34.95.69.49 34.95.69.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
2	131.153.168.131 131.153.168.131	19437 (SS-ASH) (SS-ASH)
3 6	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
5	2602:803:c003... 2602:803:c003:200::41	26667 (RUBICONPR...) (RUBICONPROJECT)
17	172.64.144.78 172.64.144.78	() ()
1	18.195.163.73 18.195.163.73	() ()
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
16	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	108.138.36.28 108.138.36.28	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225b:7800:a:e047:753:eb41	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
1	52.212.53.200 52.212.53.200	16509 (AMAZON-02) (AMAZON-02)
1	23.211.9.91 23.211.9.91	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.193.108 151.101.193.108	() ()
2	72.246.169.246 72.246.169.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	104.18.38.76 104.18.38.76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1 1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 2	52.46.143.56 52.46.143.56	16509 (AMAZON-02) (AMAZON-02)
7 8	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 8	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	34.197.210.85 34.197.210.85	14618 (AMAZON-AES) (AMAZON-AES)
2 2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:1f18:ed:... 2600:1f18:ed:550e:5c7b:a93e:1c30:ee84	14618 (AMAZON-AES) (AMAZON-AES)
1 1	188.166.17.21 188.166.17.21	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	35.208.249.213 35.208.249.213	15169 (GOOGLE) (GOOGLE)
1	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
1 1	34.95.81.168 34.95.81.168	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::6 2a02:2638:3::6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
1	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
5	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	35.214.211.207 35.214.211.207	() ()
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	213.227.153.230 213.227.153.230	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
16	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1 1	145.40.97.66 145.40.97.66	() ()
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:21::1690	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	2607:f350:3:2... 2607:f350:3:2569:0:10:0:200d	27630 (AS-XFERNET) (AS-XFERNET)
1 1	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 1	91.134.110.133 91.134.110.133	16276 (OVH) (OVH)
3 3	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
333	73

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

icedodo.onionfist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

106 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

icedodo.onionfist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
icedodo-api.onionfist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:3e8 (United States)

ASN13335 (CLOUDFLARENET, US)

api.adinplay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1791 (United States)

ASN13335 (CLOUDFLARENET, US)

cadmus.script.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 93.119.15.97 (Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 93-119-15-97.colo.transip.net

stats.adinplay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:346 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.46 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 131.153.168.131 (Ashburn, United States)

ASN19437 (SS-ASH, US)
PTR: pare-many.psychefolk.com

server.cpmstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.64.151.101 (San Francisco, United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.64.144.78 (San Francisco, United States)

ASN- ()

elb.the-ozone-project.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.163.73 (Frankfurt am Main, Germany)

ASN- ()
PTR: ec2-18-195-163-73.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-28.muc50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225b:7800:a:e047:753:eb41 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.53.200 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-53-200.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.211.9.91 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-211-9-91.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.108 (United States)

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.246.169.246 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-246.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.38.76 (None, )

ASN13335 (CLOUDFLARENET, US)

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.143.56 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.18.2 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.36.155 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.197.210.85 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-210-85.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:ed:550e:5c7b:a93e:1c30:ee84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.166.17.21 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.243 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.81.168 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 168.81.95.34.bc.googleusercontent.com

euexchangesync.digitaleast.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ssp-sync.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.20 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.211.207 (Groningen, Netherlands) 1 redirects

ASN- ()
PTR: 207.211.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.153.230 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

b1h-euc1.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.97.66 (Amsterdam, Netherlands) 1 redirects

ASN- ()

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:21::1690 (Singapore)

ASN41041 (VCLK-EU-SE, US)

prebid-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f350:3:2569:0:10:0:200d (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.174.117 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.134.110.133 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip133.ip-91-134-110.eu

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.214.149.91 (Groningen, Netherlands) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
107	onionfist.com 1 redirects icedodo.onionfist.com — Cisco Umbrella Rank: 635359 icedodo-api.onionfist.com — Cisco Umbrella Rank: 242052	7 MB
41	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 158	511 KB
35	criteo.net static.criteo.net — Cisco Umbrella Rank: 689 csm.eu.criteo.net — Cisco Umbrella Rank: 7991 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 8417	477 KB
25	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 213 ad.doubleclick.net — Cisco Umbrella Rank: 149 cm.g.doubleclick.net — Cisco Umbrella Rank: 278 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	293 KB
17	the-ozone-project.com elb.the-ozone-project.com — Cisco Umbrella Rank: 4805	17 KB
14	casalemedia.com 4 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 484 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 541 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 696 ssum.casalemedia.com — Cisco Umbrella Rank: 1349	9 KB
12	criteo.com 3 redirects gum.criteo.com — Cisco Umbrella Rank: 461 mug.criteo.com — Cisco Umbrella Rank: 2577 dis.criteo.com — Cisco Umbrella Rank: 632 ssp-sync.criteo.com — Cisco Umbrella Rank: 1475 ads.eu.criteo.com — Cisco Umbrella Rank: 7905 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 13595 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9712 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13432	121 KB
10	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 272 acdn.adnxs.com — Cisco Umbrella Rank: 639	31 KB
9	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 328	317 KB
9	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 538 eus.rubiconproject.com — Cisco Umbrella Rank: 626 token.rubiconproject.com — Cisco Umbrella Rank: 499 pixel.rubiconproject.com — Cisco Umbrella Rank: 413	16 KB
6	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 711	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 381	104 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	56 KB
5	btloader.com btloader.com — Cisco Umbrella Rank: 1023 api.btloader.com — Cisco Umbrella Rank: 1108	25 KB
4	liadm.com 3 redirects i.liadm.com — Cisco Umbrella Rank: 607 i6.liadm.com — Cisco Umbrella Rank: 3254	2 KB
4	openx.net 2 redirects oajs.openx.net — Cisco Umbrella Rank: 2328 rtb.openx.net — Cisco Umbrella Rank: 670 google-bidout-d.openx.net — Cisco Umbrella Rank: 2314	1 KB
4	adinplay.com api.adinplay.com — Cisco Umbrella Rank: 16455 stats.adinplay.com — Cisco Umbrella Rank: 28716	198 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 396	2 KB
3	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 479 ads.pubmatic.com — Cisco Umbrella Rank: 555 image6.pubmatic.com — Cisco Umbrella Rank: 976	6 KB
3	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 476 ajax.googleapis.com — Cisco Umbrella Rank: 434 fonts.googleapis.com — Cisco Umbrella Rank: 48	137 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 141
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 311	2 KB
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 704 cdn.indexww.com — Cisco Umbrella Rank: 2121	2 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1113 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1084	12 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 961 id5-sync.com — Cisco Umbrella Rank: 442	26 KB
2	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 623 eb2.3lift.com — Cisco Umbrella Rank: 458	732 B
2	cpmstar.com server.cpmstar.com — Cisco Umbrella Rank: 3928	978 B
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 1718	25 KB
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 1293	104 B
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1074	1 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 353	3 KB
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 996	14 KB
1	33across.com ssc-cms.33across.com — Cisco Umbrella Rank: 1032
1	smartadserver.com 1 redirects ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1756	307 B
1	1rx.io 1 redirects sync.1rx.io — Cisco Umbrella Rank: 584	231 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1137	681 B
1	dotomi.com prebid-match.dotomi.com — Cisco Umbrella Rank: 2017	104 B
1	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 854	256 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 389	149 B
1	zemanta.com 1 redirects b1h-euc1.zemanta.com — Cisco Umbrella Rank: 13239	397 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	5 KB
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 1064	298 B
1	adform.net cm.adform.net — Cisco Umbrella Rank: 1177	106 B
1	digitaleast.mobi 1 redirects euexchangesync.digitaleast.mobi — Cisco Umbrella Rank: 41970	269 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 744	187 B
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 1092	373 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2836	514 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2935	3 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2495	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2030	8 KB
1	script.ac cadmus.script.ac — Cisco Umbrella Rank: 2669	46 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2000	257 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	75 KB
0	workers.dev Failed country.adinplay-venatus.workers.dev Failed
333	55

	Domain	Requested by
103	icedodo.onionfist.com	1 redirects icedodo.onionfist.com cadmus.script.ac static.cloudflareinsights.com
18	tpc.googlesyndication.com	cadmus.script.ac 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com icedodo.onionfist.com
18	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com icedodo.onionfist.com
17	elb.the-ozone-project.com	api.adinplay.com cadmus.script.ac elb.the-ozone-project.com static.cloudflareinsights.com
16	imageproxy.eu.criteo.net	ads.eu.criteo.com
16	static.criteo.net	cadmus.script.ac ads.eu.criteo.com cdnjs.cloudflare.com static.criteo.net
12	securepubads.g.doubleclick.net	1 redirects api.adinplay.com cadmus.script.ac 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
9	s0.2mdn.net	icedodo.onionfist.com s0.2mdn.net
9	ib.adnxs.com	1 redirects api.adinplay.com acdn.adnxs.com googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	2 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
8	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net
6	onetag-sys.com	api.adinplay.com cadmus.script.ac
5	cdn.ampproject.org	cadmus.script.ac
5	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com	cadmus.script.ac
5	fastlane.rubiconproject.com	api.adinplay.com
4	www.gstatic.com	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
4	icedodo-api.onionfist.com	cadmus.script.ac
4	api.btloader.com	btloader.com cadmus.script.ac
3	x.bidswitch.net	3 redirects
3	csm.eu.criteo.net	ads.eu.criteo.com
3	i.liadm.com	3 redirects
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	ad.doubleclick.net	icedodo.onionfist.com
2	www.googleadservices.com
2	cat.nl3.eu.criteo.com	ads.eu.criteo.com
2	googleads.g.doubleclick.net	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com icedodo.onionfist.com
2	ads.eu.criteo.com	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
2	dis.criteo.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	www.google.com	1 redirects cadmus.script.ac
2	eus.rubiconproject.com	cadmus.script.ac eus.rubiconproject.com
2	gum.criteo.com	1 redirects cadmus.script.ac
2	oajs.openx.net	1 redirects
2	htlb.casalemedia.com	api.adinplay.com
2	server.cpmstar.com	api.adinplay.com
2	script.4dex.io	cadmus.script.ac
2	i.clean.gg	cadmus.script.ac
2	ad-delivery.net	icedodo.onionfist.com
2	stats.adinplay.com	api.adinplay.com
2	cdn.jsdelivr.net	api.adinplay.com cadmus.script.ac
2	static.cloudflareinsights.com	icedodo.onionfist.com elb.the-ozone-project.com
2	api.adinplay.com	icedodo.onionfist.com api.adinplay.com
1	ssc-cms.33across.com	elb.the-ozone-project.com
1	ssum.casalemedia.com	1 redirects
1	ssbsync-global.smartadserver.com	1 redirects
1	sync.1rx.io	1 redirects
1	sync.go.sonobi.com	1 redirects
1	prebid-match.dotomi.com	elb.the-ozone-project.com
1	fonts.gstatic.com	fonts.googleapis.com
1	prebid.a-mo.net	1 redirects
1	fonts.googleapis.com	ajax.googleapis.com
1	rtb.nl3.eu.criteo.com	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
1	match.adsrvr.org	elb.the-ozone-project.com
1	ajax.googleapis.com	s0.2mdn.net
1	b1h-euc1.zemanta.com	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	csync.loopme.me	1 redirects
1	rtb.fr3.eu.criteo.com	26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
1	cm.adform.net	elb.the-ozone-project.com
1	pixel.rubiconproject.com	elb.the-ozone-project.com
1	ssp-sync.criteo.com	elb.the-ozone-project.com
1	google-bidout-d.openx.net	cadmus.script.ac
1	cdn.indexww.com	ssum-sec.casalemedia.com
1	euexchangesync.digitaleast.mobi	1 redirects
1	pixel-sync.sitescout.com	ssum-sec.casalemedia.com
1	trace.mediago.io	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	i6.liadm.com	ssum-sec.casalemedia.com
1	rtb.openx.net	1 redirects
1	token.rubiconproject.com	eus.rubiconproject.com
1	image6.pubmatic.com	ads.pubmatic.com
1	js-sec.indexww.com	cadmus.script.ac
1	eb2.3lift.com	cadmus.script.ac
1	acdn.adnxs.com	cadmus.script.ac
1	ads.pubmatic.com	cadmus.script.ac
1	mug.criteo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	cdn.prod.uidapi.com	cadmus.script.ac
1	tags.crwdcntrl.net	cadmus.script.ac
1	invstatic101.creativecdn.com	cadmus.script.ac
1	cdn.id5-sync.com	cadmus.script.ac
1	oa.openxcdn.net	cadmus.script.ac
1	tlx.3lift.com	api.adinplay.com
1	hbopenbid.pubmatic.com	api.adinplay.com
1	btloader.com	api.adinplay.com
1	imasdk.googleapis.com	api.adinplay.com
1	cadmus.script.ac	api.adinplay.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	icedodo.onionfist.com
0	country.adinplay-venatus.workers.dev Failed	api.adinplay.com
333	91

This site contains links to these domains. Also see Links.

Domain
onionfist.com
www.instagram.com

Subject Issuer	Validity	Valid
icedodo.onionfist.com E1	`2024-01-03` - `2024-04-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
adinplay.com GTS CA 1P5	`2024-02-14` - `2024-05-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
script.ac E1	`2023-12-29` - `2024-03-28`	3 months	crt.sh
stats.adinplay.com R3	`2024-01-31` - `2024-04-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
btloader.com GTS CA 1P5	`2024-02-15` - `2024-05-15`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2024-02-06` - `2024-05-06`	3 months	crt.sh
ad-delivery.net GTS CA 1P5	`2024-01-20` - `2024-04-19`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
i.clean.gg GTS CA 1D4	`2024-01-11` - `2024-04-10`	3 months	crt.sh
onionfist.com GTS CA 1P5	`2024-01-28` - `2024-04-27`	3 months	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2023-10-23` - `2024-10-22`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
server.cpmstar.com Go Daddy Secure Certificate Authority - G2	`2023-07-21` - `2024-08-21`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.onetag-sys.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-23` - `2025-01-29`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
the-ozone-project.com E1	`2023-12-24` - `2024-03-23`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2024-01-22` - `2024-04-22`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-17` - `2024-05-17`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
cdn.prod.uidapi.com R3	`2024-01-24` - `2024-04-23`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-08` - `2024-05-07`	3 months	crt.sh
*.id5-sync.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
indexww.com Cloudflare Inc ECC CA-3	`2023-09-05` - `2024-09-03`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.sitescout.com GeoTrust TLS RSA CA G1	`2024-01-15` - `2025-02-01`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-08` - `2024-05-06`	3 months	crt.sh
*.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-25` - `2024-06-18`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-10` - `2024-05-05`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-06` - `2024-05-03`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-27` - `2024-03-21`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://icedodo.onionfist.com/
Frame ID: 4A4FA33B10A8FCB5B8266A212D6A3168
Requests: 171 HTTP requests in this frame

Frame: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B67BC871901F6B7C2E492CF006EF6584
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=icedodo.onionfist.com
Frame ID: 0D3AB80984CBCED0893F372406DC2846
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156857
Frame ID: 2D4110792DA63F5495B706382ACE0592
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 28BCBD3FE748DE6EA3FA2EC5263F4F94
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: D4DF7655ABD34674DD6125FF221ED9E0
Requests: 3 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Frame ID: 075EFBF4DB5F92DDF5EFD3C80569664F
Requests: 18 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1708191960959
Frame ID: 8AB72ACB2C529B7014516B98B10CC632
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: B7B9191683708AE58F095AC132D6CFD5
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: FCF9FCD7999FC315058736442FEDC5C8
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 007735E07364CDE3FEEDF18C603C7CF2
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3346CAD02BD044AFA89E868D23CCE2F8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CD2623514656D5A371B7A38E44741554
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 6F64CB013B7222AE17B8BB556B4DA48F
Requests: 1 HTTP requests in this frame

Frame: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 18A6EDCB20CAB4AF4B996101E0529A80
Requests: 11 HTTP requests in this frame

Frame: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8908E6BDDF320F9083A3B5497235BC94
Requests: 7 HTTP requests in this frame

Frame: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 011C43EDBCAB725AF185A508492C05EB
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAAtAwIVSSuAAHP1K4TizIpdEKtql2sSw&u=%7CdOQkJUNHFym3n%2BMO23dLlNEJwdBBiwxLwctY%2B0p%2FZ9U%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSOPFNJnChpmb8nLObVznKzvVZhrVQX9cU9RlVCnCvrXoy-NwdAxi8NJE3-fg1luQlV19khOI7XTm-bHBIwIInk-iNNMp1_3RWs1fxUknB9dHym9631vft-o4WNBbbNrcUmUwTuE8krZtaMs2tBOqvo3xJWXJ-CNOoMm_6EUvk-lKjuUsYDt8Pk20NLHsO_pOmXpHrmU6t9ZjqtMtu5sBPNglXcdcPaaioJybvdQQ82e_tuEwA6pKYtkrTwpxQDbvh634PVnexm5tjJUWmyuU3yEjYjCCtQAzGNrchDXpgiShySuujzCSdf3MKQmo6FWpawLAizcJWONFDQHJn7dnaIFp_2YFGqesTys9TMAQeMUicmRbTuB6wp1cWHX0lXz5C_qb6EJ2wpz0KdMs-sKdPeROzhoGxG2d1IV-rAu1r5wYqUnYPsWOACxWts4NNfWeARNx-IC6scXS3KvJmg_miC9qGXnKMuqFzmlQmJy6t3MWcsYfM0IuqpBwkF_Ycrcp2QOq62zigLCVnxxxsOdXePCKe7DrM8bG1bLXr17EwefnVlshORX42ISAw65rUV7qYzdc2f7BWJAUvZkn7PjCfBVdRaljketijA9MIJpIVyuoA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCF6uF2fDQZYzoAq7J1PIP1J-H8ALJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSYAk_QJfa9jhXKyunBw-Dqwijjl3YWZC_syIiwnvGkYyYp2VsOsSrth0yf42ImbbX3tHhEhfDZ586z24QisXVUyyRfq0pmtBBVJJQf4axybOwlsmwp3j8Zkiv3uGTqB6Mhs-LqD1v1y_4927a1wynaMRiwmhzkkVgG1PR9EV-cvk7pwLJND9MqoOQWDY-56a3eHi1Tzdb6DtoT_XkHhT_gSowW4vO5Pc8nDRDJ6X3smaI-GZKJONbDVT0GW1qW68n68gg0dabbcKw8fLes3zyj9oqgawgZq96Tf4X1vNc-JZGZ9C6ecVWZXMiam5SUfc7B_RF6WgnHprvytf5TNQFcqqhTuMGKX93k5PtyRM7vpiqFm1hBCt1MKnTgBAGABrru0K2p9oyp8QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggnCJHhgHAQATIF64uAgCA6CYBAgICAgICEDki9_cE6WMm7rvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMIoeyu-PayhAMVriRVCB3UzwEu0BUBgBcB%26num%3D1%26sig%3DAOD64_0m3I7iClas9uLUlzcp8jkTGnZX7A%26client%3Dca-pub-3282547114800347%26adurl%3D
Frame ID: 34EF527AF84A42202E09B989A2C8DD6C
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6UTBDvqboCGNbo_twBMAE&v=APEucNWN2S_FXNS1hyqYcrnIvkvlHLaWjP8WpsTSgMjm98z0sqkb4d5PA71jCu2EtWkUGAXJ_Q6qOcVClF67OQg2XbfZIRyjYGMDpbpLcb4pKOxxxVXjSgWSRgwOECiNeGViiWZqYwhfJ0w6w9xY7_CAFdIbh2cvFnwOmtEjH7Niqv3mPVX-4t3zIgEhfBcw6vr4D2nrp3olZBQHll4bw7DhcXL8SV5O5Q
Frame ID: 2A299E6E5B1DF58FD001A4DB0506C5E8
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012402060239000/amp4ads-v0.mjs
Frame ID: 8F45E4918B8F7A4EC04E3B4B171979BF
Requests: 12 HTTP requests in this frame

Frame: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7A03EE5B2C2B61FD4509053F7EC1636C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CDD86A80382C6CAB63D29BC3A59C5E0D
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAF4C0IVTv1AAPCHP5IIYIBIzM36Dgehg&u=%7CdOQkJUNHFynVKxzKxhWZemOz5aC0GPdqm3GA4IAqvT0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNWAfGoXO4nLGGpugmDfhrYDe7l1vqZ7ZIDMbGvJnUYrWdlJQrHpgqcPCHCBdEREnz0k1uEmECGs3L1nEpsOi5hosSdQiydot1svd28zIAvL0lPwSV_PhIQV9uk49LP705ZMjY2fvux45lSB5NHubUuTjODPLkVxwDmvOF_KtpYleXlQudyUHUrmZqY5RbL4MQGNY8GXI-rrCK0rv7JsVPu4bJVUtLjNe-65_8F-eScCFRw2ocgPFnu8sS_sr0kQim-wRCVb4NJ6xBR1FgogV3LJ-YA3vPwsiFSkwc_pF0sM23vcEci-mOHvQWY8WgBH7V3TNlHZXDB_E3VurBl7yRxb6izZ4tNAHzXAfCXhUnDIZiLEg4I62D7YPs8N8hqFUkgtf87-Pp_8R1yVQn6Bh1Y7pkK9prO09VBARCM26GYb62vWudL10HnDC4iGxR6dZBpvBKllxWEoUAp_7IOs-ZDyoaOQSGwWMVfkR0ks56KV2A8KUyEj9Fcm3PIWncAztEUQFsac990Emxk8nUuqinogToMikdqFKtYZwlt0QKrGw37XyC6jTw72Wqai9BKhhnGF17Xk_QlpF7sA3FvoP73GxcpRsXRcWRmpjJL4chghZAeGztn8nMBSwhP1O3diBlYbMMK_23tuc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6A832fDQZa3AF_X31PIPnISP0AzJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSSAk_Qc6J7E0IcF0DoYeoc2YYeYtFRPHAt0HMdsbCkiXe4beS5UCk9lKJevW_VAe2UYLyWxSWnP_WQasf6wJM2GoYYKDdVooXXGzeRiIWFqfL7NmFeqchWx-ObtikKEXIdEqvs63VfV16g00t8_6i6uIiypDL32WpGz1ZihIRwGMII-fa43OxrNDAOXV9zf5OuO5OjayHXDe3tPlRt8EI8nl74UbArkiysEMJt0OUL7uYyILh8kOdHW6sOhvoDaOwaSa-eGmGWsD3VV0bnLvSyP9LfdgxMMzwtZpedHgA41tXdESMhECuQotUb9QbyIgD9T5KTMdbMg37R5CBccU9sgBxxPz-Gp3s6XsxNFdVDnQCB1_bgBAGABqbRj-vi9KHNngGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIDhgBAQATICqgI6CYBAgICEgICEDki9_cE6WODVwvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMI2YfD-PayhAMV9TtVCB0cwgPK0BUBgBcB%26num%3D1%26sig%3DAOD64_1dt8eyUBboplNqu16hvT74YZqvHg%26client%3Dca-pub-3282547114800347%26adurl%3D
Frame ID: 617A6902CF90B53E67BF3C47C91B46DD
Requests: 26 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
Frame ID: 34522B1098EABA4234F265F0112A54F9
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/O0fxLlxGdVrwDA1P0v8IbiijzEhqz-qxiFTNg42x2Ow.js
Frame ID: 66996860D23BD2E41D26B13A69519DFB
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?ri=0010b00002QLYzgAAH&ru=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: 909D67B9EA3ECE73FAF3EDFC15B72CE6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ice Dodo - Official Site

Page URL History Show full URLs

http://icedodo.onionfist.com/ HTTP 301
https://icedodo.onionfist.com/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

333
Requests

92 %
HTTPS

45 %
IPv6

55
Domains

91
Subdomains

73
IPs

9
Countries

9795 kB
Transfer

15451 kB
Size

44
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://onionfist.com/privacy_policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://onionfist.com/terms_of_service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.instagram.com/seojoon.y/
Title: @seojoon.y [CLICK]

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://icedodo.onionfist.com/ HTTP 301
https://icedodo.onionfist.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 166

https://oajs.openx.net/esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp&cc=1

Request Chain 171

https://gum.criteo.com/sid/json?origin=publishertagids&domain=onionfist.com&sn=ChromeSyncframe&so=0&topUrl=icedodo.onionfist.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=zN5jrHw0MlUzYUZWeitBb0R4L205elVSclFWZHFHbzhnTUtaVml2QlM5S1ZHWFByVmUwVUdaVGRHSk5aSVdTRnNlYTlROE5EL3B3R0xEM3padXJ0bk1ianhPYWRJWXo3R291ZU1DbXlXWEJZaUxEVjJyaHhZcFN6eDFzL05ZMWcwK05jb1N3MGRTWVBxa1NvQVp1ckdLVENxQnUvL0hoeVNMRzgzdnprZ0F4RDVnWnFoVkxpK013K20wWmxSMVZHcW5xWXlxK0d4dzBoenNMOGFMNGg5a1RTUUdyK2lkcjJKbUlWcHA5UkM1azJZR1I5UWE2UFZaNEtkN09jS2lHRUR0TG1mR0ZiSkR2UHdKRE42NkcrcFFZb1ZTbnRwRXVyS0gxK1ljT3p1MmI4aEZsRT18&cppv=2

Request Chain 186

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 191

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=afa0cc2e-77ed-43a7-9aee-b6ffe6c40e87

Request Chain 192

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid=&dcc=t

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEIwc_ZGG3q8Nz8ieXqDeOnk&google_cver=1

Request Chain 194

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZdDw2bmqPTsAABeMABmKQQAA%262238&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZdDw2bmqPTsAABeMABmKQQAA%262238&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=73df5e9b44e1419492bc0c9254626b2c HTTP 303
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw HTTP 303
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw

Request Chain 195

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZdDw2bmqPTsAABeMABmKQQAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=ZdDw2bmqPTsAABeMABmKQQAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

Request Chain 196

https://match.adsby.bidtheatre.com/indexmatch?gpdr=&gdpr_consent=&us_privacy=&user_id=ZdDw2bmqPTsAABeMABmKQQAA%262238 HTTP 302
https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=9eb6ccd6-a439-4403-a779-5fd60aaa17f0

Request Chain 197

https://trace.mediago.io/ju/cs/indexexchange HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1605e69889c8be7b2bwnha00lsqde14a

Request Chain 199

https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=75ee2047-7b4f-4d29-82f2-95af447f25bc

Request Chain 253

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

Request Chain 254

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdDw2bmqPTsAABeMABmKQQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

Request Chain 255

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBJFUJ27dma4YPsHSY7E4GE&google_cver=1

Request Chain 256

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM0NTcwNDE1MDE3NDQxNjUwMQ%3D%3D

Request Chain 257

https://csync.loopme.me/?pubid=%3C12744%3E&gdpr=${gdpr}&gdpr_consent=${gdpr_consent}&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dloopme%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D{viewer_token} HTTP 307
https://elb.the-ozone-project.com/setuid?bidder=loopme&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=e8a63ac7-8293-4622-b00d-713ae45b5b8b&gdpr_consent=${gdpr_consent}&gdpr=${gdpr}

Request Chain 268

https://securepubads.g.doubleclick.net/pagead/adview?ai=CgCEd2fDQZazRB9D2x_AP0eCcyAbH64XUdfaSzcesErCQHxABIJHi5B9gkYSAgIwYoAGcr_uoAsgBCeACAKgDAcgDSKoEogJP0NNkZ1N63Hbvsjyi0qovKCCCqh3PryfX7CFkyUs8d-HTsPfAL8zmuKnKE667_a2SHCg8FzxWDSVQVm1QDxQ2hXHYdv3-OpGzYUI9vBec3kv7Hjplo84sXXr6YdQ9ESeYfVfbHuUs7WS0V93CPWMRFSB5EoHX6Bgv4hBc239nWSASs1VLK0v7J0q6dI_A2Ldy4gMk-jC9jW9Ltj2hjaxLX1GV2wSNgR6XNUehLjX4OFAWjjlX3dgFtJ9Dd6xbp3t891dKhj9MpkluyzUPrO8cmK-l89QNqS-km07vE0yVU6UR6xjmymePbCKBdOY2STjlo8jSAIy2MIibiOG86m3SHAbmkFiMr83SmfE5B9jdYW34pVXb-OvhCM-xtibTL6ZiXcAE39avussE4AQBiAXsruaYTpIFBAgEGAGSBQQIBRgEoAYugAfM0ITXAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4b2AcA8gcEENubAtIIJgiA4YAQEAEYHTICqgI6CYBAgICEgICEDki9_cE6WIvYsvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0mgnkAWh0dHBzOi8vd3d3Lmhlcm8td2Fycy5jb20vP2RlbGF5ZWRzaWdudXA9dHJ1ZSZueF9zb3VyY2U9YWR4X2Fkd29yZHNkaXNwbGF5Lmh3X3diX3VjXy0uY2Mtd3dfZW4uZy1tLmEtMjU1NC5hdS1hbGwub3B0LXB1cmNoYXNlMi5jb20tbmV3YWMuY3ItaHRtbGNvbnYxLmNuLTcyOF85MC5scC1kZWxheWVkLmR0LWRpc3BsYXkuY2lkLTIwOTg5OTc0MzgwLmFnaWQtMTU3Njk0MDI4NjM5LmNzZC0wMTAyMjQuLYAKA8gLAeINEwickrP49rKEAxVQ-xEIHVEwB2nYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMTU3MDY2MTk2Mjg2Njk4MRiQ_RI&sigh=hPw5gYGRDgg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_cKyK_ORUJyDtFawkqJMODUEWVG1mjfwaKaUwhSYUUP1HrmQpjKe9upGD3E7FjJjvZww6qOwP4Lsib5wllssHkwK4vAL84sg5XBgB&template_id=419&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213757703977636521844%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2202-17%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211351084735998840481%22}&andc=true

Request Chain 273

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 284

https://b1h-euc1.zemanta.com/usersync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Doutbrain%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D__ZUID__ HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=outbrain&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=&gdpr=0&us_privacy=pbs-ozone

Request Chain 316

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&s=pbs&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Damx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D$UID HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=amx&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=

Request Chain 322

https://sync.go.sonobi.com/us.gif?gdpr=0&gdpr_consent=&loc=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D[UID] HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=sonobi&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=5769215e-2ece-4868-9a09-2bc9879530dd

Request Chain 323

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D[RX_UUID] HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=unruly&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=OPTOUT

Request Chain 326

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=3090312644581042843

Request Chain 328

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZdDw2bmqPTsAABeMABmKQQAA%262238

Request Chain 329

https://x.bidswitch.net/sync?ssp=ozone&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=ozone&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Dozone%26user_id%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://x.bidswitch.net/sync?dsp_id=462&ssp=ozone&user_id=k-rRQvxpeEcFm2_PV5StClHA1DB41m1cuE6zqngA&gdpr=0&gdpr_consent= HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=bidswitch&gdpr=0&gdpr_consent=&us_privacy=&uid=a746dca6-052d-4715-9677-9ca36c309241

333 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
icedodo.onionfist.com/
Redirect Chain

http://icedodo.onionfist.com/
https://icedodo.onionfist.com/

4 KB
2 KB

683ms
271ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d42fe173d2fe56ec066870dd43c69effc0d4eeaadfb0f3f9c76952a80ed9f68c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 856fd8ddfdaf81ec-SIN
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 17 Feb 2024 17:45:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HiXyzZX4L1UhirUR2srvbFK4QUHOeWbHCBKrjGHAGc1UsVQRQPjUnaDYl%2BrlagwRSye81z%2F90O80iCeqUDccY7S6Gy86QHEfm4aM%2BslYUfuWOXKFcRZsAFgxrsbOBXkSIaMNvJNcE1AwilJ4pfo7iZmTh7Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 856fd8d99fe68207-SIN
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sat, 17 Feb 2024 17:45:58 GMT
Expires: Sat, 17 Feb 2024 18:45:58 GMT
Location: https://icedodo.onionfist.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H9ivp1%2Bf%2FId9rRgxvKS98s1kqU654%2Bg2cRr4v4q3H8gH4zNym0lfL26cWV2H8O9GTFt%2FpGlCqU2YsgsepWwkLyQo6fLbUB0ubw78YCuPmksxgPhgIptulhotwjxVhFZijFbQgkCdPfLoW0w3qpI7I%2FDI85o%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 204 KB
75 KB 80ms
34ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FMZ46HP0K6

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6d3940fcff9b3f3691285dedd97063d5f6518f3e6f88d94a7f9525f241def1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76617
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 17 Feb 2024 17:45:58 GMT

GET
H2 200 tag.min.js Show response
api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/ 645 KB
196 KB 98ms
40ms Script
application/javascript 2606:4700:20::681a:3e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Requested by: Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:3e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e1f8443ca6c54198ecf9de819d279c5cf64f08da7c49e1943b865c49395ca0f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1669141
x-host: adinplay-1
last-modified: Mon, 29 Jan 2024 10:00:52 GMT
server: cloudflare
etag: W/"65b77754-a13dc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zYH4Pm7C33Jo5reXUPvSSlQkfPWJyWe3hyXKrmif8P%2FwSj5AnDrVQrunRQpNvFZdg2UrEaMSUQxVsVdMNuWzjlKxTLAoNIUcP8TaI0OI2hne%2B%2BVMXC895QKR3%2FvNDFqdKqxdRv8yp%2FXpfMn5Sk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-credentials: true
cf-ray: 856fd8df5c233828-FRA

GET
H2 200 index-4aa39886.js Show response
icedodo.onionfist.com/assets/ 140 KB
51 KB 271ms
269ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/index-4aa39886.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07a8814a5b06c38c54daebe2da82d619c02f8b42df6621e1bc530bc208357f37

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"7edb9fc86665433cddb04171a8619aae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX7dBkJeqBb0KCrA6CbYA1fK2MNghWoKLWfVWo5N90G8JBBI%2FLsL5OUtrhQAFHy8lLe3Wd71kBUxcbMKyH9eHYIc1rn%2Fom9b6R%2Bq%2Fbw9nealisLLe70Nl3NDmw6zauvC2nQ8whho4uU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb8f581ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 index-f72ba901.css
icedodo.onionfist.com/assets/ 11 KB
2 KB 256ms
254ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/index-f72ba901.css

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f72ba901357663dc0208eeb769861373a170349659bb46240ee6c82bb00bc904

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"817fc4da88cb2838fe48d3aae216f620"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRqMGKoi2oTqSo8k5mGfXU%2FOWL2mloShrfBK9bbnjoe3uXyWBvfJW5s5iaGCS6Kpw1khhcWSSF2W9uEWwfTw1AFOlzla%2BL31hct688XAOfSybTJ8WGaUDgWS85CtGu4KCsehDpbQgUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb8f381ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 babylon.js Show response
icedodo.onionfist.com/libraries/ 2 MB
387 KB 458ms
456ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/libraries/babylon.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d910a41d3f2e46b1983df5f450165dca1cf8b484d165c4d26b2d88514b98f0f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"c4b8f61e88c1e7ce0170ac529b7b8665"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Oy2JbdemRElrmyMXiLVD6i1jld%2FXnfc4NAGyAWRHmQNBbLoooL1Am3CcQg0OWh5LEl%2F1SZdspyt9o2u%2BmXJ2t3XGh5zIPBC0QdtdDlf7qaYIWf8Tan7isG%2FaDoJCj%2FFOLvVvONTqvY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb8f881ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 fov.js Show response
icedodo.onionfist.com/scripts/ 653 B
602 B 304ms
302ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/fov.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0b40a0e26aa96da3791fd2dd16315fd2fc1dfe8817f032ce49dd7b37f0ca290

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"4f6c991d6d948e05c540d93e68af0884"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MV659izQq65fWm3veyoJA3l3eMKXysth%2BVID7QQFnbyhmL5W8iOWDVOUDinNgXP9ZJwrAs0sW3KYKqY0aHoD%2ByPDIKti1SyOJg457QGttRCaSZF%2FYcOLejcBi%2BYubIcYq1afkzOSRFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb8fb81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 change_state.js Show response
icedodo.onionfist.com/scripts/ 789 B
665 B 305ms
303ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/change_state.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07b56bb0474f3fcc2c98de80273cd04f5c6533563f93f7061bac13f2aaa8bff9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"c9825ed555f401b761db1c821e0ef6c9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOC9fjhx4QdapSx0tHRHQTYESB%2BgdlE6%2Fr9K6uclQr1glHWBpxnKdJR8cUgwE9lligY7Up7cIiN4YL6jRLJY3w1rAkEDJVZdoUonNulXm7OW4vV0oagXKXMnngAP01xi5KwyKVV2ies%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb90181ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 decorations.js Show response
icedodo.onionfist.com/scripts/ 8 KB
2 KB 304ms
303ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/decorations.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb91a72a2c6a3243678074a338201ebeae386e02c780676b826a44ee9859015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"fd09a323884c8bfcc8ef20e994f400f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l4IGrOi46u9FLrd0HvJLnLP4mq0WfRZxpomBhh8mQfHzip%2FmWpCuj3K7%2FdkAmyNM33xwdcFmougsmIcnP04k8gZXEeb6PMhGthZ%2BQfHTln7Tey8qikueAo39dvA0riIlm%2FK%2BNc1EMtY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb90681ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 maker.js Show response
icedodo.onionfist.com/scripts/ 10 KB
2 KB 268ms
267ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/maker.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00bead1ec2bdfa7a0d5a404041f133bfbdca1c4613a0de7c55b2e4d2b267ee6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"55e239a1179357fc1c620de524956d8c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tE6wNEdMYFr8cSdSvsXLgMvVxJPSxDSJptJDnSgptTqsm5S0pb4Od1XUc2%2BPdwYfnZDlYh62fMC%2FXO3xHuVGlSBhUqDlKXUAbP6zFeSN8GnFTMt4TmvZwA7MsNLVtHGJVzekZrsAL9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb90a81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 alias.js Show response
icedodo.onionfist.com/scripts/ 5 KB
2 KB 477ms
475ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/alias.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ffe2a727695724479ab9727e5a993e0c1b22ef92ffcd1f6097ab5ebf271c030

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"3efbfd4f626ecc1f9a3de20feeb40de4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nK72tdehC%2F1hBEeU%2B1zgB0rkZdFNAcQqG0r3l4zGjq2OtOFR%2BWhlB7x8JQnk6sCJ83NfcDD%2B4E2GasBKS2SuU%2FaZaZOWEcmUpavqG5lkGpxS25C41r6PwV5S0ziGHsH2h4N5YqrdiY4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb90c81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 const_controller.js Show response
icedodo.onionfist.com/scripts/ 4 KB
1 KB 259ms
258ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/const_controller.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e04d4432638d24c029f5d79cc581d98c2c8f9c7b9912f9811dde3d1ac7f509f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"e751c16191a5f3db963628b82de5bab8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1beA4Xb5G9ffLPcdjAsl%2FpGaOpjX%2FfCPaXxUyZaehyeNQnAXGxo8K0bLeJM8bvyx2bDpfSPv7fetJ1jZkF3N2vudUVmo%2FaO7kcqYl%2FYTy94qaYsWR%2FK9DJPv1WfljYhnIDKAjASU0Go%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8dfb90e81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 cleanup.js Show response
icedodo.onionfist.com/scripts/ 1 KB
691 B 496ms
495ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/cleanup.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6587ca701069ab74cbd210a6b2e16d125fe26e0bdfe7adb83572334c1b061bd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"438e8880f1e3e296235b8bdc20adbf02"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMEeuuAigykS3rqnoAXjMaDabqTW%2BSeeXF0Jr8BSbaiyxg6ufcWLT3NybClDeSVtbtdxE4jKBg4tQYXtihsKiVr1sAX%2B01sgJC%2F6opiYyAiCvHLoj2Q4BEduBI4smzlOu8V%2BYrue5%2FY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e0bae581ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 start.js Show response
icedodo.onionfist.com/scripts/ 3 KB
1 KB 496ms
496ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/start.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81652961859d57567a0f729d1f60cb5c62f5e313b241ede8813ce3f0356c9777

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"62ad2222b6262196e308307f0c095f00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2F0qYpKB6dxoeuK9l%2F5OYzBvmt%2BZE5373l8XctL2DLWrsgjaauLOfgjrUOR12hqGiRQTrzBRupiSyIr3MgBZY5e7pGjOjBylX3XqSmS7ZF8MdDNVV9n4YOn1glBa2zH1ADJCPaPDNIk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e0bae881ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 update.js Show response
icedodo.onionfist.com/scripts/ 4 KB
2 KB 495ms
494ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/update.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f735c375a2c11a0b5d4e5bb5d0427410e710bd7ca2822ac38c80f166ce6c3d9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"373388eab07b6d67af4ca64d5ae92c1c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMxY9dyCt0rE7n8m2pMBcMoijfYQcys9sk6PoK%2Fa78PXS2c2ePSuTl2EBJulcG6l5tSSjluMSLxw%2FkfADd2vSCWEg4OiS3jszggApiKJAMd8ZFuJiLM%2BUGE0YlO%2BlgWuz0115P0ZT14%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e0baeb81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 flyjump.js Show response
icedodo.onionfist.com/scripts/ 3 KB
1 KB 495ms
495ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/flyjump.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05c01a014da4ccd84595d3b23a2ce7afd4bf944054ec0cb979feb6dbe64b61ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"77ead9ba6a6d734cd5f1d192a43c69ae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0QI%2BtF4s0Z6DjGay3AXHJPDhDz4bKpR5GJCABUYSQipBDTmOJ%2F1tOHdgEx8xa91wuRkHhMWCIeGe3d5e1tdPOs8bJNdsA%2F3rIK0Vm2EQYTN7Ow83kfwvLmmOe0kpHukBkAXmJxnPxc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e0baec81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 boot.js Show response
icedodo.onionfist.com/scripts/ 761 B
632 B 496ms
495ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/scripts/boot.js?v=0.175

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e69ebb618368cac570852b227972d9b0ad88d1d263af768621aa0c0e337d652c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-cache-status: REVALIDATED
etag: W/"54a8ae54d8c77613c7fe055590fe20cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FuXydvMpskfQxCxCCNJelM2lMLaqG7ZTtfJDSttnwxRjs7YRajwKI0PaBoo%2F6Ukcy6imSKp0%2BCSPYG7DilbvrOfXO5%2BKwlkLAugIl1ul9omKIMLwF1wtBvVIk8j8X4SxLMRAUdU2lYg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e0baed81ec-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 116ms
76ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://icedodo.onionfist.com/
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:58 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 856fd8df5f383718-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 47ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FMZ46HP0K6&gtm=45je42e0v872045646za200&_p=1708191958889&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1455867885.1708191959&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708191959&sct=1&seg=0&dl=https%3A%2F%2Ficedodo.onionfist.com%2F&dt=Ice%20Dodo%20-%20Official%20Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1494
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FMZ46HP0K6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:45:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 script.js Show response
cadmus.script.ac/d1r100yi8pmbig/ 132 KB
46 KB 90ms
31ms Script
application/javascript 2606:4700::6812:1791
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe3e26a2458472a8567fd7ca96d83b9f1cbc77959604f9a2689a83683cdb3cb0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: gzip
last-modified: Fri, 16 Feb 2024 21:40:28 GMT
server: cloudflare
age: 0
etag: W/"2a55383a823a4f374afad98852f461177f091987"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray: 856fd8e068d03615-FRA

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 76ms
27ms Fetch
application/json 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20240217

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f20567ce6e05417b5fa8e631d8f9c93d9bf24da7a27a659e8c778eea530aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6311
x-jsd-version: 1.0.1969
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230103-FRA, cache-lga21922-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"641-mPExlwdab6vEWaM4/p9N1HkBaQE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zS3QJ8VBRMmmekvcpQ3BStuKZh0UBjy75ceqLWqW4rAwn8%2B05uhAZsUWnbqpJT0H%2FdCrcuaUoov7N4IlMyBYTxYC8yQ9A%2BAXt%2Fh7kZvlB4E8qljd2%2F%2Fix3fIGlubCMZgHnOo0qkhySE2kifZdGw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 856fd8e05da465c7-FRA

GET /
country.adinplay-venatus.workers.dev/ 0
0

OPTIONS
H/1.1 200
OK collect
stats.adinplay.com/ Frame 0
0 48ms
14ms Preflight 93.119.15.97
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.adinplay.com/collect
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 93.119.15.97 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 93-119-15-97.colo.transip.net
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://icedodo.onionfist.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, cache-control, Accept, Authorization, Credentials
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Sat, 17 Feb 2024 17:45:59 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 97 KB
29 KB 124ms
59ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd2b37d485552bb52ba9cdaeda41308544b90c532e40e62dbee3cfa426f4814b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29447
x-xss-protection: 0
server: cafe
etag: 358 / 19770 / 31081246 / config-hash: 11148296534494914191
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Feb 2024 17:45:59 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 380 KB
131 KB 126ms
53ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7274ba10554801c2589a0461ef72855be2ac1463f95598dd237822016a4de06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133089
x-xss-protection: 0
expires: Sat, 17 Feb 2024 17:45:59 GMT

GET
H2 200 tag Show response
btloader.com/ 81 KB
24 KB 82ms
33ms Script
application/javascript 2606:4700:10::6816:4ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5130683165442048&upapi=true
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf8929d75ef1bee42a0e57beb0d701844de17584014cc495178e8d3b0bd66f8f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Sat, 17 Feb 2024 16:57:16 GMT
server: cloudflare
age: 2832
etag: "24ef94335484a380697f07e84ab8e34a"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 856fd8e05e7dbb3b-FRA
content-length: 24640

GET
H2 200 adsbygoogle.js Show response
api.adinplay.com/libs/aiptag/assets/ 16 B
373 B 27ms
27ms Script
application/javascript 2606:4700:20::681a:3e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.adinplay.com/libs/aiptag/assets/adsbygoogle.js
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:3e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 351b4bae56595d6878b3ffd7940ac231a0a85427f4cb1e5adb1952b71998f35a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1669431
x-host: adinplay-1
content-length: 16
last-modified: Wed, 04 Apr 2018 16:13:25 GMT
server: cloudflare
etag: "5ac4f9a5-10"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pa8LopoyNW3sgOTzpXh5ncmG31h5ltOyJJ2JsRmFjbPSup6Q6ZeLieNjMA%2BvJgEvuLY8xKH5SMTlTF%2FkWLeeExjw5KsYL1i%2F9bgCycbNb8SDN4aTtU6X7kL3lkpRJwGsEqJnhB8CbhS2SZ35ubU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1800
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 856fd8e00cc03828-FRA

POST
H/1.1 200
OK collect Show response
stats.adinplay.com/ 0
909 B 15ms
15ms XHR
text/plain 93.119.15.97
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.adinplay.com/collect

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

93.119.15.97 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

93-119-15-97.colo.transip.net

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 17 Feb 2024 17:45:59 GMT
Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Permitted-Cross-Domain-Policies: none
Cross-Origin-Embedder-Policy: require-corp
X-DNS-Prefetch-Control: off
Cross-Origin-Resource-Policy: same-origin
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 0
Referrer-Policy: no-referrer
Server: nginx/1.18.0 (Ubuntu)
Cross-Origin-Opener-Policy: same-origin
Expect-CT: max-age=0
X-Frame-Options: DENY
X-Download-Options: noopen
Access-Control-Allow-Origin: *
Origin-Agent-Cluster: ?1

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 164ms
123ms Fetch 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5130683165442048&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:45:59 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
920 B 82ms
27ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1087791
x-guploader-uploadid: ABPtcPrkhG4u3vimkxqrGBRR6E7-3rnw0FzfTGCq0WxfaHn2xiTwxAmm1u_Na4KWtyxBcFNUqpbIRdywkA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Owvs9JgfoTzAYEfrEJf7suHVMB4OFkYkWUMLp48nSZKCbFAkc42Shnub%2BpYTWXmwHSJgxcMYrB4vIE0qL%2FYaQZfKIrB9HQz6drCsy69QwOFwkq2vtE0bGQcJiagx6B7ekk4yue2vrTp9Fv%2FygQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 856fd8e0fd9a30d6-FRA
expires: Mon, 05 Feb 2024 03:49:51 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 100ms
22ms Image
image/x-icon 172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 08:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32379
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 18 Feb 2024 08:46:20 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
339 B 84ms
28ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7992521332079536
Requested by: Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1087791
x-guploader-uploadid: ABPtcPrkhG4u3vimkxqrGBRR6E7-3rnw0FzfTGCq0WxfaHn2xiTwxAmm1u_Na4KWtyxBcFNUqpbIRdywkA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cXpMmYTwG5dnCzZjlMdJbDPYPErfTs3ja0UdBmWpoThf7e%2BQlCJ0FTlllVYzymrUl2M%2BaBGkuBeeOej8uLgQvTMJUFoMTidvuy%2BkCZK7op7pwYtBV0ey80WDSac4lSxLYEbotgbfuFXInf%2FH3g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 856fd8e0fd9930d6-FRA
expires: Mon, 05 Feb 2024 03:49:51 GMT

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 100ms
100ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 144ms
101ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://icedodo.onionfist.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Sat, 17 Feb 2024 17:45:59 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402150101/ 429 KB
135 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402150101/pubads_impl.js?cb=31081246

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f530dc6724889ca2261d21dc7a8a8165e025a77aae89905249de90eee518287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 11:31:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22471
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138090
x-xss-protection: 0
server: cafe
etag: 14352082441515359041
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 16 Feb 2025 11:31:28 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
132 B 121ms
120ms Fetch
application/json 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 61eae0480dcc464beb4cd150bf5b44a5e0654919abd845f74fbadf913876f1af

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 120ms
120ms XHR
text/plain 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=U6gdwSGXUP&w=5144889781649408&o=5130683165442048&cv=2.1.34-1-g246a995&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Ficedodo.onionfist.com%2F&sid=hpBuvK4m&pm=true&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5130683165442048&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:45:59 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H3 200 VSingleplayer-5b0937ce.js Show response
icedodo.onionfist.com/assets/ 64 KB
18 KB 242ms
241ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/VSingleplayer-5b0937ce.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2701e9dfbba0a3b6b0973610e9ecb3047d6c66242730dde294255e699c26bda6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ac94c5411a4f138c807aad02bb1e4800"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeDQinw9wB0DnCPcENIHzsM%2B8qb8ZQRLvvx1rU52InSVjX04nPBQtZ7UpMSOP%2BKMyaOte3oafOSjn0Fm6TVKJ5r6ufCGG43d1DC%2FYLWXzsw%2FGMKbLD5ALpotQP%2BYj0cDgw3rRTsbhP4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd8e898f-SIN
priority: u=1,i=?0

GET
H3 200 CompletedMapUtils-7d481307.js Show response
icedodo.onionfist.com/assets/ 2 KB
1 KB 418ms
417ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/CompletedMapUtils-7d481307.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45cba01e7b1bab38cd7813fd607e2238e18432129a02fc71bb07feab7c447daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ae611a56510c3bb8e02290b96e291c28"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bo1Vv5kBXh8WYwkyegKApxcdlPuMZBk0Mf%2F%2BugdsExwTkYj0J31JP0P6paolNoy%2FVVpfOhWO7vF6Z4c68Q%2BD7I0LXxCg%2BZ66DIso7%2B7GY3eeMBnvgVwEsl7l8XE0dqBNbtF24amp%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd92898f-SIN
priority: u=1,i=?0

GET
H3 200 SkinUtils-f9a379f3.js Show response
icedodo.onionfist.com/assets/ 9 KB
2 KB 590ms
590ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/SkinUtils-f9a379f3.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503356fc833b6993471d90111a7c91857956c272eb391944fa26f52304d6ba03

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"4cf6fa1a38dc2da82148bb28d9d2394e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZNdrDul6OogVDHbEo9nWBC1%2FMwUTBUAmiQElnBMxFkjiH03V3KoqBbzS6vLjhJC1ZTJIf0PrKIivTmzgyklKpgljEFvWTOTuGNgghoXAm3gXS371OXF4p2pQzIrYNb2zhsYPkzat7c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd93898f-SIN
priority: u=1,i=?0

GET
H3 200 drift_enabled-5ab2ce45.js Show response
icedodo.onionfist.com/assets/ 267 KB
74 KB 591ms
590ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/drift_enabled-5ab2ce45.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

403e0a9bdb3451791dd998df02a43a7153af0dce1aa9837b7a98805da5c98b5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"b450d80a4b87dec3673d5bee8817a2b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ty%2BFBOHlP5KJ6ivZSsUhn7fD3uKrGAptUSL2NgRoCteT8u9Vy8IZBzQ21hqu%2BHnYBntEWKji%2FFkdj83AOn215jNqFlg44dFIcWs6FF6McMTNPpok9%2BURHZ28LvNuNgv%2Fh1FRoLd%2BFd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd95898f-SIN
priority: u=1,i=?0

GET
H3 200 ApiEndpoints-6ecf6ed0.js Show response
icedodo.onionfist.com/assets/ 1 KB
1 KB 231ms
231ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/ApiEndpoints-6ecf6ed0.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1874406eab19c9c85668ec54fd683a32f2d5cbb4502ef28e5e036af032b473

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"4566a3d844c0ababb9d676f5073c06ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nDwSdwthnC1bBygrA6quN%2FjYNtcnOrCr1g61uzpmhovorgb2%2Bko0eNGdqKc1oG6sEY9Bd5dvvTRfszuxiJyN2lltpfQhojUIzPbwvOGxt2vPE8pppPeCLvNLDj0dannDW24zyG8pjNk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd97898f-SIN
priority: u=1,i=?0

GET
H3 200 back_arrow-cfdf76e9.js Show response
icedodo.onionfist.com/assets/ 54 B
574 B 772ms
772ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/back_arrow-cfdf76e9.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bba322c8b41132a5f26b6be9c4ff8faa2e45beacf9d43a12a50a4e0bc73af3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8f5e6ac4c67bfd41f3412e5d355be41b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETmgkBaQXKyyORMXbBK64URIYQVR8aRtdqhLng%2F3b7Vg3G7Q01XqtiDlByL0QnBLySl%2Baikc0v7bwHjrsfbaGjYDjqlNMuZtJQEHSIKb6GxtlZsr3DnQt2PpTpI7IeDWsP0Gb8FDDi8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd9b898f-SIN
priority: u=1,i=?0

GET
H3 200 VSingleplayer-84f28d66.css
icedodo.onionfist.com/assets/ 87 KB
9 KB 414ms
414ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/VSingleplayer-84f28d66.css

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84f28d66dcbeba45f8c4a70ecb2c6108f4b61108675c26744675907c27ca08fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7a0bf9c1065c24ac6d7260fab0af9874"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQgGW%2FHeCF1lMaSCRnr9RC5o6NKATkZdOmLhKEfE8JIO1BHprjBsMZvv8NGUic4zuIhEgORWanhMpmxc%2BjpM2lT7a8itKbJO14thotJQAUn1lFJFHbyzW8AAeeyLEgQEP52tqglfMhg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd9d898f-SIN
priority: u=0,i=?0

GET
H3 200 pixeled.ttf
icedodo.onionfist.com/assets/fonts/ 13 KB
5 KB 413ms
413ms Font
font/ttf 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/fonts/pixeled.ttf

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/assets/index-f72ba901.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eced75e72c897a68978a797ecf1c25c593e742d8599fd47bc7160342060df01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/assets/index-f72ba901.css
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"c75d30e620f26d841590c9d2c54d11b2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2bpKlrMa3FwJVSAieO4aODuRWLhRVzsFmMW9vSaSV1QNORlXAxGL5JrSCCD9PdJL0RrP4gt%2BAu9fKy0tvPnX%2B%2FdMzLwzmg481T6P3f2WMu8F6q0n1iEAao4s%2ByIOxhcIbAg9tG33Ks%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8e5fd9e898f-SIN
priority: u=0,i=?0

POST
H3 204 rum Show response
icedodo.onionfist.com/cdn-cgi/ 0
144 B 349ms
349ms XHR
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/json

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://icedodo.onionfist.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 856fd8e89a01898f-SIN

OPTIONS
H2 204 sticky
icedodo-api.onionfist.com/api/ Frame 0
0 222ms
134ms Preflight 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icedodo-api.onionfist.com/api/sticky
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://icedodo.onionfist.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 856fd8eb4828f1a4-CDG
content-length: 0
date: Sat, 17 Feb 2024 17:46:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ze1Ucs0bE76dDH5ZrknjTI0e0TFrcx%2F%2BJY9L36D0xL8iAVidSbQ7sj3%2FZMV%2BNcn1%2B3oS6m2Ox4qWFK6zbqAuhV5IB6SdmQaErzFBYP8bKr%2FV%2FfbA%2FbiHpWpMthAG7kbh7zWFNRl7hSHY0n5Alh6zPklSM6wvBgDm"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Access-Control-Request-Headers
x-powered-by: Express

OPTIONS
H2 204 brew_listings
icedodo-api.onionfist.com/api/ Frame 0
0 210ms
122ms Preflight 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icedodo-api.onionfist.com/api/brew_listings
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://icedodo.onionfist.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 856fd8eb4827f1a4-CDG
content-length: 0
date: Sat, 17 Feb 2024 17:46:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7cJ40pqk8R%2Bm4HIX%2Bvzd9GX9ZE%2BLm%2FM5%2BMpGm9EudRO0%2FlNK8z138%2B%2F%2Bl9SV7pKnqrRKcTuHfweuuOYkjwn%2BcjFQEpqoq3jQjzYB%2BhA3jdX4e5WqC3GIepUU25G5MCnBeJmjKoxJ1QvR%2BS00DHfXR3Nz4r7obCn"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Access-Control-Request-Headers
x-powered-by: Express

POST
H2 200 sticky Show response
icedodo-api.onionfist.com/api/ 39 B
358 B 126ms
126ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icedodo-api.onionfist.com/api/sticky
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 212e69a72b5ce406cbe56e64866da4e7941c454dc875018df88f99cbc7c2412b

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"27-3P9ka3D46P6RUyyLmDZOIaeYIsM"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwWv8WBqu2TI9%2BbvrDQpLVB3bEzoRI6H0xJMoaa8cHohSU6He4tK7mrhWIAEPKcjdrdULIrKBI8vcLKtI%2BlYK2LsicgStUzGc983ScXsS92UICx6l1I2B0uUeGvZR7c96FK1wJPd08yh3IAj4YlD1NyfJjqu5TLv"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 856fd8ec190ff1a4-CDG
alt-svc: h3=":443"; ma=86400
content-length: 39

POST
H2 200 brew_listings Show response
icedodo-api.onionfist.com/api/ 4 KB
2 KB 128ms
128ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://icedodo-api.onionfist.com/api/brew_listings
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a80401b7c3e77c80a5fc54e9b41562e3cd2532ac1c5d0d0e1d4b2b48ea3fa449

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"fd4-JVtksBt8UyP/KL+3TzXR3zmQ0RY"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oO6%2BOwa3RXtSpyldNoVJGDwHsJmgVe%2FKkzaKovTYw26Op8mCfP27Uzjgo%2FvtAeni1nLBUeMMMcZj19PGdeFqnm1bb%2Fgp2pel5XwTRDdZIl3Y8LcwUxdJd9un0FAUea5LIAQC5xrgA7RmfW%2F%2FGwTG4WHvTI2cBVGT"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 856fd8ec0903f1a4-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 sound-on.svg
icedodo.onionfist.com/assets/svgs/ 794 B
947 B 257ms
256ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/sound-on.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0b33b627a1f0aadea568e31ce72b48725454112e9e04b18718d77ab0bc8f04e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"1ee905296502e574cb6294e764f8d241"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ScjCnCrOrtYvkMrFrKr7aU8oo7SufrD2NfZTSNBunICa9bD%2BlvSr9f8IMB16Pv%2BOxtge5Tgh3RUCbRLbE7vAAVzbhdO7UXVD0JwLSWtg6z%2Fuqk0RW%2B5%2BI8Bg6lZEyE%2FkoJ0B06kSFiM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebaf25898f-SIN
priority: u=3,i

GET
H3 200 arrow-left.svg
icedodo.onionfist.com/assets/svgs/ 311 B
741 B 2461ms
2448ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/arrow-left.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b3e60c51fb720dc3b2cca549093cf8c5a82632161e2353ad7fae30a7c03c0e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"45282ec6955dd91b487f3c05274cf436"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=160SEqhcxXltSHuNsRO6AxIz53PbBjZ0VddKLZC8%2F0%2B1674QZqNI3u%2FW0qPOjaj99AQGE8Fb4xyASomasBr16QHIZyYa%2F%2F6PUdS3Vlehw2cLyD5Ix3s26V8VCh6pV4cGvqPb%2F0xnd2c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf36898f-SIN
priority: u=3,i

GET
H3 200 jump_enabled.svg
icedodo.onionfist.com/assets/svgs/ 376 B
767 B 266ms
253ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/jump_enabled.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

267e3d136401cb98ba047585892fa819be7f88f2bed901d74d0f0bb587f4523a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"46f2efb6a77ca6d4f79f334db08b4f79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yi%2F7no4IHR%2BHH5AnmkzHjwjaQa2HkrPBCNycCa3ER2Kzz0U9t6OAEQXeRpFUnIv3rvs%2BhF29r7oKrxjILP%2BuPoIYg26Hpx37qhsdCl98HvwSP4%2F2w4vcGJ9qX7Dh2MSjfCPG%2F7aYwpo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf39898f-SIN
priority: u=3,i

GET
H3 200 controls_reversed.svg
icedodo.onionfist.com/assets/svgs/ 453 B
784 B 258ms
245ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/controls_reversed.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

010839eea18fce4acd0940e276d8256b8fcdbced6235f6b31aed0cd10220b886

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a33bb2997b5935565b8a90b23fde9905"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSRTB52Zxx%2FKLKSVFOBjZGrFVnu3SaVnU6uYDhjnotfIJz8dFuKaiFApviDLww5K1vsdwnYbrWjbw8bwGe1KFdjr8%2FxPwujywZ17fHEPESfwXMDevS5EU8eCTWRmXT9qZRSsY58bQPs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf3c898f-SIN
priority: u=3,i

GET
H3 200 drift_enabled.svg
icedodo.onionfist.com/assets/svgs/ 375 B
764 B 255ms
242ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/drift_enabled.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f4dbde280c79f74bb5644141fe0a77de44ea8c2b75a19c67a999c81d482915a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"47ff2f631702ce6000a45cff022ad51e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xi%2FNmrwFa9NR6DdTQeBEaGiZKGjo%2BJcizuyvrh0hv5S9c56zcmIMETXDgkWjUFYIx8YCMrZQ0VJvfOYoDuVJ2v48CBOix%2BAYZ7qInxYRlP5W6bqJyBHdKOTbdE%2FTKKoO5zljtfUexo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf3f898f-SIN
priority: u=3,i

GET
H3 200 help.svg
icedodo.onionfist.com/assets/svgs/ 793 B
965 B 2462ms
2449ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/help.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c10acb0f008a8acb53e850596442e990b452d16d5e6650091e69d57a3b22bda5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"6c3492cfe0256e08265d50e56fb4b05e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqFUgC50tRCiNrsAHwF5RpD8jh%2BOvyjWIhPHpI351PxGN4%2BCzAkIvfqhTDdxERw3wmxcukDKY4Yv%2Fu4av4k6QOhvCcOyYCgg%2B0QkgBHFxTsmo7zgzxVXRPMC5edENmfS8VPMVHc7e6s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf41898f-SIN
priority: u=3,i

GET
H3 200 info.svg
icedodo.onionfist.com/assets/svgs/ 467 B
782 B 2462ms
2450ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/info.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e15407b9884b29fb9f59c29de2949bb525a2fd9a720e71e079c197655a098da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"0ea57da55e1194785a423c2da9d314c2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1PEuL1JBWP4kj3Gk5S4pTCWxJal%2F964%2FrSQFmvkGGTwecFLtNBz3G2KqFRk185iQk01b%2FbJEjjHm7uG5FSApmL1RTabRptKIrCK7JtRpTuajlPx4Y1z3%2BfXIJ6xJGwUhkJi84WrkJ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf42898f-SIN
priority: u=3,i

GET
H3 200 skins.svg
icedodo.onionfist.com/assets/svgs/ 428 B
798 B 2463ms
2450ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/skins.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be841fb1be621323169d606ebcb933b6df2d7e732d4d65914ee302da94b69b12

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"cdcbdbe5efd38e58842bd6a9acd9c82e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=THnaWpHzfBIBWxq3R%2BBMjjAJAEWvOYM%2FGeZmNC5Sk8%2B3wi7GUirqSpLvfhs2NBKpoyvsrbB9xtXx%2F2lWxoml1Rmy2TisEJpAx0oURzrXG49FlxQBQhunpKuyYMqpZR2AKD%2F5cK8M%2F3Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf43898f-SIN
priority: u=3,i

GET
H3 200 settings.svg
icedodo.onionfist.com/assets/svgs/ 819 B
923 B 2464ms
2451ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/settings.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85efcb9d3f90c54792ab11ffa434e7238e6eec17886ed55f9d711a1b01738f38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ac3e55864c88be4cd4f5d2267f268dd0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4abDol3dp1WCBZMvfhG%2F5TalR8kXBHQ3%2FWunymvfBcpmgYwI%2B34yzUaR49xJfc3pR0ZVqK%2BytaDdm1eNMXvTWaDy2B5yQ%2FZpXxAemGbHv5jB2Id06Nkb4hwVujdnmN%2FobSNK7gsTfo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf45898f-SIN
priority: u=3,i

GET
H3 200 sync.svg
icedodo.onionfist.com/assets/svgs/ 582 B
853 B 260ms
248ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/sync.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ffd69bd741b98af80169262464f02cc942e7b9fce445d51873f685c6be7527

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"bb335e7bd918462162b44def082c4bf8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2fURIAPDCjkfbWxQDZFNy6SizQNVruQVz9vI%2BgIjkWzzzKJ5u0FrRyoyXeKcg6CpXgqnCfsi4iOAPzVbhX382kw90BcewMAhIUAi5Vm%2BlFFZlzCozaNLFcRqwrsqivelKZ%2BVI2NOTw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf47898f-SIN
priority: u=3,i

GET
H3 200 back_arrow.svg
icedodo.onionfist.com/assets/svgs/ 925 B
1006 B 2465ms
2452ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/back_arrow.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

763edbe61cf206714338a5ae0a3a6622a5e2c7f46cc49f22ac14af26075b0ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"370416c74542035e10dcbad53d371ece"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXZcJ5U95IZAY4MIt04rAhPjJl1PifqzRrs7POvugkULH0FcQn%2FZgUT5PRnJry9jFsWnyCkpk3Dk9OLMJeOa3ATvyV1d%2FklmXhX%2Fb6JgB%2F4%2Fi%2Fu1qiS2PwRzlwwcb0MrNTlMAWSaxnw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcf48898f-SIN
priority: u=3,i

GET
H3 200 newcomer.png
icedodo.onionfist.com/assets/skins/ 1 KB
2 KB 2466ms
2453ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/newcomer.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b268705bc5c25d2b56743f0fd0fe83c0f5c7704704c22b4475bfcafbb54363b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1314
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "d4da01e6f5f0f71a41d82a7718cbfcd5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xiSoZfZTanymbIacW6sgKRn8bRCw4ok5LVrdpDmucl08NxtLtYJPCFvPqgYZ8wtW3772nVT8VwEkwK%2Frqewio2xgURvAkDOnotnliz5J2kZX7pQ6PpmD%2BTH73PQhAm9H2JUiTwd%2FS0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf4c898f-SIN
priority: u=3,i

GET
H3 200 pilot.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 242ms
230ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pilot.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04b75088563e96412f6cd6570d62a7499012e248848c91d0b8696ac7ccc09b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8036
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "ef9b0fea346d4a4b6a5ca633b103286b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yC0xqy47QBbL%2BPUdlx2bxqc4pijChlKPETA6zhW71HQKs3sBSx889PTaKqrva71PqrEYbHZsvf8vqAO%2F2JvPCTnRpd9GBIR6Asuioy3e4tybCa2x7aMlntqviEGAkZN21yrnLCLf1ds%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf4d898f-SIN
priority: u=3,i

GET
H3 200 ye.png
icedodo.onionfist.com/assets/skins/ 9 KB
10 KB 252ms
240ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/ye.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8228fca6089db4c6665696c23fb99dac2632534ecefc32b281982e3ca5eb5bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9529
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "a4d33722a228e023f77d13739758ef8b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wOOqce044ZT4CBm5WpMEXkylOvAYoO3MlH8quz39tVxHLi8UQbptaQ3NOipjvbHZmQzMwGSAtO0aaD09ONxGuk8LDD2TyppiQcwrWB8YX7zAK8yPDe6PS66SpSg60oLK0xp2hcPNZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf4f898f-SIN
priority: u=3,i

GET
H3 200 jay.png
icedodo.onionfist.com/assets/skins/ 9 KB
9 KB 251ms
239ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/jay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bf8af452d156bb9f6e3e52a9ec955976cfb83447ff0a2b2e9267f8558c82099

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9139
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "413667136f8ff890da873d52d88fd8d3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cqo0QwPKiA2%2BGy6mF4djZUX8JNLtlec2W8tqpg6aTuvABpa1QnF5NYV28K0JZYXVKM%2FOBeLuURJz69bZ2h9GbLjEYMQxJFPqS3o%2FdKMhVht2kwXfxKYldbYRg1TG%2BZtETpnqRIzqStA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf50898f-SIN
priority: u=3,i

GET
H3 200 tim.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2466ms
2454ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/tim.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7dfc33f14801b0acd968b39d024c8a03f37dcc270eada74d34a9dd4a612b360

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7517
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "eb3f74e7e5cb825728615d384884bac6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzN6dC9l7AeTddacpYcv07AoEQjA7J7VHjyQe4NJh0ciJkP4apoJ5fwafAX3AAKXPILwlUKbtpHGdSvCJicYV5AgU0KKRoInBMvIqf9Ttp14e5ALbL57D%2B0%2BfyOOEG%2BpQzwdhgG1rq0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf51898f-SIN
priority: u=3,i

GET
H3 200 golden.png
icedodo.onionfist.com/assets/skins/ 9 KB
9 KB 260ms
248ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/golden.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1b5d8a1b9676f3ed3eedd876181b5092a19d2cc390aced76777558114cc43a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9136
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "89925fd1183ce75d7a5ab6ed6ee554fa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lyMcL1DscVEbZ94JCwNOQUm98JReSgWm6D%2FnQbYyCr8I4aErGnUR12DSfYrZ%2BlXNjyLcN7vOFl0g0H4U0BDNU5RDzzi0ZWe6b85REmwUGxAl3qNP0pSO7Zsqv6VCKLDsLSv8fdn%2Fgk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf52898f-SIN
priority: u=3,i

GET
H3 200 rocky.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2467ms
2455ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/rocky.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

563d9b87b4ec1e7029c3616db556e2ba7489f83744eea0701eeb6eb8519f5832

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8037
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "8037fb4174891e7dcf836969b8a9d24c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v39mBtQL2TVbEYajHyyMfxoMeNwDXv%2FHoCrBvLqKY8cK%2BmAfo6tOzAYHspr4ZONa67Q8PAdvJzuU0s8lhyGxiO1pLElwOKbxcXUbRpwm2h8B%2F9RgnMLn6vLvTfapHC7Acv0%2BaT2qLJvsRo8zYEqWn0yVci8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf53898f-SIN
priority: u=3,i

GET
H3 200 june.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2468ms
2456ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/june.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cc478aa240a6ae5babda9e926fabf72425cd40483c7e6d43e8d84d54f0a7885

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7485
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "435c53b6945effeb981edad6cce5f314"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1jhU9P1Z5cjh82TN7RMfk3H9UuZhzbzEeb%2BKB4f06EhQ7ussTVMfnbTH8vC9A4fl97pxHQMplIgZPmMZGI8kUMJG9Ttm6ySaw0FAx3xlCE8bMR0RIFakck4zAwXjTuZKQYBoRSczpA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf55898f-SIN
priority: u=3,i

GET
H3 200 bean.png
icedodo.onionfist.com/assets/skins/ 9 KB
9 KB 2469ms
2457ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/bean.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dbbb6e78a450043257bc854e89ee39c00bafabfdcfbeda912c85b92c697fc91

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8901
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "28d5b5df7415f410f792568b3ed6665a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzn1QvItHUxYTPqNTL%2F%2F5Fq6tQohHzl8lTc8107EASCcKg9xwvRulvx7upxviVlK17FqxnhExtKnbGpltXp68rDQ8Wz3Rm%2FAj0raV%2BqYzfNzIumYwRvbYgwkHCgf2q7T4Gwe2wridHg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf56898f-SIN
priority: u=3,i

GET
H3 200 fish.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2469ms
2458ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/fish.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ad6a0937d3f116ad409e6a3192ef8e509334cbb910752a22c3226b9568da41

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8074
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "73d01481d4d241684db7dba2c16d43f5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qz6CMrq9hdvo8n%2FNHITCmGVv2yaCK8jwvGls3oUJYHEq8USwQkX6WGkKF2gDhmPZp2046VQKYtHsGPVfcCB5om3VZ7zKT2TKIOmmpSVP3Pn2UHWgsUoKDgj1kQyBVgkOo4khEuU57%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf58898f-SIN
priority: u=3,i

GET
H3 200 furby.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2470ms
2458ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/furby.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff5106392d964d4895de91cc86276a27d2d5017ad2bec731186e7690d3017b46

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7557
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "7a1a51751231f6de2268650d98c621b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFxg1RCm%2FqwKabFuobrJyG6r3cSCl9Yk6IqpFcTLzXYe9Z%2B8Xb4KPtXgRckfQ9BzZw%2FTJak5lyOeNpXRmWhbeYfymf0C6nWI9nJET9mqxaBMivfRWeYHuI7Tqu39kCAK0%2FR1IRtjg2A%2FlUalT3N4IUkB78s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf5c898f-SIN
priority: u=3,i

GET
H3 200 abc.png
icedodo.onionfist.com/assets/skins/ 5 KB
6 KB 2471ms
2459ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/abc.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d4810306646d5d3c7d997d6995112ebe5e5b9bc838d87b34b5cd6a9257e3cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5408
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "502401094c51e27e46755180dd302111"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bp4%2Bpr7OMyTfJ2F3NlgHlkGLnA4q8tWNsuyieYl8JyLxi3KkJeyR1cjiqDM2oKNLvDSaN7ZSLHkVJyTput9%2FDfscMm5myeNC28psr2hz%2BZkToY6T1uVIsOZ9RNJW9Ch3Wq8lUAnF7GdurOJyo%2F8UWYF0gZM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf5e898f-SIN
priority: u=3,i

GET
H3 200 crazy.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 262ms
250ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/crazy.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97e23f516c8d4aa522a051a6b717af275e0df8584dc42c00e8876cbd58048583

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8072
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "6d3a66f5af41ca7fd3dd707a9eb35dc7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FF%2FwqxVToafrBhx3%2BQc1%2FteF8QrKxrOpoOja3m9%2FW3OOjsAAoz1HjQPKyHv089tKKa8kYGNFmbVhT119RL6Ya%2FPyx5YArd9H1vI4HcVXlUl5jY42eUTGGRUxmOddMfWyiKvBlEFQVw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf61898f-SIN
priority: u=3,i

GET
H3 200 kazil.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2472ms
2461ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/kazil.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c67502a4a5b601d68637e5c7104886745406898e8e1c1040ba000368f74913b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8010
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "1b580648b6cf4864d53d589104d119dd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjKLdNtB057Oo%2BFuOXlgsmz8SpKa7xmJDpaaW9TGZwskOYzp0kGIYeCSIHrLZbnwYciclPy%2BUinTIWqRpCD24OqRhch6tucl%2BtWaStT3nFGVAXjTcUc3B2rbaa%2Fp5bkZFGmdt%2FDf4DA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf65898f-SIN
priority: u=3,i

GET
H3 200 mango.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2473ms
2462ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/mango.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9933224bef8faed81f3a9509eebbf55cca3323ba787398ef83a63a39c48943f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8039
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "5da63dc269afe410e98d76cff916a323"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8Gxpro%2FLu3NkywCGG6gyAa%2FmI2sR4jgr8Rl5GW4fbhyxbRb4W4Lc6QpGuJHtbeFwQvysngTuSPtLCfT89HkAz6bzVOSVaUCsAb%2FFJknCwMFNTLB6kTzJ96ES5Qd5AtHBVRAQWDAEg4HNDlIIg5RGTVzZRo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf66898f-SIN
priority: u=3,i

GET
H3 200 sleepy.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2474ms
2463ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/sleepy.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92432d9d966d6fd7f214f72c4f20e1d30ca3266d9098bfcf8b6667e518f24af4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7483
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "237376120cdad82f17abb2d8b311fb8e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsPGiDcfpJvJm%2FZNZk0r5ezi6YDTm8X%2F6uNAQZ5k%2BcjqurggybBLxMbs107qCV3hwFOchSjAyaXEHRWXt38BkN6aHoy6dFz5s3%2BdBSelKwSGk8Uu00VdXxbCtGlWey9hX8VLzOsGojw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf67898f-SIN
priority: u=3,i

GET
H3 200 moosh.png
icedodo.onionfist.com/assets/skins/ 4 KB
4 KB 2475ms
2463ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/moosh.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e5bd424ba24b6ff61f49b4db145c38b46f73bd16c0cf1e40b6b299211b561f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3748
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "8f4ff4bc866004e156004d16aa1ae4f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXi0yt28EUCkYPOCck6KbsdrypeoeLMTuOs59KBQZ7ZNEE53Zq5KhTKBeRGz88Eed9MNbeFHBX3uyx8oXFvyPZcO4CNTJAr48qnnCMJysLXATUYg9lW885F3w5IXsWs1vhLGQwyH1zU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf69898f-SIN
priority: u=3,i

GET
H3 200 thero.png
icedodo.onionfist.com/assets/skins/ 798 B
1 KB 2477ms
2465ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/thero.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81c61cf7d07b9975791c32a8d8dbcef66529bd90d45a9eae4e192aa946d0d552

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 798
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b4e6f57ff02d97e26a3087e84298f228"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5U%2Fj%2F5FvUE4P%2F%2B0rbA9PelEhSb4tId4yiv2XUo6dVu4gfAqrp8rDP8%2Bxyg2Dtn0kxG%2FhCm9coBU8Vv01RxbS11D4JeAOqej%2Fk914VoONniFljW777ppcAMWHRo9ghjV9QZhAqq%2F2tw4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf6c898f-SIN
priority: u=3,i

GET
H3 200 awehero.png
icedodo.onionfist.com/assets/skins/ 7 KB
7 KB 2610ms
2599ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/awehero.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f4c8c96241004e265f7b48fa4a458c50c2199d961046694be42cf8e70fc494e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6869
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b53c010209af3e6a5b0331d815779874"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d00stBKNwhBs%2BwPx7htWWHxLABpZ5Cb2oKAiXhU4FWQ5xBwbs0ZnV%2FI0KC2ud133JzDD835r7IK%2BxNZ3SjFOGRBsD13wXBzHCHank%2FRzDFTJe8QfqhYF8ToCbOJmpJrzSwd2wdOBEMo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf6e898f-SIN
priority: u=3,i

GET
H3 200 doom.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2499ms
2488ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/doom.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d8488f58b2658c5c303c573a1c0d7f6b1fbd8470ff759208aa117be26275126

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8091
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "74d0ee4d58db5f9aa8b24ab43fd81e93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fDpOTvNQQYSrJhsqwiGcWVU60qqqtSagimEukAb%2FBRkeE3n5HG61eivVYXLQWbjOb2saHPVTKiKoZvpORlUKk6wJfGEhBo5Yhv3KgWDpSVtuD1E079ImmMyW%2FgMr2Hb5TUt35Fz3G5vAGquC6ajoxIkFyyQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf75898f-SIN
priority: u=3,i

GET
H3 200 carrot.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2499ms
2489ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/carrot.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8919cd27aa0d14ebb363de3ca2440f308c78b1ef89e54e7d66ebf54d233b6bd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8087
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "c78a0d149e355ce4e9efbace83a6a84f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YpJ8jyBKBRAnPSraj3DNAk2b81boMrxN5uJrxzCfchG%2FWPw2ik2q7TjseumhuBiC%2F%2Bmf3V6HEljUehRF4usI0RF2P%2FtxEg0TYPd7yazoXguI22C0a7q4BBs%2FY9ioJVY8ipZK7H7SpA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf7a898f-SIN
priority: u=3,i

GET
H3 200 dark.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2500ms
2490ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/dark.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66aca9de6116d42d7e0e581691098615ea9664cff8181de43e434bd3a1e23c21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7675
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "a92dd4b5e347d3ac1a674262ce442fdf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5nAC6IzXYmz9PV9TOFd8kopkkpQT2FOwKaH7VNTmqYInf9KSVkeftpX07abBl7uDQwXAOl51y%2BSxb20hpN4SJ7sUu3hY%2FqC%2BWZwf6LcZ4MLPvRxZfYSidYum3%2BaJmeizRstBRfWgcE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf7c898f-SIN
priority: u=3,i

GET
H3 200 rytai.png
icedodo.onionfist.com/assets/skins/ 14 KB
15 KB 2610ms
2599ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/rytai.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c203275adfc7cab99b60a1ed4637f63460bdafcfeaa513859659fd2b8686abd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 14535
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "3cf079ce71d868eddffb623d02f4b170"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v8QOiXJy5mBNfeEreAFpatMETcDbvkwazrwazg4onxtxS4MlHfMlmxLbbm0b0t7YcHW2e2qBbKJ%2BzgKkbiKqBjmmoxPea6q1wAMAVlP4xmWtM25zfLa6FTduR3FJd13NXNpXQ2Gjlm4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf7e898f-SIN
priority: u=3,i

GET
H3 200 ghoul.png
icedodo.onionfist.com/assets/skins/ 8 KB
9 KB 2517ms
2506ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/ghoul.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b3f66c9c71bff65933ddd3c9a09a603c2a15542df82d58f0c5df8e9f79fbf53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8210
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "82fadacfa4db302b50a3494cb69a6c84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2x3tVseostDts2QLC08EgYtfZJKBwD2BX%2FVlhU8fvjJ5DWybHk%2BEhQ3zCpH0Dy3XxAA%2BsI1Oh1T%2B0Kuwqbe%2Fpe1Cgi6mfcQsvZcb01uY0qlLtHTMzFkjzUD22bZ0AcIFFB%2F1ezwing%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf7f898f-SIN
priority: u=3,i

GET
H3 200 zhou.png
icedodo.onionfist.com/assets/skins/ 9 KB
9 KB 2522ms
2515ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/zhou.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a18d394d86b24b65f1414eb0b1aac6a671e70e5d0c6b21869b54b564398e397b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8720
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "f1d83f4588d5026e266db4a3c90ad22d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gLI7RuzItY6ms%2FAMt8y28xYSaPhO32I3PXDdHL30VYlZNQS%2BrTABp4%2FRhiRDM0AP8fHtKe8XnH6OF16eVpobeVcBRXG7oM7eBBayXwsQOcASzdL7Xvm7pZKkdMf4en7gwvQaD20wEU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf86898f-SIN
priority: u=3,i

GET
H3 200 insolence.png
icedodo.onionfist.com/assets/skins/ 14 KB
15 KB 2523ms
2515ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/insolence.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd792ba9d6a730d9bfbc7d6fd9f70006b230557b3b15ac14bad7e53e1f6f777b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 14358
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b23bae26e19a676e78387de286e9fbe4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ieA1DMtJd8VhJIhYKYCGZ9QW3FVdyEiCOg7u8tq8bjmzkDstej8cIC%2F6Hel%2BwlfVk5%2FujY9sl%2FC95c0lXDaAcdxQGM%2By0gJ4ADKSwWCzpuFaIjLzPJVwnfDDaWEfRSAXw%2B%2FN8Eaaq5o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf8a898f-SIN
priority: u=3,i

GET
H3 200 skilled.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2523ms
2516ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/skilled.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dfd2cbf7386c405b35568a4b7d371b14dcb1a7a3c8a79d633e210540cf4aef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8084
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "eb2613ee8e6904b5c2a557a3f1d8e124"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CfIxTRxLNozOgi153fZexFahgYmFde76mchTCebqV%2FOVE4VykJYMHPhWSUXC0dX2TRd2SLHnBlRWtHcW4uyILPJYd2zgeSdGufftW0pWZqompquXG29UYbIt4YHS5%2Bdo94YQ6SSEoTg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf8d898f-SIN
priority: u=3,i

GET
H3 200 squirrel.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2524ms
2517ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/squirrel.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a73a461cb86f1eab514640581aa3f0bcd5362d109b885af44d463ac1a9e8faf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7512
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "c80b3bcec4a26bec9b39c9e9d015e923"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLaaEozfhpdf0ovPsNfPjUGXb31JoUYkGdhy1YylqXgBtSBheX6kbsG0nepei3bTnhbRM%2BBqXKsO9tRsaayt%2F4WTNCGZmbGQVMs0j8KSm28RxyxNv6rAUQpyeSusGj%2Bj4dNlEuv8k5A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf90898f-SIN
priority: u=3,i

GET
H3 200 modded.png
icedodo.onionfist.com/assets/skins/ 12 KB
12 KB 2525ms
2518ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/modded.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a33dffcf3751fac1b661711b10ccf39bc110d310893ad5a88c024f6c1dba9b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 11948
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "72ea6cae5a7cefb763ae4468b120fc9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Cs6OV8ElVEfqhb8Grn4IV8JAu3wA2XSSXmIOAPeZKezVTFQmuY%2FaluBGHzRRI%2BZoIKqWnlOILwy1YtuOb7eYqJiXzR9ZyljVcjIJlkXbGFMa4mJe6KF1ItGSZWhIFGj85yBkdS7fns%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf93898f-SIN
priority: u=3,i

GET
H3 200 collab.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2526ms
2519ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/collab.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d951b0c8b13b798f1a91f64f4f687258e095371935dcc820d33d84e69711525

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7507
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "92024eac6ce62139e794c46916af4669"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtHVkjXXYLDLwsFoAdos%2BsztRBOjjcaIBxZjiU1chj%2B7q3T%2BeCQ6flo8uiPrFZcjU29csnR6zYrbNEGpFbzIBZFTAFEA2AAHOH6KQPx5IQTW8qhHn7onLkUi7phuGTXOWtalQfwV0sE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf96898f-SIN
priority: u=3,i

GET
H3 200 dodo.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2527ms
2521ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/dodo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4519f6763576bfb10f1bebce9739388c2b87ab4ba120abc97515203d9aba257d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8010
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "27b8701f2f7d3d2f84b84b1897702638"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3grs%2BrEx89ODYZjWK9IsnIMmVaMydpLehAUyexFFtZ8onlXzRZ04wWRWokZ%2BSzmSdZOM1t26%2FZAYlMa1af%2F1rLzIqzX6scUMLPBhUO2wQK3B9op0AiRLHntTir7ZY27YMLb%2Blc6j6A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf9b898f-SIN
priority: u=3,i

GET
H3 200 og.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2451ms
2444ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/og.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5611f7ff21f02896b5399660878704ad838955b70dec87fe9722d535cca52f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8040
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "7914b495d5fb6b3f4c774c6e4e6b3b13"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3k13wyBXcnJPVgZnefwRbkP2niIH27Q35S6Io%2B%2FDLXveLHYvp7xcJP0wFIM80gkOyOx17N1L5CqQtX3l%2BHM9suXY73LWpQdTiBbagRvpH95RPJVhibQhqROEF8c%2FKVS5WQ78B61b720%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcf9e898f-SIN
priority: u=3,i

GET
H3 200 brew.png
icedodo.onionfist.com/assets/skins/ 18 KB
18 KB 250ms
244ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/brew.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce7323b3dd529c8f2ce21ee4572a84714ebf19fe389a6680bd2199e54d99c92a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 18217
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "08117b379f05e6f88b08a6e640ebd39c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gOkUZsfPK4hUw%2FiZrp36T4HZu3H%2BM38NcOwAEgQIh3jWuC5gAoEl6zDMvZum4TK%2BHb5sUeuXpZ3aWJn%2Fs8%2BhZZ%2FVA4fCwbom1qU8aeiXVtiGmARyB9QyXYCiQYe3urWw%2BwRX8RKBwms%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfa0898f-SIN
priority: u=3,i

GET
H3 200 vault.png
icedodo.onionfist.com/assets/skins/ 3 KB
3 KB 2605ms
2599ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/vault.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df314f99f23f6460c1781996ca3db6328784fc863a6972ae83138b9346fe7ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2743
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "01e87587145675df78e512cb73697d75"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v9OrTpMukSTMrKGR3EpW2SlrN5WNUM987sLRnazM94z5fMNKRoKYs9RZhBc57IGCKgIBCR3v43G0dhi70%2BHK4cVf0x%2FrelMj10%2B7F%2BsUodrn4ldkyHyg3sM1g107SEM%2B%2B67xy%2FO5JrY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfa2898f-SIN
priority: u=3,i

GET
H3 200 ultrahard.png
icedodo.onionfist.com/assets/skins/ 10 KB
11 KB 2581ms
2575ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/ultrahard.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eecb856ac2b3a13abed04ce16fe9fd6d8bc139ae1f1a41eb79c97249b3418464

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10555
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "4451cf6260e4e6562d4e607da9f71fb4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s4GaBwt1W96BPrYoLWAQDefX5KZEnVrMCNGIKEdIw9XTDxOont%2BDkVjkmoU%2FQY7PGjpFZeo3kmRKRhR0VjX9L9XFHkFI3ui4XlkO8RcIG%2BFplDPGXinwDKD2C9wZe%2FolZL%2FOkMy%2FfUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfa3898f-SIN
priority: u=3,i

GET
H3 200 default.png
icedodo.onionfist.com/assets/skins/ 842 B
1 KB 2582ms
2576ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/default.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42b057d46c710357a16406e761339550b9751f89ab3308ab5ab3fe1640dea746

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 842
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "75ae20f0c934f55edd0e81332081807a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2F9dsVYbVr70atpr%2FpF1%2BWz5xB%2BzKql6vXqowxh9NIYvFT6%2FeFhh56%2F0SssdopWducBJtdi%2B43mNdxUGV0OyCcb3hL5BgkCerNJ5sBZIlQvjk%2Fp4Q1imE%2FtmKDCeUE57RqxPSZoHBgI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfa6898f-SIN
priority: u=3,i

GET
H3 200 lock.svg
icedodo.onionfist.com/assets/svgs/ 879 B
973 B 2583ms
2577ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/lock.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a372427de538145f750b1e0c61c75ba96d1ad367be4a4d5cbde052638f5442b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"b79181c4d9cbec6642b8ec85994ec97c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nX%2F%2BWsl85r2vBSsf3D2KyMhGvmbW7muQPNFmTVkVjG1X5afyIfTUVgLlLytrRokFFK1SlVRsDeBFOGATxwEIUXLd92D%2BvPQziAHumqOpo5FTXNqPE0mmRmRCKc0iYVj6GDXFjIk5iaM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ebcfa9898f-SIN
priority: u=3,i

GET
H3 200 diff1.png
icedodo.onionfist.com/assets/skins/ 15 KB
15 KB 2584ms
2578ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c7d65d6f80e68acad46770ff9bf2086c50f638d675301fe9975d39393a558cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 15296
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "ed8ce5d7d01465dd4a7edc2d7151a9aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uG7m%2BSmqt%2BlZQunD5i7ddv%2F1ankoh2KCG%2FPjpyz17VEor9tqesrXbWHyOdxQa4cF4fmr31zeR2BSRbilR1V7q2qzvj19nWYPX7U95rmVtT2u4Qqmy6q3BHbLFjCK7JYBnmDfezO8nxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfab898f-SIN
priority: u=3,i

GET
H3 200 diff2.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2584ms
2578ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5202da33b86163dd94f769ae1dfbc51208aaebc31a2a805e495858d4dfb65cfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7280
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "a7e809c37bd5ac41816b0bc3a3b8e051"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjjntMrk23wSEPFVVUNp0fEoQj5UWQb8NCWcTEz0vV3azTJmv8UU68w2I89uRedRJrvMj%2FTgTnEIHZ5xSQFrgJljcOGs%2BoJPSVbce1UCQXBirExLoDF%2BnI3IlsnW0l6rs1zhgxViM%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfac898f-SIN
priority: u=3,i

GET
H3 200 diff3.png
icedodo.onionfist.com/assets/skins/ 5 KB
6 KB 2585ms
2579ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53ca7615b20decf9ef711cff865c3d52c4bfe565844b479b690ff30a93073570

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5165
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "a9f89e779a3b0a0af0dce42eb63b6ee5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qb%2FUcEP5n%2BTjhDNyP74UcqpsTyZXpO314GiQaL%2BNF1u%2B0ZywTbq8ioeemFUhzDi4tab1iWAn0Vje%2BLuga%2BZyLZfF7gP70jtAZQDPRmCbhXI%2FDIdtMlAloFuuujoMawEd5bUVAQpzAaM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfad898f-SIN
priority: u=3,i

GET
H3 200 diff4.png
icedodo.onionfist.com/assets/skins/ 21 KB
21 KB 2585ms
2580ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64879f6cac8521a6cb2db4b9a28df4914675e7209d0eb406a9be2b26e5414f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 21002
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "711305fb4fde687d21e73192d3188af8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gyM%2B2VIYQ4hjP9JOoivPX4%2BiUkoT1hXkv3x%2BHYk7wwo9Q4s5oseLI1tYnl98RjUKBgqhfNyqkvJf6MvTvLdtjbglCV7AAwUXlsqzxddj8%2BY7nX8akq3kU5xA6S6L%2FecslVMjVOm%2F%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfae898f-SIN
priority: u=3,i

GET
H3 200 diff5.png
icedodo.onionfist.com/assets/skins/ 9 KB
9 KB 2586ms
2580ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff5.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a77ebd3f139d12403725f1d049de7f3fa491a5860c4a953e9661ac265ea4069

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9026
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "c8a3ae0ebd849cdac9b7173cdd7db336"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6JdJknPyBTByJ0eXp4II%2FKLLWVsRB6doC689sgbgU2Eu9aNmZc41K7w6FpkRyfsANg5mAZVrpQC7KF2Rx1Iw63C3ZZH8IejUZF%2BtR381J6YQtq5RiZ8ica%2BTAG%2FgZJI757%2Fbg%2B%2FAEw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb0898f-SIN
priority: u=3,i

GET
H3 200 diff6.png
icedodo.onionfist.com/assets/skins/ 9 KB
10 KB 2587ms
2581ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff6.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a14dc2ffbd3f617801f333754ea17b6f8e366a97810c7ff3cde5f5984095b5f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9720
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "470ace26d675773ea454828439d8c034"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5aUR25QxKGW%2FzfulAsypkyADq2AuBQcJMcZVvblZ7JyFQYPE6yIa18hKwB1VHFM7yDQwvYq15dIjftNpZlY7zOccXh%2BUk20hsYgxJFuRy4413p6R8%2FY3shYDR1ebvlccBHCilA55b6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb2898f-SIN
priority: u=3,i

GET
H3 200 diff7.png
icedodo.onionfist.com/assets/skins/ 2 KB
2 KB 2587ms
2582ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffd1d75e8e500457e3572de354b8cbe87e4abd823ff6668c5c80c30d15751d27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1785
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "af7efe4c926c3fe3aa40f141f2b10221"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6DVbnhNA318fZmvnEABnAck892HuDf%2B3hhMtB%2BJtiSXA4ksXkgOhDGBXIzaXFQKWaGueMICUlqGyuzwUXvxYoDZISO8LKIniE62T3jqBXGxyjnowmfXelxYvlQulGb2iIkV89DDp30%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb3898f-SIN
priority: u=3,i

GET
H3 200 diff8.png
icedodo.onionfist.com/assets/skins/ 8 KB
9 KB 2588ms
2582ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff8.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13571b2f1bdc9f0b6795862c73ca2e24956560820215fd31a195fd9113be5e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8199
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b86cba4c14deccf8650093abac4aba08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmahXYz4NxX245GVBQmimQMpgLUXEn3NE3UHLZhLoKv%2BW4stB6f1WUPkqNZ45i%2FaSnJ5nH04b%2BX1wpLBWY7wRnowsibl8FAxOs5up76qOPJjD0bosmv0N2K0DS4TvZMBOV8Z0GBHD7EpKzWvpg5RYjdT%2Fmc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb4898f-SIN
priority: u=3,i

GET
H3 200 diff9.png
icedodo.onionfist.com/assets/skins/ 1 KB
2 KB 2589ms
2583ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff9.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83e09c3baeaf18d66f2705d6caab6b3bccb87fda120dbcd38040e28bcd32e6a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1342
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b11a60abbff7f419e724b4c5d215e4f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcyW4L7T7Uxd%2BqnuZ6fRaySl%2F6A69Z2DkRyKuE9DMapAPNlJl8LbaOLi9VfwndJotrWIlO%2FFas0XcDRZFiV6IcixilL6j18SxgYrxeg3rmwAsNkybH9O7kAQBRpzeQmAQTuQ40Eubkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb7898f-SIN
priority: u=3,i

GET
H3 200 diff10.png
icedodo.onionfist.com/assets/skins/ 6 KB
7 KB 2589ms
2584ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff10.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1302917307ffb9b5a250c2a567105e7b3f05434bdd8ae6941130bceb20a6ad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6138
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "00644fc29c3c0611a109047b168d562b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WWNr2FFH4TgpbIHJUFpSxOUbVEki3InA7op5SUqRsgAChP6d%2BFAE5sQF1kyIVm4%2FzpHIClVx0HYam%2FCy07CeGBQMAudVLo9%2F6H8DGzIYjFgxKNbx28W1pRd9nGPlVWx0y1Rq8d6zCZk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfb9898f-SIN
priority: u=3,i

GET
H3 200 diff11.png
icedodo.onionfist.com/assets/skins/ 49 KB
50 KB 2590ms
2585ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/diff11.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1a0398e0c8c7f0a32b19d6302623c64341d088180d9dec3caaacdddccf0436f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 50451
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "6f050167833c588a84c9428bd36ef407"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwGT2pz6amYgHTDsYJ4LpTH%2FdYZACj2HjFCY%2FLb79iKgHGhY4RyQTQN9yRzni4T%2FJ8wwAp%2FWZ0jAL4NJRDiKYXQ9zI9s98X88UZ6%2BkHhN9aecmCLae1ETSfzTkGm82UmGUzmxRJyAUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfba898f-SIN
priority: u=3,i

GET
H3 200 pointsa.png
icedodo.onionfist.com/assets/skins/ 7 KB
8 KB 2591ms
2585ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointsa.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ad2764a56cc3906620c233983a88c7da09a09fcb106f3f9387fe2e0bcdaef5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7454
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "25c0c9ab8f047fb30ba2afd5d767bec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UG4PWrWb8v9OK7M7SmqLeopqI3SiLbl4mladfOEU7eLuZgC%2BW3GHpBEmt%2Bmg6ECUxinXk4FdP0fOSBruJ7w3Q7hKeBN2maecYmZ%2F47HE7mwNy9jjeukIA9gpyZbMSpR7YFSakF8VsAI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfbb898f-SIN
priority: u=3,i

GET
H3 200 pointsb.png
icedodo.onionfist.com/assets/skins/ 5 KB
5 KB 2591ms
2586ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointsb.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

873bb29aaa089ec041f6a3ff60d5e7cee49c491e902fee8e566ceff7a58c567c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5058
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "664ca36606074da6dd4a01707c9d2d11"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6gyiEQg2n41t63SKtMPssqp6%2F1yZ7P1Sl5dYPpSfZfgW0Oz9XyNYmSl8qwsAs1W%2FhePxC7hLwuQhhR8fd2fvs5pDVV1LEXpTa0tTP42na7efLyvBxRI7WClqcafQHhaHYTg61BPRvk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfbc898f-SIN
priority: u=3,i

GET
H3 200 pointsc.png
icedodo.onionfist.com/assets/skins/ 7 KB
7 KB 2592ms
2587ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointsc.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ebdd717aaec82d85e69929c786ae6293497d347214f0cc0c77b767042def9a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6844
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "6142826fefff45ceba490ef021b05bb9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhJcZsQd3HSrm%2Ft3MT5gLTOvplvBhy6qx7CbFOpuIDtgJ2fLPUPGYLnVYBssisMI4rkIAizFfls6AM7SWpkINxDXlWeSdYk9jWa3QzmXIkOulwmHk%2BRGgjkfdl%2FOcJc3qY5OcfccMaHmDqkFXQ6Lia3UD3c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfbd898f-SIN
priority: u=3,i

GET
H3 200 pointsd.png
icedodo.onionfist.com/assets/skins/ 10 KB
11 KB 2593ms
2587ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointsd.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4a16853ceddacfcda7d170317a08e5a87e8e05f3320d9857c3a140c795ee3b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10287
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "53c3b660b2dec071c6d7a3716145a7cc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0rktbu5A36y07E4Kxe4oHbN0Rs67gqhoAcQdrigTRXnXJQD9EMGw7UKpWtgT1%2BvuWfEyaHZhbTxoaggFtYKNVrRbkHT2%2B3RjNoSXzOGvWhsDwsHZ6VCUaN%2FvgE%2BpqWPMW2eOewXcB0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfc0898f-SIN
priority: u=3,i

GET
H3 200 pointse.png
icedodo.onionfist.com/assets/skins/ 3 KB
4 KB 2593ms
2588ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointse.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

025624d361ed749ac803d38785651b6a21f7d2b90b0def0ad4f51c10d02dd989

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3234
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "1778a912a4884c914f77d9cb2ed701a2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6YUZTBsBhiy9V2xSxzOqRaJXloW1RzjiHW3VGwci003cs7OEyCyDT3uXrq83QPmA2%2FTSr669JSZnJ2uVdmmuHumntJ5hiBSa8goKpPUbmGmA7S%2BNDYn4i1mhFUtNtcbJL7CY3PK3UI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfc1898f-SIN
priority: u=3,i

GET
H3 200 pointsf.png
icedodo.onionfist.com/assets/skins/ 10 KB
11 KB 2594ms
2589ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/pointsf.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e90427208e4a107c9579cb0993dc22b0dab5b053494a98a7f39b7be8c6e0519

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10370
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "d9763e07b2c0d86e19d9d15228f64af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVbEsYsQhKhxxC%2BhJVObkXbMvOK%2BDRNHGewXfgwt6Q8XptRZhKqZp%2BpEaWA114tPFxrykEz%2FSov2Xkg%2FDiFDsREfgdsZAdhvKoeqfvLAEVt6jQ6aoYMuGKm7hG4YoW9s2yHfHVd2XXQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebcfc4898f-SIN
priority: u=3,i

GET
H3 200 percenta.png
icedodo.onionfist.com/assets/skins/ 16 KB
17 KB 2594ms
2589ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/percenta.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba08c12c2a8a82cb36243ae0d8e25498447a5aaa40eb53ec7999b5b6cf6fba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 16462
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b512c512de57b228dadc9be31d6bc710"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gH5mLz6EaSL0XKFRpTBFuAXmZWMDkzcOunKN1uGTEBqJbfGO%2FfQ8YFfxhJ1lXitoeBaEUxJB4rWDBVIsFFD%2B1Xj8BIouOCFBcwnMLGPYHjHanNoLRsXtkHgwzzbNK4db2k81znvQYjw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffc5898f-SIN
priority: u=3,i

GET
H3 200 percentb.png
icedodo.onionfist.com/assets/skins/ 14 KB
15 KB 2595ms
2590ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/percentb.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5531c7f222284138127220814018233aaa95be34d8de16dc8498493791d33c90

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 14654
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "85565e4c6cdee5434b1641da1e86bd5f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUxXohpId2Ijz9dqW5nFMPomPcjDp4P2pJedyc%2BuxcPOizh5uTkrq5LJ7PO56zZuNl7r54XuQYCbQ9C5BA2o9ATmniMriiceCKrIIfLPDAW35AWeLyeh2Dfp7%2FluL1S8wEXNYEb5rw8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffc8898f-SIN
priority: u=3,i

GET
H3 200 percentc.png
icedodo.onionfist.com/assets/skins/ 15 KB
16 KB 2596ms
2591ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/percentc.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e528d05c965e9b1b74940b92ffbc23fe18e6446fd3f265ac1076ffe3126f322

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 15734
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "8a6c4ce1b2210e6cf94b19a1609650c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Afl05nk6NviH5UDpfBZrK7BeHrI146gXBdPCuhAL2vNghruDWJfM%2BM03YV%2FCOnAGHBVMRcc7NWsCTQBtU0xdCXVuJlxY6vo05bBRlszojuKU0nX%2BWEND1RTw3CJY5iXcQMRocMeswg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffca898f-SIN
priority: u=3,i

GET
H3 200 percentd.png
icedodo.onionfist.com/assets/skins/ 4 KB
4 KB 251ms
246ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/percentd.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b00bffe4036a3edde337a2c196f1de34a1baa6dd4c62190907a966013cacc819

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3931
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "551e77ba12d89dd3b5b0509efda1ea70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i2UwONyjabc6mhfdqiUv1mCB3Bh%2F8nOazztjuEW48eFsS6PZHOukRYOc%2Fwccn2Qrmb30sEXr6Tro%2BRLIOj1SudZqH8GmnRzM2Bzd1iN1wIHEeZr1C0QrHV%2F%2Bq7W%2FOdMJDZEDW0ZsE0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffcb898f-SIN
priority: u=3,i

GET
H3 200 percente.png
icedodo.onionfist.com/assets/skins/ 8 KB
8 KB 2596ms
2591ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/percente.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e8ac68c0c3aa435a98a32c211504988d89ce91d21cf93c7897bce6eda3831ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 8046
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "4fd4ce4798d03acf0b6e3ba87bb7a6a1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGTk1IW30p64f66d1JgtKkWCqv%2BltCIKs6XaEhaYA13WD4agcqA%2F%2FZQXz8yQMeqCvXJtuz9YFUsaRCCpBQa6vigCAGZKPbi0lGD6qGEDutDTlPBD0%2ByW8aqh7teZwdgK77iUrnh8wbc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffce898f-SIN
priority: u=3,i

GET
H3 200 puzzlea.png
icedodo.onionfist.com/assets/skins/ 209 KB
210 KB 2597ms
2592ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/skins/puzzlea.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e43550b22528467f3b7ecdbb7552733007c0a7d31bb24a23e195495a7cd34c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 214436
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "eccfeac2eeb21bc255a80234a8baa581"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSxEJzZg0Ks2Fx%2FTn0G2bEHDEJzSgd2ThiCrI1jSftBqh4Hi56oAgen38W5c1uA%2FbbWmVhUmc5O2npDw2rDBQcY7JyAbMMkxxypKdxkxZ7CZ%2BjQORMR%2FFeUVttdPlvtoQF4RY9h7aJI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ebffd0898f-SIN
priority: u=3,i

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1018 B 82ms
27ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Sat, 17 Feb 2024 17:46:00 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Fri, 02 Feb 2024 12:34:08 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1314700
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXs0nRJjslu9mL5FXFp9sEr4xwSQdvw89Dm5MSnQWpjNzEpA2KD3cz7EZ1%2BViWIO2Kxac5OmTokjLmINsarVlHu0y2kIH2g82VdDwd8YfqCWMSaGbzbUpB6guSbHhwdaUCzxARTnqe4xcF%2Br"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 856fd8eb8d829177-FRA

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 138 B
827 B 53ms
26ms Fetch
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

f8d9ce9f2c05da22c399ff6f8cd46bd47dea1a60a2c89c9ab693e5e5b70bbabc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
an-x-request-uuid: 57e1de02-8cab-4ae4-85b0-7c8a93794772
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 138
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK view.aspx Show response
server.cpmstar.com/ 27 B
489 B 488ms
95ms Fetch
application/json 131.153.168.131
SS-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://server.cpmstar.com/view.aspx?media=banner&json=c_b&mv=1&poolid=81290&reachedTop=true&requestid=4062c7e2688acf&referer=https%253A%252F%252Ficedodo.onionfist.com%252Fsingleplayer&schain=1.0,1!adinplay.com,ONF,1,,,
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 131.153.168.131 Ashburn, United States, ASN19437 (SS-ASH, US),
Reverse DNS: pare-many.psychefolk.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 193fdc7a48ae60adfa28663712b68539bead2a82033545589d0d97565c6e983b

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 17 Feb 2024 17:46:00 GMT
Server: Microsoft-IIS/10.0
Content-Type: application/json; charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA"
Access-Control-Allow-Origin: https://icedodo.onionfist.com
Cache-Control: private,no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Content-Length: 27
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 36 B
334 B 228ms
180ms Fetch
application/json 172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=825783
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f151f24ea5609d805d1eec2d3529fca442d375db2965f51d8c003d9be442c5f

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsM%2FG8XR0EH4Z3LSQ25pJdm%2BfgfVLWDJ8aWvMWUQVTGbcAwlPeaL2B8e5URDgtQzXyk5L2t8bWfRemTVrqkvgpY5Zv8%2FASn4FpD4SzhhS3trWj7%2Bc%2FOVamAp6R6ud1M3DCaK86FV"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 856fd8eb9b6239eb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 36
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 51ms
20ms Fetch 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://icedodo.onionfist.com
date: Sat, 17 Feb 2024 17:45:59 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
417 B 84ms
33ms Fetch
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 394 B
922 B 129ms
81ms Fetch
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23042&site_id=360062&zone_id=2685800&size_id=10&rp_schain=1.0,1!adinplay.com,ONF,1,,,&rf=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.domain=icedodo.onionfist.com&tg_i.page=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.pbadslot=%2F421469808%2C22465717618%2Fonionfist.com_300x600_5&tk_flint=pbjs_lite_v8.10.0&l_pb_bid_id=123c7c6347251a2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F421469808%2C22465717618%2Fonionfist.com_300x600_5&slots=1&rand=0.5492391926751898
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1cbccbb8abc82c539e05421e7697adb711ea4196d62aed9b4ff516ce810d7517

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 394
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 2 B
762 B 158ms
101ms Fetch
text/plain 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 856fd8ebcd1a3801-FRA
content-length: 2
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
592 B 163ms
106ms Fetch
application/json 18.195.163.73

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.10.0&referrer=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tmax=1500

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.195.163.73 Frankfurt am Main, Germany, ASN (),

Reverse DNS

ec2-18-195-163-73.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
accept-ch: sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
receive-cookie-deprecation: 1; Secure; HttpOnly; Path=/; SameSite=None; Partitioned
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
418 B 77ms
32ms Fetch
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 55 B
481 B 92ms
39ms Fetch
application/json 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 855299d6520016d035232b532f0056a5a7a58a43dbf2f8bad8af5e27b6f384ab

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-allow-credentials: true
cf-ray: 856fd8ebacfe3801-FRA

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 394 B
744 B 126ms
84ms Fetch
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23042&site_id=360062&zone_id=2685800&size_id=10&rp_schain=1.0,1!adinplay.com,ONF,1,,,&rf=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.domain=icedodo.onionfist.com&tg_i.page=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.pbadslot=%2F421469808%2C22465717618%2Fonionfist.com_300x600_6&tk_flint=pbjs_lite_v8.10.0&l_pb_bid_id=2252b3566a9ded1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F421469808%2C22465717618%2Fonionfist.com_300x600_6&slots=1&rand=0.5713708337498427
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e4d9b1ead4773f585f6a3288d7acdb3995056b139ffa74e4e719da8e842e88cf

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 394
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 36 B
554 B 151ms
115ms Fetch
application/json 172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=825780
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88ce46aa34da9e700594ec151c9ae36fac7035c7662f807ba99ca1714a4edadf

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FoGIUcsTUMCO3C1HLKd3%2FEmJWzHb9B5kXPa5sXdO%2B3k%2Fs85X3XlBJWWi3DBb9EbruCCsHGnlTDQeyLfN5jkLWgXoQGZ0gRBp0r7g7q%2Bs%2FqcStiOzDzbmDf6plev3gh%2F1l1KZL2rU"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 856fd8eb9b6539eb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 36
expires: 0

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 13 KB
6 KB 154ms
142ms Fetch
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e62a245f6c54d8fce0b8465db472b87d80af8ecbd7a2607c773dc99c49ed7584

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
an-x-request-uuid: 9ce07c44-6671-4e2e-af98-bf941bf02f29
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK view.aspx Show response
server.cpmstar.com/ 27 B
489 B 473ms
95ms Fetch
application/json 131.153.168.131
SS-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://server.cpmstar.com/view.aspx?media=banner&json=c_b&mv=1&poolid=81290&reachedTop=true&requestid=28471fabc7d76cf&referer=https%253A%252F%252Ficedodo.onionfist.com%252Fsingleplayer&schain=1.0,1!adinplay.com,ONF,1,,,
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 131.153.168.131 Ashburn, United States, ASN19437 (SS-ASH, US),
Reverse DNS: pare-many.psychefolk.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 193fdc7a48ae60adfa28663712b68539bead2a82033545589d0d97565c6e983b

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 17 Feb 2024 17:46:01 GMT
Server: Microsoft-IIS/10.0
Content-Type: application/json; charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA"
Access-Control-Allow-Origin: https://icedodo.onionfist.com
Cache-Control: private,no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Content-Length: 27
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
417 B 90ms
50ms Fetch
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 412 B
761 B 129ms
91ms Fetch
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23042&site_id=360062&zone_id=2685800&size_id=9&alt_size_ids=8&rp_schain=1.0,1!adinplay.com,ONF,1,,,&rf=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.domain=icedodo.onionfist.com&tg_i.page=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.pbadslot=%2F421469808%2C22465717618%2Fonionfist.com_160x600_1&tk_flint=pbjs_lite_v8.10.0&l_pb_bid_id=3248c43810e254&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F421469808%2C22465717618%2Fonionfist.com_160x600_1&slots=1&rand=0.7751084632868346
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c2b4dbefcc475f33af8142919cb457cadc9410831789d756652fec9b45c10532

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 412
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 138 B
828 B 22ms
14ms Fetch
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

2df104a01223ec5b90123db0d9cee82022f389ad95eb29c1ba982971a904af6a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
an-x-request-uuid: 1f68ac52-0cde-481a-9f71-bbf0f7009e2f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 138
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 55 B
349 B 90ms
42ms Fetch
application/json 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 0aa99dfbee84f4187359be179ffb7703a4712c967d73c1a8e5c55fc1715bdb7f

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-allow-credentials: true
cf-ray: 856fd8ebacfd3801-FRA

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 138 B
827 B 21ms
15ms Fetch
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

2a1d690e7ca0fe353d26d8f060b088f9ee060fb589e9cfe0d0a24cc0599c9c25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
an-x-request-uuid: 6a440626-83fa-482e-9faa-0ff863bcc0db
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 138
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 55 B
350 B 88ms
44ms Fetch
application/json 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 01116c590ef6315848e888b5e1fe89b806ca3c14a99c7ba08a287cbbd2072d7e

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-allow-credentials: true
cf-ray: 856fd8ebacfa3801-FRA

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
417 B 84ms
49ms Fetch
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 412 B
763 B 118ms
85ms Fetch
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23042&site_id=360062&zone_id=2685800&size_id=9&alt_size_ids=8&rp_schain=1.0,1!adinplay.com,ONF,1,,,&rf=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.domain=icedodo.onionfist.com&tg_i.page=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.pbadslot=%2F421469808%2C22465717618%2Fonionfist.com_160x600_2&tk_flint=pbjs_lite_v8.10.0&l_pb_bid_id=44a96c4b6321534&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F421469808%2C22465717618%2Fonionfist.com_160x600_2&slots=1&rand=0.34841743855245966
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e3a3d3112c83441d5f997a137e1ef5db72f7f41ba4c716d16ba17b49c0137708

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 412
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 bright.png
icedodo.onionfist.com/assets/textures/ 5 KB
6 KB 2504ms
2503ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/textures/bright.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67ea8e8bbc4ebf94e5cecaaf31d76f849d16520d198b95c09e7780c87465fb65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/singleplayer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5147
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "242783cfb386683384a31f1cef963c42"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wknfT1By7A%2F2fqt14VBWCWKlBy%2BO1rTK7ukkuZkek6QoEx9XamqjN1%2BUDD7DJ6i5i5Ev7y9b%2FGwOknuXfsQUkSRe1d4Vg%2BSKOMgfY6hvse6PxJZwR3ZKl84SCdIm1czzfzoByZ9u7D4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec5853898f-SIN
priority: u=3,i

GET
H3 200 dark.png
icedodo.onionfist.com/assets/textures/ 5 KB
6 KB 2511ms
2511ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/textures/dark.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e44447753f3ffc670d17549e5cef273be87f8e818cc2e6590d5a6860a73413b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/singleplayer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5214
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "49e452f1f2ff51b59286893d171fcec8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwBm4rY7gbRsR8MrA3bvV60lG3qhoENviWOfWDW9fSaa73n%2FzS1WDK8wWiMyj1Nm5sIezcY9PmHuNz%2B8Fm9bj0b9wBPG2HKqELKvw9ZIQ6iRCKWTMR0OFkhqeTasmPzUNBVdrUJI56w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec5854898f-SIN
priority: u=3,i

GET
H3 200 pm1.png
icedodo.onionfist.com/assets/textures/ 11 KB
11 KB 2504ms
2504ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/textures/pm1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174e40cd1a60ff31b41054671ff512e2a07bd1c72ac933146d36e8ba953444d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/singleplayer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 10981
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "d3424f36306098f08afd28ad6fa1de56"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bdb361TznMF4YEcRCr6%2BwVairKF4Lk878jTNQMd%2F%2B0ylRao5%2BhSTp10c%2BAd3%2B6n9gRqepXzNTExlxHKOBNM%2ByWnRgJ2gdAWlFk0boZqfapav4ycnwNplsRe8u6S%2FhtuSwRjs1k6pwLA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec5855898f-SIN
priority: u=3,i

GET
H3 200 pm2.png
icedodo.onionfist.com/assets/textures/ 11 KB
11 KB 2505ms
2504ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/textures/pm2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e23c5362587d7c8eed74a850073b851578fde2453d8868c78ee972124dac016d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/singleplayer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 11206
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "e4f4b2aa5cd533e270b6fb1318f4294c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vd%2BTUJQn7RiRHtluCu3fgIc9KYfhIptJpqWDdG1qVL4qI2IIDrQcFEQWEd2Rr1AMh6wRuFs3zKaeuRz%2FpPH%2B7lF9CSHp3rRG23aATxYb11IdWcireOMrzd118rIqEiKP67%2BuC4m2%2Brk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec5857898f-SIN
priority: u=3,i

GET
H3 200 flare.png
icedodo.onionfist.com/assets/textures/ 10 KB
10 KB 2494ms
2494ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/textures/flare.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca6600199c86d1466f88f113442e748af68591f6541d8513fad5adfa021333ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icedodo.onionfist.com/singleplayer
Origin: https://icedodo.onionfist.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9894
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "ea9abcc4bd99570009ee65bb266161f3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wJiVlJIYQh7bImR06Fetj9lqnwGmrOmezCIWiBi5ZuHPaJWgniFracQFg62Efh7gEnkHJ%2BLKmjCwV7K0Ei3AMQvK24cwL0xz7hejjAHWWSJH0cuSP1fE6EFLmJ4J55sJ9F1eb15nwgw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec6872898f-SIN
priority: u=3,i

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 58ms
15ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 23:43:21 GMT
content-encoding: gzip
age: 324159
x-guploader-uploadid: ABPtcPqDJBgw5lbXx_MXLPrKDqlcjI1Yy7bJYR_K2I_ClZZvBsTMIeJkXtltHF8JmrZOMVfpfmeh2sl-6g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Wed, 12 Feb 2025 23:43:21 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 41 KB
13 KB 54ms
26ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

309c794d20c6824c9c401713bc7ba07938e85509e557ddbc944f6fa17e7b7469

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 07 Feb 2024 07:37:39 GMT
server: nginx
etag: W/"65c33343-a585"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:46:00 GMT

GET
H3 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 56ms
34ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 34004
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230088-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3NHUvx0UAaMLj%2FnJk5M7VfLhOnPHur2k89MZkfGU1XgowwNqmdG2IoO7wY7olFRtBMFWNItd6ZfsNMiNo0%2BpNPhws1kpFfh3h%2Fc6Kk4tkqHYnyTX4QXHFxv8%2FAFGR7Cbk3CsJFPEPZwBk%2B2avA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 856fd8ec0e551963-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 90 KB
26 KB 81ms
31ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5101d202c69226aa554c5a7dd1e747e5bfcd5354fcf9013f43cbda40e6362996

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 16 Feb 2024 11:30:50 GMT
server: cloudflare
x-amz-request-id: YCJMS59MNABGAVH1
age: 3320
etag: W/"fbf94277ddc1a5b108475f46bccc9b0e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 856fd8ec3b121ca1-FRA
x-amz-id-2: 8HrBbsNLt3wZwp+Xb2nQdZ88R4O6kXVMtfZZVxsNzC02/mX+6FQhDN47kn1d3CQygnKL4kpmJnYDacM2bqFq9Q==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 69ms
27ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: e388e19ca38c825b329e762c79c66bbd41bd334f18312c5e97fde0a8f64bca36

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
via: 1.1 google, 1.1 google
last-modified: Mon, 05 Feb 2024 22:07:56 GMT
server: Google Frontend
etag: cd19e0900da0cdbc6697310fd9330fb6
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 0f379daa9405c54dc96bd0b7897b5578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1195

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 94ms
29ms Script
text/javascript 108.138.36.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-28.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6cd320c5ba515fef3997afe473332231160a2cb715f1a99679a7cefa1cf0be0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 06:49:44 GMT
content-encoding: gzip
via: 1.1 82fdc4c167a56caabe3a8a99b02abee4.cloudfront.net (CloudFront)
last-modified: Wed, 14 Feb 2024 17:39:57 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 39378
etag: W/"21f8671135afbd2e874c42d3dc478afa"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: hTN9Gw8QIzrvSoEAAnqg2_LQCfMPEAlFxd2L0ySWmt2e78xROuNwVw==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 123ms
27ms Script
text/javascript 2600:9000:225b:7800:a:e047:753:eb41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:7800:a:e047:753:eb41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Sat, 17 Feb 2024 09:44:55 GMT
Via: 1.1 033e374ece012797cbee0d505e2e61b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Age: 28867
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: zRcaFPbXV5_6Ifj4NO3er9TLFlptYcznPwsnDSbny1axbpO_N7TeUQ==

GET
H3 200 brink.mp3 Show response
icedodo.onionfist.com/assets/music/ 6 MB
6 MB 305ms
305ms XHR
audio/mpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://icedodo.onionfist.com/assets/music/brink.mp3

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/assets/drift_enabled-5ab2ce45.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abc80c3a40363318f236e3e05075d97a1e2dc631c0561a66d9de55ceb0e24ac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6016689
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: "b59f106b9e419dced811058b726d7ec2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMiR1hma7BY9ttULxVssMxJISIhyYWRpKRw6aOs9TATDhUFeam20sCxeJeQYsiNU5iEQgtCw351kkWaPqMdDnXRO75m59VB6eAM50zIrQW1bHJdC8TrA5w0PTGVLSEG%2FD9UR0eEtGZk%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 856fd8ec8898898f-SIN
priority: u=1,i

GET
H3 204 pv Show response
api.btloader.com/ 0
12 B 127ms
127ms XHR
text/plain 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=mQ3YNUPtQg&w=5144889781649408&o=5130683165442048&cv=2.1.34-1-g246a995&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Ficedodo.onionfist.com%2F&sid=hpBuvK4m&pm=true&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5130683165442048&upapi=true
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:46:01 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 75 KB
24 KB 85ms
43ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b1976fe80c2d62438ff78bd757560555c15428672d295f4ae75f385e28ab687

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Sat, 17 Feb 2024 17:46:01 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 188764
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Feb 2024 12:34:07 GMT
Server: cloudflare
ETag: W/"5e52aafe0731d9e2e776e4109559f5de"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2BvDhIzuCmX3hQUaMSzpeXkYZZUWOrOH9JtQUOf%2FPg3QJYGkQVp%2F3xn87mckxBq8Zh%2FlpJ7YO4e%2BJdRNYoGCY96BUeRwEgX%2B%2BD%2BJNVwaYc5%2Bnuli111qxfWLnSXAKnjlyBqKzXNjOb3Nki6B"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 856fd8ec4f804d25-FRA

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 55 B
134 B 33ms
32ms Fetch
application/json 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e332388e9cb4ee190b923812abe541e0f2fee6fbe26525fc28de2b0edf1b324e

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 17 Feb 2024 17:46:00 GMT
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-allow-credentials: true
cf-ray: 856fd8ec2d803801-FRA

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
417 B 25ms
21ms Fetch
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 139 B
827 B 21ms
18ms Fetch
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

9fe1b6127375ef39e7862d97e1f7336e28c83969c1ecd58ccd60cd4118274a37

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
an-x-request-uuid: 2209dd12-a45b-4971-9dd1-a024ac0e7e52
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 139
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 390 B
447 B 85ms
84ms Fetch
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23042&site_id=360062&zone_id=2685800&size_id=2&rp_schain=1.0,1!adinplay.com,ONF,1,,,&rf=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.domain=icedodo.onionfist.com&tg_i.page=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&tg_i.pbadslot=%2F421469808%2C22465717618%2Fonionfist.com_728x90&tk_flint=pbjs_lite_v8.10.0&l_pb_bid_id=52f142521352bdd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F421469808%2C22465717618%2Fonionfist.com_728x90&slots=1&rand=0.4491319306410575
Requested by: Host: api.adinplay.com
URL: https://api.adinplay.com/libs/aiptag/pub/ONF/onionfist.com/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 998bccb15b7b41d8515ebad88e3dd29e226843b7e87ff235791c1f32608c5fed

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 390
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 108 KB
44 KB 391ms
385ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1706768843899614&correlator=4049035893821318&eid=31081246&output=ldjh&gdfp_req=1&vrg=202402150101&ptt=17&impl=fif&iu_parts=421469808%3A22465717618%2Conionfist.com_160x600_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C120x600&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708191960987&lmt=1708191960&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&vis=1&psz=160x0&msz=0x0&fws=132&ohw=1600&ga_vid=1455867885.1708191959&ga_sid=1708191961&ga_hid=44606885&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY6J6zwdsxSABSAghkEhkKCnB1YmNpZC5vcmcY6J6zwdsxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGOies8HbMUgAUgIIZBIXCghydGJob3VzZRjonrPB2zFIAFICCGQSFAoFb3BlbngY6J6zwdsxSABSAghkEhkKCnVpZGFwaS5jb20Y6J6zwdsxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjonrPB2zFIAFICCGQ.&dlt=1708191958876&idt=390&prev_scp=CDT%3Dno%26richmedia%3Dno%26GS%3DNo%26update_id%3D7.0%252029%252F01%252F24%252011%253A00%252065b777546f005%26FC%3D1%26OS%3DOther%26Conc%3DNo&adks=3847519762&frm=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d54e63f13834a0c4bb4c7752aee1db9adfcfc577f9f029233bb75a3401caab4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45084
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 121ms
66ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202402150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402150101/pubads_impl.js?cb=31081246

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c02ca2f935770ca4a80cf2f9311bac7da1ce03b6e656392211e4c522d4d623c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12368
x-xss-protection: 0

GET
H2 200 container.html Show response
26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B67B 6 KB
3 KB 118ms
28ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 16 Feb 2025 17:46:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
14 KB 356ms
355ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1706768843899614&correlator=2498010353376208&eid=31081246&output=ldjh&gdfp_req=1&vrg=202402150101&ptt=17&impl=fif&iu_parts=421469808%3A22465717618%2Conionfist.com_160x600_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C120x600&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708191961004&lmt=1708191961&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&vis=1&psz=160x0&msz=0x0&fws=132&ohw=1600&ga_vid=1455867885.1708191959&ga_sid=1708191961&ga_hid=44606885&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY6J6zwdsxSABSAghkEhkKCnB1YmNpZC5vcmcY6J6zwdsxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGOies8HbMUgAUgIIZBIXCghydGJob3VzZRjonrPB2zFIAFICCGQSFAoFb3BlbngY6J6zwdsxSABSAghkEhkKCnVpZGFwaS5jb20Y6J6zwdsxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjonrPB2zFIAFICCGQ.&dlt=1708191958876&idt=390&prev_scp=CDT%3Dno%26richmedia%3Dno%26GS%3DNo%26update_id%3D7.0%252029%252F01%252F24%252011%253A00%252065b777546f005%26FC%3D1%26OS%3DOther%26Conc%3DNo&adks=2717154008&frm=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1d64e886f0cf600e482709d64439a2cdd931d4d8ffabcaf1fda2862cc576246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14382
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp&cc=1

85 B
193 B

123ms
123ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 13da183c6431e3b0dc8860296928a36cb121f58725aba85936d27c203624ce27

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-b0a81cV7Txm+F1B7elRh8L/+rw0"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sat, 17 Feb 2024 17:46:01 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://icedodo.onionfist.com
location: /esp?url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0D3A 14 KB
6 KB 46ms
16ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=icedodo.onionfist.com

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ff9ce35d5fae856bab207c9f8d8eb3dff6354f007ea9f9b9a32f5cc018d52876

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:00 GMT
server: Kestrel
server-processing-duration-in-ticks: 363743
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
237 B 79ms
23ms XHR
text/plain 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532337.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://icedodo.onionfist.com
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
338 B 101ms
28ms XHR
application/json 52.212.53.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.53.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-53-200.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 40ce40ce6163bd79d7e21ebd1427b7c78222ee4f00eaff8b6470d9f3ee9c0470

Request headers

Referer: https://icedodo.onionfist.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache
x-server: 10.45.31.186
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 129 KB
41 KB 278ms
272ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1706768843899614&correlator=2212478644491502&eid=31081246&output=ldjh&gdfp_req=1&vrg=202402150101&ptt=17&impl=fif&iu_parts=421469808%3A22465717618%2Conionfist.com_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708191961072&lmt=1708191961&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&vis=1&psz=0x0&msz=0x0&fws=132&ohw=736&ga_vid=1455867885.1708191959&ga_sid=1708191961&ga_hid=44606885&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY6J6zwdsxSABSAghkEhkKCnB1YmNpZC5vcmcYvp-zwdsxSABSAghqEh0KDmVzcC5jcml0ZW8uY29tGOies8HbMUgAUgIIZBIXCghydGJob3VzZRjBn7PB2zFIAFICCGoSFAoFb3BlbngY6J6zwdsxSABSAghkEhkKCnVpZGFwaS5jb20Y6J6zwdsxSABSAghkEhsKDGlkNS1zeW5jLmNvbRjonrPB2zFIAFICCGQ.&dlt=1708191958876&idt=390&prev_scp=CDT%3Dno%26richmedia%3Dno%26GS%3DNo%26update_id%3D7.0%252029%252F01%252F24%252011%253A00%252065b777546f005%26FC%3D1%26OS%3DOther%26Conc%3DNo&adks=3029111983&frm=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a08ca5b236dff037b6604911a4f0ab0238b446d1e0eb6236e94545782dba7c88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42454
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 0D3A
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=onionfist.com&sn=ChromeSyncframe&so=0&topUrl=icedodo.onionfist.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=zN5jrHw0MlUzYUZWeitBb0R4L205elVSclFWZHFHbzhnTUtaVml2QlM5S1ZHWFByVmUwVUdaVGRHSk5aSVdTRnNlYTlROE5EL3B3R0xEM3padXJ0bk1ianhPYWRJWXo3R291ZU1DbXlXWEJZaUxEVjJyaHhZcFN6eDFzL0...

425 B
649 B

15ms
15ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=zN5jrHw0MlUzYUZWeitBb0R4L205elVSclFWZHFHbzhnTUtaVml2QlM5S1ZHWFByVmUwVUdaVGRHSk5aSVdTRnNlYTlROE5EL3B3R0xEM3padXJ0bk1ianhPYWRJWXo3R291ZU1DbXlXWEJZaUxEVjJyaHhZcFN6eDFzL05ZMWcwK05jb1N3MGRTWVBxa1NvQVp1ckdLVENxQnUvL0hoeVNMRzgzdnprZ0F4RDVnWnFoVkxpK013K20wWmxSMVZHcW5xWXlxK0d4dzBoenNMOGFMNGg5a1RTUUdyK2lkcjJKbUlWcHA5UkM1azJZR1I5UWE2UFZaNEtkN09jS2lHRUR0TG1mR0ZiSkR2UHdKRE42NkcrcFFZb1ZTbnRwRXVyS0gxK1ljT3p1MmI4aEZsRT18&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

21c15efa936b131e1bef6edb6f48d63affd5a31a9995d2a0174670d4aa85672a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1192024
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=zN5jrHw0MlUzYUZWeitBb0R4L205elVSclFWZHFHbzhnTUtaVml2QlM5S1ZHWFByVmUwVUdaVGRHSk5aSVdTRnNlYTlROE5EL3B3R0xEM3padXJ0bk1ianhPYWRJWXo3R291ZU1DbXlXWEJZaUxEVjJyaHhZcFN6eDFzL05ZMWcwK05jb1N3MGRTWVBxa1NvQVp1ckdLVENxQnUvL0hoeVNMRzgzdnprZ0F4RDVnWnFoVkxpK013K20wWmxSMVZHcW5xWXlxK0d4dzBoenNMOGFMNGg5a1RTUUdyK2lkcjJKbUlWcHA5UkM1azJZR1I5UWE2UFZaNEtkN09jS2lHRUR0TG1mR0ZiSkR2UHdKRE42NkcrcFFZb1ZTbnRwRXVyS0gxK1ljT3p1MmI4aEZsRT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 314949
content-length: 0
expires: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2D41 16 KB
6 KB 64ms
19ms Document
text/html 23.211.9.91
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156857
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.211.9.91 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-211-9-91.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c861dd92be984fe498ece34c0f3c921861ac51bfee50323fcae21231abf7a82b

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=92239
content-encoding: gzip
content-length: 5685
content-type: text/html
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 18 Feb 2024 19:23:20 GMT
last-modified: Tue, 13 Feb 2024 04:57:54 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 28BC 52 KB
17 KB 64ms
15ms Document
text/html 151.101.193.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 44017
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sat, 17 Feb 2024 17:46:01 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 14 Feb 2024 16:56:35 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 392, 23961
X-Served-By: cache-lga13626-LGA, cache-ams21072-AMS
X-Timer: S1708191961.153404,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D4DF 281 B
554 B 69ms
22ms Document
text/html 72.246.169.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.169.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-246.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Feb 2024 17:46:01 GMT
ETag: "20524-119-60b38417c4040"
Last-Modified: Tue, 28 Nov 2023 15:41:45 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 load-cookie.html Show response
elb.the-ozone-project.com/static/ Frame 075E 12 KB
5 KB 73ms
73ms Document
text/html 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: d4d352faffd52a1054daa9e5c89eabf489d84aeff0c2acefdfc45a57ac3a614e

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 856fd8ecee9b3801-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: 0
last-modified: Thu, 15 Feb 2024 11:51:14 GMT
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 8AB7 0
0 21ms
21ms Document
text/plain 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1708191960959

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync Show response
eb2.3lift.com/ Frame B7B9 37 B
140 B 55ms
21ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Sat, 17 Feb 2024 17:46:01 GMT

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame FCF9 3 KB
2 KB 74ms
29ms Document
text/html 104.18.38.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 946
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 856fd8ed39c13831-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sat, 17 Feb 2024 21:46:01 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H3 200 cross.svg
icedodo.onionfist.com/assets/svgs/ 320 B
725 B 2323ms
2323ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icedodo.onionfist.com/assets/svgs/cross.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e9874eefe0a4e95e331b5b04a922700be2eccafad2f0944ab68f9090d537381

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/singleplayer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8eeed02b8a7478fb037bbb4f985e68b2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMhObXD9GvdlqT36lFLMziwNsJaIgWdkXAA9M6izDEnhz0t0KEA0Plf2yjyhkzjRzR4NX4yL5ICbn02WOEL18tdIy3lnDPdpJL2xWzULmB3KwNNX3biE%2FsJIeZnr7hMaMU6RItPiuTQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 856fd8ed89eb898f-SIN
priority: u=3,i

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 92ms
32ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 17:46:01 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 2D41 0
42 B 48ms
12ms Script
text/plain 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=49456696&p=156857&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156857
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:45:59 GMT
content-length: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 28BC 0
915 B 15ms
13ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
an-x-request-uuid: 1285c279-78b2-427d-8040-3e2f99955681
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D4DF 39 KB
11 KB 21ms
19ms Script
text/html 72.246.169.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.169.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-246.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: d41c64bb804476446eb890e867cf5ddb548a90404bea8bbdfea62a5653f79d2e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Sat, 17 Feb 2024 17:46:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 17 Feb 2024 13:51:57 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=72343
Connection: keep-alive
Content-Length: 10921
Expires: Sun, 18 Feb 2024 13:51:44 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 075E 20 KB
7 KB 72ms
71ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://elb.the-ozone-project.com/
Origin: https://elb.the-ozone-project.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 856fd8ed6e9c3718-FRA

POST
H2 200 cookie_sync Show response
elb.the-ozone-project.com/ Frame 075E 10 KB
2 KB 66ms
66ms XHR
text/plain 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/cookie_sync
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 49e5358500b9d35d009ccb1447059ea3d1084929cdfd694ae04d4bffa5fd569e

Request headers

Referer: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://elb.the-ozone-project.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 856fd8ed6f743801-FRA
expires: 0

GET
H2

200

usermatch Show response
ssum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
847 B

40ms
40ms

Document
text/html

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec1c8b36f75a62cead538a3d6bd9bcc2daf25d381d17487dfd7932bcd0e7e6f9

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 856fd8edde4539eb-FRA
content-encoding: br
content-type: text/html
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=scVqo1%2FHQUM5UBCQxr21pCVoGjonMdWHqHW0IyD5Jpc%2FNqMSL0PH%2FZMc3%2F5v1Irg5T23Ad8Mq0C5JEOSJGH4QO2OKHuxKSALsn%2FvE2jmc7R9fFLMB1uzD9TAXGrvCq%2FH9R96ymr6PevGpg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 856fd8ed9dda39eb-FRA
content-length: 0
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: 0
location: /usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NNOysmjd05BjgrX7y4a%2BkEoR%2F870pGyLGh%2B0jfdSv6VwGQMDSJ6b40oiFCZklqIAvkiD0k03m5jYN0ptgLRSHf8qs4DA%2FdGIS40fR4UFta2rrHUmz43fq7FS8Wn7c4vpuEE1Oz%2FMLfg2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame D4DF 7 B
380 B 87ms
20ms XHR
application/json 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 3db54fddb1cb324ce2cdd5a6ec3dc2dd
Expires: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3346 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 6910
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 15:50:51 GMT
expires: Sun, 16 Feb 2025 15:50:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CD26 829 B
1 KB 94ms
45ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f94765a4aeac664cf30d5d2ce3a822a79eac8060ce3cc22e11d057fee8f84910

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Rs75uTbFJIzNMI07tQy2Kw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Rs75uTbFJIzNMI07tQy2Kw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sat, 17 Feb 2024 17:46:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 3346 39 KB
15 KB 58ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 08:12:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Feb 2025 08:12:00 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=afa0cc2e-77ed-43a7-9aee-b6ffe6c40e87

0
678 B

57ms
56ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=openx&uid=afa0cc2e-77ed-43a7-9aee-b6ffe6c40e87
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8ee38723801-FRA
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://elb.the-ozone-project.com/setuid?bidder=openx&uid=afa0cc2e-77ed-43a7-9aee-b6ffe6c40e87
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 0077
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid=&dcc=t

43 B
855 B

125ms
125ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Feb 2024 17:46:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: V8Y0A940MHQMY507ERRC
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 17 Feb 2024 17:46:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 5EBYMGM7GHM4N1EZJ87T
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=ZdDw2bmqPTsAABeMABmKQQAACL4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEIwc_ZGG3q8Nz8ieXqDeOnk&google_cver=1

43 B
733 B

36ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEIwc_ZGG3q8Nz8ieXqDeOnk&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uXfnGZ7sRzZ%2BPh51Hqisqj3YjMd8gWT48cen2Yrh59t3m1gf6ozmTnSAnJk%2BS8Y3PR9oCALAjm8OWQ8RiW3zmeIXgGqz1qtePtmF68BTgiuwRaS%2FzEsWObF3Wj8oNgJ9RtiHYpQioYxx%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8ef2ecd35f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEIwc_ZGG3q8Nz8ieXqDeOnk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

28292
i6.liadm.com/s/ Frame 0077
Redirect Chain

https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZdDw2bmqPTsAABeMABmKQQAA%262238&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZdDw2bmqPTsAABeMABmKQQAA%262238&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=73df5e9b44e1419492bc0c9254626b2c
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw

43 B
548 B

420ms
102ms

Image
image/gif

2600:1f18:ed:550e:5c7b:a93e:1c30:ee84
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:5c7b:a93e:1c30:ee84 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Sat, 17 Feb 2024 17:46:02 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-w8vuOZeEcFm2_PV5StClHA1DB43emDkfDMjNgw
Date: Sat, 17 Feb 2024 17:46:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 1

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZdDw2bmqPTsAABeMABmKQQAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=ZdDw2bmqPTsAABeMABmKQQAA&google_tc=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

43 B
733 B

40ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htRWlPipAmLcZie2Owvbnhcrl9PJDr2v5%2B28xmKfRGz%2F2C%2BbSAcPrPpYpl5V5BRT0oM7zD3C1hpXummt4WacpajUejhbvWWR2FgdO3vsQW4V1vksHjB8UBIO%2F3xx5TCTKYckgqX6e3pfhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8ef5efe35f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://match.adsby.bidtheatre.com/indexmatch?gpdr=&gdpr_consent=&us_privacy=&user_id=ZdDw2bmqPTsAABeMABmKQQAA%262238
https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=9eb6ccd6-a439-4403-a779-5fd60aaa17f0

43 B
771 B

40ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=9eb6ccd6-a439-4403-a779-5fd60aaa17f0
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1eFPNnhhVSEIvPcx%2BV2qs9p56Zs7WsIBH7CYx6DehT18yfGOH49pXZIQFZQuDTo4c8BAKtjps%2F4jHDQBbdaEx9CFDFEvAl%2BhU5vyLDNrIBJhUyxN1dBjUqW4a2te5mbFqz1N5vPg%2BW3JA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8ee7e4a35f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=9eb6ccd6-a439-4403-a779-5fd60aaa17f0
Date: Sat, 17 Feb 2024 17:46:01 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://trace.mediago.io/ju/cs/indexexchange
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1605e69889c8be7b2bwnha00lsqde14a

43 B
734 B

39ms
39ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1605e69889c8be7b2bwnha00lsqde14a
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DoHOwu8jQOpihMIW3qlCPDVfR9p897BTXDbBwUSol9OLz5XHfQYVEXWqH9%2BZgjB4BDPqBCmsQsy98q%2BYX12XOLlqNTbxTmOtqq16nNZNROqt2EEY63NR8wTeE91XDVs9oTRj7t1CerpCKw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8f0e89b35f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Sat, 17 Feb 2024 17:46:01 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1605e69889c8be7b2bwnha00lsqde14a
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 0077 0
187 B 52ms
12ms Image
text/plain 98.98.134.243
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 98.98.134.243 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 17 Feb 2024 17:46:00 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0077
Redirect Chain

https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=75ee2047-7b4f-4d29-82f2-95af447f25bc

43 B
733 B

40ms
39ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=75ee2047-7b4f-4d29-82f2-95af447f25bc
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iCQ1Xgrc8T7IUbKyyAfs4s9u%2FLYfJJBVYaJjueNyLmaFqWJ8YnM%2BO7mV4gNJ7nf4IzsxkaZrjvc3fWkMrmt0FEhuviEB4afFqn3wXWS6olCi7vTWKWND8oOajxxB4%2BTBPGJWoD1RkJgf4w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8ee7e5535f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=75ee2047-7b4f-4d29-82f2-95af447f25bc
date: Sat, 17 Feb 2024 17:46:01 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131
content-type: text/html; charset=utf-8

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 0077 43 B
229 B 31ms
25ms Image
image/gif 104.18.38.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?ZdDw2bmqPTsAABeMABmKQQAA%262238
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Ficedodo.onionfist.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 28923
etag: "da1f1d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 856fd8ee2a933831-FRA
content-length: 43
expires: Sun, 18 Feb 2024 17:46:01 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
14 KB 386ms
385ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1706768843899614&correlator=1271894895575776&eid=31081246&output=ldjh&gdfp_req=1&vrg=202402150101&ptt=17&impl=fif&iu_parts=421469808%3A22465717618%2Conionfist.com_300x600_6&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708191961344&lmt=1708191961&adxs=1168&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&vis=1&psz=300x900&msz=300x0&fws=4&ohw=1600&ga_vid=1455867885.1708191959&ga_sid=1708191961&ga_hid=44606885&ga_fc=true&a3p=EhkKCnVpZGFwaS5jb20Y6J6zwdsxSABSAghkEhsKDGlkNS1zeW5jLmNvbRiWoLPB2zFIAFICCGoSHAoNY3J3ZGNudHJsLm5ldBjonrPB2zFIAFICCGQSGQoKcHViY2lkLm9yZxi-n7PB2zFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20Y6J6zwdsxSABSAghkEhcKCHJ0YmhvdXNlGMGfs8HbMUgAUgIIahIUCgVvcGVueBjonrPB2zFIAFICCGQ.&dlt=1708191958876&idt=390&prev_scp=CDT%3Dno%26richmedia%3Dno%26GS%3DNo%26update_id%3D7.0%252029%252F01%252F24%252011%253A00%252065b777546f005%26FC%3D1%26OS%3DOther%26Conc%3DNo%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D53919d321251fad%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.00%26hb_adid%3D53919d321251fad%26hb_bidder%3Dappnexus&adks=3420047787&frm=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8873add23e0ca8d2d1e22d2b38688ae0d9a5dfa85588c1501459139867b3a43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14720
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
12 KB 372ms
372ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1706768843899614&correlator=2480308864482436&eid=31081246&output=ldjh&gdfp_req=1&vrg=202402150101&ptt=17&impl=fif&iu_parts=421469808%3A22465717618%2Conionfist.com_300x600_5&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1708191961348&lmt=1708191961&adxs=132&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ficedodo.onionfist.com%2Fsingleplayer&vis=1&psz=300x900&msz=300x0&fws=4&ohw=1600&ga_vid=1455867885.1708191959&ga_sid=1708191961&ga_hid=44606885&ga_fc=true&a3p=EhkKCnVpZGFwaS5jb20Y6J6zwdsxSABSAghkEhsKDGlkNS1zeW5jLmNvbRiWoLPB2zFIAFICCGoSHAoNY3J3ZGNudHJsLm5ldBjonrPB2zFIAFICCGQSGQoKcHViY2lkLm9yZxi-n7PB2zFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20Y6J6zwdsxSABSAghkEhcKCHJ0YmhvdXNlGMGfs8HbMUgAUgIIahIUCgVvcGVueBjonrPB2zFIAFICCGQ.&dlt=1708191958876&idt=390&prev_scp=CDT%3Dno%26richmedia%3Dno%26GS%3DNo%26update_id%3D7.0%252029%252F01%252F24%252011%253A00%252065b777546f005%26FC%3D1%26OS%3DOther%26Conc%3DNo&adks=3896166377&frm=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4dc808f2d6c1efaa9de51daf1a1070758ce5f2b00695174f590de066476c6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12764
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://icedodo.onionfist.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CD26 0
0 49ms
49ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202402150101&jk=1706768843899614&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 6F64 199 B
298 B 62ms
20ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 151
content-type: text/html
date: Sat, 17 Feb 2024 17:46:01 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3346 0
10 B 20ms
19ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?A1DdRg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 container.html Show response
26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 18A6 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 16 Feb 2025 17:46:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe
ssp-sync.criteo.com/user-sync/ Frame 075E 0
0 81ms
17ms Image
text/html 2a02:2638:3::6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssp-sync.criteo.com/user-sync/iframe?gdprapplies=0&gdpr=&ccpa=pbs-ozone&profile=230&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dcriteo%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D${CRITEO_USER_ID}
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:3::6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 container.html Show response
26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8908 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 16 Feb 2025 17:46:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 011C 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 16 Feb 2025 17:46:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5d115d22c534f80a76417856e32eef9c.js Show response
www.gstatic.com/mysidia/ Frame 18A6 8 KB
4 KB 66ms
20ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5d115d22c534f80a76417856e32eef9c.js?tag=client_fast_engine_2019

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:55:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3749
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 13 May 2024 08:55:17 GMT

GET
H2 200 c3f387cb159af31b8eebdade486bc9f5.js Show response
www.gstatic.com/mysidia/ Frame 18A6 41 KB
16 KB 67ms
21ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c3f387cb159af31b8eebdade486bc9f5.js?tag=html5_display_upload/html5_exit_api

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

debb082a27a8f82a26f5bed523ccea13e900f5a6b0c8bbb5932ecdfa6faafecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 05:14:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 304283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16369
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 May 2024 05:14:38 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 18A6 2 KB
822 B 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 16:59:21 GMT

GET
H2 200 c558ca21a4741214d4f6a1021ba2ced6.js Show response
www.gstatic.com/mysidia/ Frame 18A6 22 KB
9 KB 82ms
38ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c558ca21a4741214d4f6a1021ba2ced6.js?tag=exit_2019

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a637295cbf7a378f5b940da61df91245d2834622dd2bdfd6f93352a35d87089

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:12:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9431
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 13 May 2024 09:12:38 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 18A6 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 15:14:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9069
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 15:14:52 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 18A6 3 KB
1 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 15:14:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9069
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 15:14:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 18A6 20 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 16:59:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 18A6 204 KB
61 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:35:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Feb 2024 18:35:48 GMT

GET
H2 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 18A6 36 KB
15 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:56:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Fri, 09 Feb 2024 05:57:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 13 May 2024 08:56:47 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 075E 0
239 B 83ms
23ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent=
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 34EF 160 KB
52 KB 114ms
67ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAAtAwIVSSuAAHP1K4TizIpdEKtql2sSw&u=%7CdOQkJUNHFym3n%2BMO23dLlNEJwdBBiwxLwctY%2B0p%2FZ9U%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSOPFNJnChpmb8nLObVznKzvVZhrVQX9cU9RlVCnCvrXoy-NwdAxi8NJE3-fg1luQlV19khOI7XTm-bHBIwIInk-iNNMp1_3RWs1fxUknB9dHym9631vft-o4WNBbbNrcUmUwTuE8krZtaMs2tBOqvo3xJWXJ-CNOoMm_6EUvk-lKjuUsYDt8Pk20NLHsO_pOmXpHrmU6t9ZjqtMtu5sBPNglXcdcPaaioJybvdQQ82e_tuEwA6pKYtkrTwpxQDbvh634PVnexm5tjJUWmyuU3yEjYjCCtQAzGNrchDXpgiShySuujzCSdf3MKQmo6FWpawLAizcJWONFDQHJn7dnaIFp_2YFGqesTys9TMAQeMUicmRbTuB6wp1cWHX0lXz5C_qb6EJ2wpz0KdMs-sKdPeROzhoGxG2d1IV-rAu1r5wYqUnYPsWOACxWts4NNfWeARNx-IC6scXS3KvJmg_miC9qGXnKMuqFzmlQmJy6t3MWcsYfM0IuqpBwkF_Ycrcp2QOq62zigLCVnxxxsOdXePCKe7DrM8bG1bLXr17EwefnVlshORX42ISAw65rUV7qYzdc2f7BWJAUvZkn7PjCfBVdRaljketijA9MIJpIVyuoA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCF6uF2fDQZYzoAq7J1PIP1J-H8ALJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSYAk_QJfa9jhXKyunBw-Dqwijjl3YWZC_syIiwnvGkYyYp2VsOsSrth0yf42ImbbX3tHhEhfDZ586z24QisXVUyyRfq0pmtBBVJJQf4axybOwlsmwp3j8Zkiv3uGTqB6Mhs-LqD1v1y_4927a1wynaMRiwmhzkkVgG1PR9EV-cvk7pwLJND9MqoOQWDY-56a3eHi1Tzdb6DtoT_XkHhT_gSowW4vO5Pc8nDRDJ6X3smaI-GZKJONbDVT0GW1qW68n68gg0dabbcKw8fLes3zyj9oqgawgZq96Tf4X1vNc-JZGZ9C6ecVWZXMiam5SUfc7B_RF6WgnHprvytf5TNQFcqqhTuMGKX93k5PtyRM7vpiqFm1hBCt1MKnTgBAGABrru0K2p9oyp8QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggnCJHhgHAQATIF64uAgCA6CYBAgICAgICEDki9_cE6WMm7rvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMIoeyu-PayhAMVriRVCB3UzwEu0BUBgBcB%26num%3D1%26sig%3DAOD64_0m3I7iClas9uLUlzcp8jkTGnZX7A%26client%3Dca-pub-3282547114800347%26adurl%3D

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

933a243adf3deca8cd427af9eefadf83bd418f2ba0add60bce7b5690117e4c0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=IkiGnM-VWgABWCOhOmLzmzvM910xbsH-2SpwJawH3NKZndZbMl6TvxVaHQn6vWONKxRYiddf6zQ2-_wOS38qdP85cts9opV365FCh-ueXH7Q9HswJy59l3oYh_E5EhvtGf6ffCY8r7r3XeMG2LeO9s_qttOBco6tTcou4HpiDCusSS9XesLcDxh0q-c7jvB_wLepNpvuJBeBLF4YvQ7BRDQssHQdCpX5UX3cuQYGOQtJfDWFCsMqJnf4tCnGMI2yQCYkzA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 45412596
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 8908 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2518
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 17:04:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 8908 20 KB
8 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:04:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2519
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 17:04:02 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8908 24 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:56:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 377390
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 12 Feb 2025 08:56:11 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 8908 204 KB
61 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:35:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Feb 2024 18:35:48 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2A29 624 B
577 B 132ms
58ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6UTBDvqboCGNbo_twBMAE&v=APEucNWN2S_FXNS1hyqYcrnIvkvlHLaWjP8WpsTSgMjm98z0sqkb4d5PA71jCu2EtWkUGAXJ_Q6qOcVClF67OQg2XbfZIRyjYGMDpbpLcb4pKOxxxVXjSgWSRgwOECiNeGViiWZqYwhfJ0w6w9xY7_CAFdIbh2cvFnwOmtEjH7Niqv3mPVX-4t3zIgEhfBcw6vr4D2nrp3olZBQHll4bw7DhcXL8SV5O5Q

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 011C 111 KB
39 KB 77ms
22ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Origin: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:14:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1873
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 18 Feb 2024 17:14:48 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame 011C 8 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:17:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1700
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 17:17:41 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 011C 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2518
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 17:04:03 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 011C 41 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 376697
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:07:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 011C 3 KB
1 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 15:14:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9069
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 15:14:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 011C 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 16:59:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 011C 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CIsOOO4sj8Oizacf7YhTSWyxBz_viScmGHfbeBpTgMc6nshYLPlmNozu1R65Lkbn0FLbfT9Vuv1q_baE9mJk_IzJBFeKMLNJuQ30tw2sBl6ce_Jwg

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 011C 204 KB
61 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:35:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Feb 2024 18:35:48 GMT

GET
H2 200 cookie
cm.adform.net/ Frame 075E 43 B
106 B 76ms
25ms Image
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012402060239000/ Frame 8F45 196 KB
56 KB 80ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012402060239000/amp4ads-v0.mjs

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a7c5cebbb6d6eff010530c59b73e9e423125219661ff9bc5866c55cd17a5607

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Feb 2024 00:44:04 GMT
age: 320517
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56214
x-xss-protection: 0
server: sffe
etag: "51ebc873ede2e2f0"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Feb 2025 00:44:04 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012402060239000/v0/ Frame 8F45 15 KB
5 KB 126ms
67ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2125b73ae211f46f82ee27eee87e5aa312c5bbf2aedca1b50b7d80f21fd3d5d2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 13 Feb 2024 21:12:39 GMT
age: 333202
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5214
x-xss-protection: 0
server: sffe
etag: "1e0d3e55ad08d21f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Feb 2025 21:12:39 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012402060239000/v0/ Frame 8F45 95 KB
28 KB 118ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-analytics-0.1.mjs

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70651252ddc3ae3cc902b7f374fb9037f0a27192fb31b66acbf5300441b45ad3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 13 Feb 2024 08:47:53 GMT
age: 377888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29043
x-xss-protection: 0
server: sffe
etag: "f8b65ff06b47be2a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Feb 2025 08:47:53 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012402060239000/v0/ Frame 8F45 5 KB
2 KB 116ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-fit-text-0.1.mjs

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

288fd8ba8cb04967d8ffdb274e8828d79fe679e6991ceff828f0f48e04f315db

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 13 Feb 2024 21:17:40 GMT
age: 332901
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "a50cf387c592e9af"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Feb 2025 21:17:40 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012402060239000/v0/ Frame 8F45 40 KB
13 KB 127ms
68ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012402060239000/v0/amp-form-0.1.mjs

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da80171367ccb86206235641cfa5efc267725e1870f5cc5c2a777dc57c7d5ebe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 13 Feb 2024 16:53:10 GMT
age: 348771
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12948
x-xss-protection: 0
server: sffe
etag: "cd1beca569c88c8d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Feb 2025 16:53:10 GMT

GET
DATA 200
OK truncated
/ Frame 8F45 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82b97e913af393820fe397542a0df336221fcfe20a6050951742b8575f043a15

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 12809769024439409111
tpc.googlesyndication.com/simgad/ Frame 8F45 78 KB
78 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12809769024439409111?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmX9QZgdmqF3eQ4ER6KJ-etSde_sA

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/singleplayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

524729e1c999d25dabe8422cc9cf682b33edf39515615f2f7beb682b498c64f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:35:00 GMT
x-content-type-options: nosniff
age: 173461
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79677
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 15:45:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 14 Feb 2025 17:35:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8F45 2 KB
2 KB 21ms
21ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/singleplayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 02:10:56 GMT
x-content-type-options: nosniff
server: cafe
age: 56105
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sun, 18 Feb 2024 02:10:56 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8F45 295 B
319 B 20ms
19ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/singleplayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 20:23:00 GMT
x-content-type-options: nosniff
server: cafe
age: 76981
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 17 Feb 2024 20:23:00 GMT

GET
H3 200 container.html Show response
26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7A03 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://icedodo.onionfist.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Sun, 16 Feb 2025 17:46:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8908 0
0 56ms
54ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CK0Q72fDQZYzoAq7J1PIP1J-H8ALJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSVAk_QJfa9jhXKyunBw-Dqwijjl3YWZC_syIiwnvGkYyYp2VsOsSrth0yf42ImbbX3tHhEhfDZ586z24QisXVUyyRfq0pmtBBVJJQf4axybOwlsmwp3j8Zkiv3uGTqB6Mhs-LqD1v1y_4927a1wynaMRiwmhzkkVgG1PR9EV-cvk7pwLJND9MqoOQWDY-56a3eHi1Tzdb6DtoT_XkHhT_gSowW4vO5Pc8nDRDJ6X3smaI-GZKJONbDVT0GW1qW68n68gg0dabbcKw8fLes3zyj9oqgawgZq96Tf4X1vNc-JZGZ9C6ecVWZXMiam5SUfc7BvxNbyIlUdoZUZdmJuSG1DqZ0sneAccVmUDNP4jxQuAadA5LVKjTgBAGABrru0K2p9oyp8QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggnCJHhgHAQATIF64uAgCA6CYBAgICAgICEDki9_cE6WMm7rvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0gAoD-gsCCAGADAHiDRMIoeyu-PayhAMVriRVCB3UzwEu0BUBgBcBshccChoSFHB1Yi0zMjgyNTQ3MTE0ODAwMzQ3GJD9Eg&sigh=1uzdPUbxhr0&uach_m=%5BUACH%5D&cbvp=2&vis=1
Requested by: Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 8908 0
126 B 94ms
26ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kYaADe5BoAHYBJ2DYgICAAAA0LcIqiYp4_i-kuQJENjw0GV8rXiOUjsztSn-AAASAAAKCkFRVUJEd0VCRHc&wp=ZdDw2QAAtAwIVSSuAAHP1K4TizIpdEKtql2sSw&cbvp=2

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 155330
server: Kestrel
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame CDD8 38 KB
13 KB 19ms
19ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 376522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 09:10:39 GMT
expires: Wed, 12 Feb 2025 09:10:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 34EF 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAAtAwIVSSuAAHP1K4TizIpdEKtql2sSw&u=%7CdOQkJUNHFym3n%2BMO23dLlNEJwdBBiwxLwctY%2B0p%2FZ9U%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqBkwvNjl8q6XpDBaPhJ8cof9o4RENXMSOPFNJnChpmb8nLObVznKzvVZhrVQX9cU9RlVCnCvrXoy-NwdAxi8NJE3-fg1luQlV19khOI7XTm-bHBIwIInk-iNNMp1_3RWs1fxUknB9dHym9631vft-o4WNBbbNrcUmUwTuE8krZtaMs2tBOqvo3xJWXJ-CNOoMm_6EUvk-lKjuUsYDt8Pk20NLHsO_pOmXpHrmU6t9ZjqtMtu5sBPNglXcdcPaaioJybvdQQ82e_tuEwA6pKYtkrTwpxQDbvh634PVnexm5tjJUWmyuU3yEjYjCCtQAzGNrchDXpgiShySuujzCSdf3MKQmo6FWpawLAizcJWONFDQHJn7dnaIFp_2YFGqesTys9TMAQeMUicmRbTuB6wp1cWHX0lXz5C_qb6EJ2wpz0KdMs-sKdPeROzhoGxG2d1IV-rAu1r5wYqUnYPsWOACxWts4NNfWeARNx-IC6scXS3KvJmg_miC9qGXnKMuqFzmlQmJy6t3MWcsYfM0IuqpBwkF_Ycrcp2QOq62zigLCVnxxxsOdXePCKe7DrM8bG1bLXr17EwefnVlshORX42ISAw65rUV7qYzdc2f7BWJAUvZkn7PjCfBVdRaljketijA9MIJpIVyuoA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCF6uF2fDQZYzoAq7J1PIP1J-H8ALJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSYAk_QJfa9jhXKyunBw-Dqwijjl3YWZC_syIiwnvGkYyYp2VsOsSrth0yf42ImbbX3tHhEhfDZ586z24QisXVUyyRfq0pmtBBVJJQf4axybOwlsmwp3j8Zkiv3uGTqB6Mhs-LqD1v1y_4927a1wynaMRiwmhzkkVgG1PR9EV-cvk7pwLJND9MqoOQWDY-56a3eHi1Tzdb6DtoT_XkHhT_gSowW4vO5Pc8nDRDJ6X3smaI-GZKJONbDVT0GW1qW68n68gg0dabbcKw8fLes3zyj9oqgawgZq96Tf4X1vNc-JZGZ9C6ecVWZXMiam5SUfc7B_RF6WgnHprvytf5TNQFcqqhTuMGKX93k5PtyRM7vpiqFm1hBCt1MKnTgBAGABrru0K2p9oyp8QGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggnCJHhgHAQATIF64uAgCA6CYBAgICAgICEDki9_cE6WMm7rvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMIoeyu-PayhAMVriRVCB3UzwEu0BUBgBcB%26num%3D1%26sig%3DAOD64_0m3I7iClas9uLUlzcp8jkTGnZX7A%26client%3Dca-pub-3282547114800347%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H2 200 adchoices_nl.svg
static.criteo.net/flash/icon/ Frame 34EF 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_nl.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-754"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 34EF 308 B
636 B 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 34EF 293 B
621 B 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 34EF 43 B
348 B 73ms
16ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=ARHxarFHI0Mo13QRsNF-Opsx0Pvs91KosczS2-g9JyAN44QOT7Z90D4WQTBFHb69WYTsn0edThvWpCddqzwUa8P9L8BbEeP3QagsxMzaPXCIHHI2zexRqGUsI6VdLR3842AjC1FgyscZktUh0ClTtWf1mJurVUw_CL6G0PSXavpRogcRMGapb9JNejT6hjZqfqZS6ILx7YACgl-T2aA7N1ZNVTJela0e_kPbiQmpQIt5vL5wlZ7iFb7oBJEdwi_KnAzqYSSPdUcoMPqjZJHFOV6jiNg9WtH-lB_5-40UiEQ6ocla2bxOalppA88VfSFObrTbAQi8msM-JCyVNEPBjFfuBiW9Z9Z4Olei8FRxk_ER8utr2111gjkHJoM6ytta-w7dYBQ6KQZVWfFybEEg1wj9-3ss81HNeUUrwYPoz-EI-RiisySnCuhf6d3B7SShvfHqfg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2427136
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2A29
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

43 B
738 B

40ms
40ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6UTBDvqboCGNbo_twBMAE&v=APEucNWN2S_FXNS1hyqYcrnIvkvlHLaWjP8WpsTSgMjm98z0sqkb4d5PA71jCu2EtWkUGAXJ_Q6qOcVClF67OQg2XbfZIRyjYGMDpbpLcb4pKOxxxVXjSgWSRgwOECiNeGViiWZqYwhfJ0w6w9xY7_CAFdIbh2cvFnwOmtEjH7Niqv3mPVX-4t3zIgEhfBcw6vr4D2nrp3olZBQHll4bw7DhcXL8SV5O5Q
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aAUoCPsCZlPkqMDD4NY9CRmpL2CpiAhlWyY0Lbf%2FNsW5rrhK%2Bg9a6hGCIwMb%2Box5thgGvPeatv9qeIWyj%2BYcZ5dIbraPdIrV21XUw%2BELBTlzgHB%2BbTiYKAEiWYsiXSKy%2FPaFppw8DrL0Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8f1d9a835f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2A29
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdDw2bmqPTsAABeMABmKQQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1

43 B
736 B

38ms
38ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6UTBDvqboCGNbo_twBMAE&v=APEucNWN2S_FXNS1hyqYcrnIvkvlHLaWjP8WpsTSgMjm98z0sqkb4d5PA71jCu2EtWkUGAXJ_Q6qOcVClF67OQg2XbfZIRyjYGMDpbpLcb4pKOxxxVXjSgWSRgwOECiNeGViiWZqYwhfJ0w6w9xY7_CAFdIbh2cvFnwOmtEjH7Niqv3mPVX-4t3zIgEhfBcw6vr4D2nrp3olZBQHll4bw7DhcXL8SV5O5Q
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CCYnfjtD%2B6Q1EJSpVwHEkRsX8ZCVG%2B81WmVN78j87Rd4%2FJzgHqV7r7xXp4Y0D2nOkPMACaYTyZCvnseGbApu%2FUqzGd1Ff1R9uDvhDp9UHAzzSMJL5BvGMVOLdmLPMWTqGcV5fft4xxI59Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 856fd8f219e035f3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAiDokKPObqENJxKDp5j1us&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2A29
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBJFUJ27dma4YPsHSY7E4GE&google_cver=1

43 B
1 KB

36ms
36ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBJFUJ27dma4YPsHSY7E4GE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6UTBDvqboCGNbo_twBMAE&v=APEucNWN2S_FXNS1hyqYcrnIvkvlHLaWjP8WpsTSgMjm98z0sqkb4d5PA71jCu2EtWkUGAXJ_Q6qOcVClF67OQg2XbfZIRyjYGMDpbpLcb4pKOxxxVXjSgWSRgwOECiNeGViiWZqYwhfJ0w6w9xY7_CAFdIbh2cvFnwOmtEjH7Niqv3mPVX-4t3zIgEhfBcw6vr4D2nrp3olZBQHll4bw7DhcXL8SV5O5Q

Protocol

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
an-x-request-uuid: eb52f46f-d59f-4693-ab93-206a5bc65482
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBJFUJ27dma4YPsHSY7E4GE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2A29
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM0NTcwNDE1MDE3NDQxNjUwMQ%3D%3D

170 B
188 B

29ms
29ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM0NTcwNDE1MDE3NDQxNjUwMQ%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
an-x-request-uuid: 4c95070c-cad8-4ddf-b279-a3ebd606f196
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM0NTcwNDE1MDE3NDQxNjUwMQ%3D%3D
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://csync.loopme.me/?pubid=%3C12744%3E&gdpr=${gdpr}&gdpr_consent=${gdpr_consent}&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dloopme%26gdpr%3D0%26gdpr_consent%3D%26us_pr...
https://elb.the-ozone-project.com/setuid?bidder=loopme&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=e8a63ac7-8293-4622-b00d-713ae45b5b8b&gdpr_consent=${gdpr_consent}&gdpr=${gdpr}

0
886 B

64ms
64ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=loopme&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=e8a63ac7-8293-4622-b00d-713ae45b5b8b&gdpr_consent=${gdpr_consent}&gdpr=${gdpr}
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8f23d5a3801-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=loopme&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=e8a63ac7-8293-4622-b00d-713ae45b5b8b&gdpr_consent=${gdpr_consent}&gdpr=${gdpr}
date: Sat, 17 Feb 2024 17:46:01 GMT
server: _
content-length: 0

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 34EF 12 KB
5 KB 75ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6797756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2%2BWIPnMDSf4U5q283Yf8CJNQfJPmDwxfTVneFi0RRLP5u%2Fh0Q1KZF4sx7e6iKkktUwsE9pOcXz83cVQ19w69g82pMkwTVJ6dsqFwE3weO4HfFv2zJf8n9cNNZdC%2BiVxrNUnTwPBzFdjHOO7zprWdWWA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 856fd8f1e91c5d7c-FRA
expires: Thu, 06 Feb 2025 17:46:01 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 34EF 12 KB
6 KB 16ms
16ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 617A 234 KB
60 KB 92ms
87ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAF4C0IVTv1AAPCHP5IIYIBIzM36Dgehg&u=%7CdOQkJUNHFynVKxzKxhWZemOz5aC0GPdqm3GA4IAqvT0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNWAfGoXO4nLGGpugmDfhrYDe7l1vqZ7ZIDMbGvJnUYrWdlJQrHpgqcPCHCBdEREnz0k1uEmECGs3L1nEpsOi5hosSdQiydot1svd28zIAvL0lPwSV_PhIQV9uk49LP705ZMjY2fvux45lSB5NHubUuTjODPLkVxwDmvOF_KtpYleXlQudyUHUrmZqY5RbL4MQGNY8GXI-rrCK0rv7JsVPu4bJVUtLjNe-65_8F-eScCFRw2ocgPFnu8sS_sr0kQim-wRCVb4NJ6xBR1FgogV3LJ-YA3vPwsiFSkwc_pF0sM23vcEci-mOHvQWY8WgBH7V3TNlHZXDB_E3VurBl7yRxb6izZ4tNAHzXAfCXhUnDIZiLEg4I62D7YPs8N8hqFUkgtf87-Pp_8R1yVQn6Bh1Y7pkK9prO09VBARCM26GYb62vWudL10HnDC4iGxR6dZBpvBKllxWEoUAp_7IOs-ZDyoaOQSGwWMVfkR0ks56KV2A8KUyEj9Fcm3PIWncAztEUQFsac990Emxk8nUuqinogToMikdqFKtYZwlt0QKrGw37XyC6jTw72Wqai9BKhhnGF17Xk_QlpF7sA3FvoP73GxcpRsXRcWRmpjJL4chghZAeGztn8nMBSwhP1O3diBlYbMMK_23tuc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6A832fDQZa3AF_X31PIPnISP0AzJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSSAk_Qc6J7E0IcF0DoYeoc2YYeYtFRPHAt0HMdsbCkiXe4beS5UCk9lKJevW_VAe2UYLyWxSWnP_WQasf6wJM2GoYYKDdVooXXGzeRiIWFqfL7NmFeqchWx-ObtikKEXIdEqvs63VfV16g00t8_6i6uIiypDL32WpGz1ZihIRwGMII-fa43OxrNDAOXV9zf5OuO5OjayHXDe3tPlRt8EI8nl74UbArkiysEMJt0OUL7uYyILh8kOdHW6sOhvoDaOwaSa-eGmGWsD3VV0bnLvSyP9LfdgxMMzwtZpedHgA41tXdESMhECuQotUb9QbyIgD9T5KTMdbMg37R5CBccU9sgBxxPz-Gp3s6XsxNFdVDnQCB1_bgBAGABqbRj-vi9KHNngGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIDhgBAQATICqgI6CYBAgICEgICEDki9_cE6WODVwvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMI2YfD-PayhAMV9TtVCB0cwgPK0BUBgBcB%26num%3D1%26sig%3DAOD64_1dt8eyUBboplNqu16hvT74YZqvHg%26client%3Dca-pub-3282547114800347%26adurl%3D

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6062b68e4723a354112f553124c21bee946e9c4523e083be1807347e2bf695e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 17 Feb 2024 17:46:01 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=oCq9rs-VWgABWCOhR7FKFhew5ymtlGZDlH3wCe6h9LIekpa6zFtCKR8BlDXru4C4H51uY-UlPPV60l4XHz12M6jMnUHZXiB1HqDmeefXUaEj1ECCCeRcW9dCBwn6ZkLwdOWj-fXvK_70QzBZZ7PAK1rgC0CPHMbELdU-VXCj8kvIKs74ZwnvM6Nk40xk5ICiZBgVvD5yGOfpf4kFEmwnjfg5rS0WJyddCXl-y3q74O8a7KWQvlWD8emkBb2efzmffZD-xw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 67047584
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 7A03 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 15:14:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9069
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 15:14:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 7A03 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Mar 2024 16:59:21 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7A03 24 KB
6 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:56:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 377390
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 12 Feb 2025 08:56:11 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7A03 204 KB
61 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:35:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Feb 2024 18:35:48 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10347820662436277457/ Frame 3452 32 KB
5 KB 59ms
20ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d41fdbc334c758ac8fcc2b4f0382c716fba14d1d70fbadcb4b54fe1cb03ce90b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 376459
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5390
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 09:11:42 GMT
expires: Wed, 12 Feb 2025 09:11:42 GMT
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 011C 0
0 67ms
66ms Fetch
image/gif 172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvjZmB-6QgMNz3e7UI_Cjx88Y_w025O6xQahD45G_adE9gAVw2e7Xu2cBlcq_Hvb2XxeUqIk9XM1ervQi93Nj78ejUBCGlURT_-G7YErYV0fvQg4rjsEUpIsXJZXPSfZGXaO3DzA9UEcqiSCaq1DsjhGcBBxEvknh6unaV5uPk1cyN0P4J5ZvJmszu_6x7vLsrktpbciYBRMZnFeufUBD_4mqRrguxq2ySkJXfiAWDXvR8FVfSk30VnHOxEqDY5axliAXNuFyAMH2pvqCRkUIAK6JYQePfd2K1in3df00CtVjP_-TxYU4i29bt8mVPp3mbs4XjRyebegaMyMNjxGHdevAp3GYYlijkp5mWstTy1nGmEUSMCLX0nxSk6wzU4ueRF9aForZCHXC1F8xkpJAKzbpYjOm_5sTtbai1vuHzhah9ul2R7elTFGcF54IX5qxB5WUeq8fx_iKykmIJsuTBZI79EmPgrK3vY5kaHkiH0LqSGE9Zh15pzJIRWfAC8ZXge-aCWPReIHpCWFikFX1xJIOXcfofDN543bNR2PLdh-IzqVeruxL10AFWhq7PbQXbnbSgKytH03Y4pQxLRIeN9J17M8hEW106SYqxIsvoEk4A7CJGLuJnKBc9RbQe_KGNBDWhMJCgn_0ZvgVQigacNdIB3fjtCvNhnQbrIeES6wCbUltW4FZyD1be7KTRueO2RjZ8whfhxlu55tbfFU1BnRJc8_51VZtU4DgAFf6bngrwzVmkoPQaRWQt8DeI_ftSn5ADgQRTSXFVB5xkNnN2z_ZF52Qb18rFho5_hAlQm4uQ8W7iiQZ3qaMBU-FuZWqPEgtW1TNPbtP8ZQfU-joLyT9LtjU785AmN1tIxCzXEXMw_7j3SUCQBirBewAtvC-JmqSsU5tfdshEYnCl_paQbQWqoXH3G-BqcDCGKjzR5CRp2kTdVRYqRXCFD3RnvDKikjGi9swPeXpqVPCO842ykilpf8cmemyMj1FmlRJU7ulY8bkYiBlJCfm7A77n-psx-4OpVkRPk8DaDjpu0H-Iv0QpYQ8BdjKT_YCYKVj9J01ua0SNZv-6cuni--qIPpdPCj5wTLpzAfPtvNEciWZttZaAFD5UJieZpSs9lKRYt7pbl7SrgQlt_ORVy0eCfmXIJwizroRM2pK_tkvvzU6fiWrBKptOJgiEh7RiYQkSS5XVTySdGITZ8R9Rtp_x58vEQ_TZIwC42N1uiT4D7f2wnm0srbLRnzryugBMghQuNtKDW0IASpStfXNvNC8ShPeYOVJG58v-SG8aMgr4HIXUppdEler6mmjzibx8PUsUF5wEzVLH0NRQ7-v3GezGlujM0UHc7hwaXDdm8ktJ0pOc-sqzLdZvYeIYGCjh0HNnp2UCXifBhtOaTiEYUOoeEyQyRtMWwbCqSccmP4zVPvBP5XNaJkbROMTCOycMYLA8I2uqoycjyh5R65I1ptg&sai=AMfl-YSzcQiQkvJkPa1h771gEqEknKIu9vDernMde6Hz0BsX2FBg7DhGfMoRsuUak8WuLYU1v9E5O9ay_olwWgcl28IAM3IHsP3xwPa7WwSlWporZO9SH9dV8xJT9NOTOV6DTDYgKU-NFMPeAxiLw3I4lMdtNTnTnEwLmRzyIOsStO8qbnChmVgbNxDtHXbPBCtKYfW2VHEGf8t39J8s7EyTcAbQrsXK_2IZF4t5Z42hL72rtnc0gy0yLvxZGKx0i9eMZchT1HO0yUf3a0aPBJ7UPqL6WC2u7Ipou9nlBR3oIFTYpkDZ-nHds4_ZZF0NvnOQUbFlfuNKWgbWOIenhRqVl11BM3hI40KsCeA8iqqrB10yH1T2tY0bL7aqF7Ew48YzMk3Jx1Pt7GSdUy6athcmAY-ZSNGUskhMNlQbWaXkJACd3lC9GPtX4VtLO6QMi8W7DbPHXqWs0PUGKqZ3pESD7y0pZgw-W5jdvMgKm15aP1XQqXrMeoPPjq8XExgRwF5otKC_cg&sig=Cg0ArKJSzN3m-X6BGlh-EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9uaXlhbWEuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=207&cbvp=1&cstd=205&cisv=r20240215.66588&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 17 Feb 2024 17:46:01 GMT

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 92ms
52ms Preflight
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CgCEd2fDQZazRB9D2x_AP0eCcyAbH64XUdfaSzcesErCQHxABIJHi5B9gkYSAgIwYoAGcr_uoAsgBCeACAKgDAcgDSKoEogJP0NNkZ1N63Hbvsjyi0qovKCCCqh3PryfX7CFkyUs8d-HTsPfAL8zmuKnKE667_a2SHCg8FzxWDSVQVm1QDxQ2hXHYdv3-OpGzYUI9vBec3kv7Hjplo84sXXr6YdQ9ESeYfVfbHuUs7WS0V93CPWMRFSB5EoHX6Bgv4hBc239nWSASs1VLK0v7J0q6dI_A2Ldy4gMk-jC9jW9Ltj2hjaxLX1GV2wSNgR6XNUehLjX4OFAWjjlX3dgFtJ9Dd6xbp3t891dKhj9MpkluyzUPrO8cmK-l89QNqS-km07vE0yVU6UR6xjmymePbCKBdOY2STjlo8jSAIy2MIibiOG86m3SHAbmkFiMr83SmfE5B9jdYW34pVXb-OvhCM-xtibTL6ZiXcAE39avussE4AQBiAXsruaYTpIFBAgEGAGSBQQIBRgEoAYugAfM0ITXAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4b2AcA8gcEENubAtIIJgiA4YAQEAEYHTICqgI6CYBAgICEgICEDki9_cE6WIvYsvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0mgnkAWh0dHBzOi8vd3d3Lmhlcm8td2Fycy5jb20vP2RlbGF5ZWRzaWdudXA9dHJ1ZSZueF9zb3VyY2U9YWR4X2Fkd29yZHNkaXNwbGF5Lmh3X3diX3VjXy0uY2Mtd3dfZW4uZy1tLmEtMjU1NC5hdS1hbGwub3B0LXB1cmNoYXNlMi5jb20tbmV3YWMuY3ItaHRtbGNvbnYxLmNuLTcyOF85MC5scC1kZWxheWVkLmR0LWRpc3BsYXkuY2lkLTIwOTg5OTc0MzgwLmFnaWQtMTU3Njk0MDI4NjM5LmNzZC0wMTAyMjQuLYAKA8gLAeINEwickrP49rKEAxVQ-xEIHVEwB2nYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMTU3MDY2MTk2Mjg2Njk4MRiQ_RI&sigh=hPw5gYGRDgg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_cKyK_ORUJyDtFawkqJMODUEWVG1mjfwaKaUwhSYUUP1HrmQpjKe9upGD3E7FjJjvZww6qOwP4Lsib5wllssHkwK4vAL84sg5XBgB&template_id=419&cbvp=2&vis=1&nis=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 17 Feb 2024 17:46:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 18A6
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CgCEd2fDQZazRB9D2x_AP0eCcyAbH64XUdfaSzcesErCQHxABIJHi5B9gkYSAgIwYoAGcr_uoAsgBCeACAKgDAcgDSKoEogJP0NNkZ1N63Hbvsjyi0qovKCCCqh3PryfX7CFkyUs8d-HT...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213757703977636521844%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22...

0
0

116ms
52ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213757703977636521844%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2202-17%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211351084735998840481%22}&andc=true

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13757703977636521844","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["02-17"],"6":["true"]},"priority":"500","source_event_id":"11351084735998840481"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 17 Feb 2024 17:46:02 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 17 Feb 2024 17:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13757703977636521844","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["02-17"],"6":["true"]},"priority":"500","source_event_id":"11351084735998840481"}&andc=true
access-control-allow-origin: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 34EF 0
128 B 66ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=IkiGnM-VWgABWCOhOmLzmzvM910xbsH-2SpwJawH3NKZndZbMl6TvxVaHQn6vWONKxRYiddf6zQ2-_wOS38qdP85cts9opV365FCh-ueXH7Q9HswJy59l3oYh_E5EhvtGf6ffCY8r7r3XeMG2LeO9s_qttOBco6tTcou4HpiDCusSS9XesLcDxh0q-c7jvB_wLepNpvuJBeBLF4YvQ7BRDQssHQdCpX5UX3cuQYGOQtJfDWFCsMqJnf4tCnGMI2yQCYkzA&sds=2&rev=90666&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 34EF 2 KB
1 KB 20ms
20ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:01 GMT

GET
H3 200 O0fxLlxGdVrwDA1P0v8IbiijzEhqz-qxiFTNg42x2Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 6699 51 KB
19 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O0fxLlxGdVrwDA1P0v8IbiijzEhqz-qxiFTNg42x2Ow.js

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b47f12e5c46755af00c0d4fd2ff086e28a3cc486acfeab18854cd838db1d8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:40:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 335102
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19867
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:40:59 GMT

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame CDD8 39 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 08:12:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Feb 2025 08:12:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8F45
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

28ms
28ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/singleplayer
Protocol: H2
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Redirect headers

date: Sat, 17 Feb 2024 17:46:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7A03 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba0620d5f2b9dea906218ec98f53ef30c04ed4002a31bd8ddd93db117d6178e9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6d2ffcf2f345faf1241bbdc8550c4c21.js Show response
s0.2mdn.net/sadbundle/10347820662436277457/ Frame 3452 91 KB
27 KB 21ms
20ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/6d2ffcf2f345faf1241bbdc8550c4c21.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84ac4635e0d5dbbf1984587cfce326b2e435f514386d472984813d567c8494ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Wed, 12 Feb 2025 09:03:33 GMT
date: Tue, 13 Feb 2024 09:03:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27139
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 617A 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZdDw2QAF4C0IVTv1AAPCHP5IIYIBIzM36Dgehg&u=%7CdOQkJUNHFynVKxzKxhWZemOz5aC0GPdqm3GA4IAqvT0%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyMCnTpn87UHNWAfGoXO4nLGGpugmDfhrYDe7l1vqZ7ZIDMbGvJnUYrWdlJQrHpgqcPCHCBdEREnz0k1uEmECGs3L1nEpsOi5hosSdQiydot1svd28zIAvL0lPwSV_PhIQV9uk49LP705ZMjY2fvux45lSB5NHubUuTjODPLkVxwDmvOF_KtpYleXlQudyUHUrmZqY5RbL4MQGNY8GXI-rrCK0rv7JsVPu4bJVUtLjNe-65_8F-eScCFRw2ocgPFnu8sS_sr0kQim-wRCVb4NJ6xBR1FgogV3LJ-YA3vPwsiFSkwc_pF0sM23vcEci-mOHvQWY8WgBH7V3TNlHZXDB_E3VurBl7yRxb6izZ4tNAHzXAfCXhUnDIZiLEg4I62D7YPs8N8hqFUkgtf87-Pp_8R1yVQn6Bh1Y7pkK9prO09VBARCM26GYb62vWudL10HnDC4iGxR6dZBpvBKllxWEoUAp_7IOs-ZDyoaOQSGwWMVfkR0ks56KV2A8KUyEj9Fcm3PIWncAztEUQFsac990Emxk8nUuqinogToMikdqFKtYZwlt0QKrGw37XyC6jTw72Wqai9BKhhnGF17Xk_QlpF7sA3FvoP73GxcpRsXRcWRmpjJL4chghZAeGztn8nMBSwhP1O3diBlYbMMK_23tuc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6A832fDQZa3AF_X31PIPnISP0AzJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSSAk_Qc6J7E0IcF0DoYeoc2YYeYtFRPHAt0HMdsbCkiXe4beS5UCk9lKJevW_VAe2UYLyWxSWnP_WQasf6wJM2GoYYKDdVooXXGzeRiIWFqfL7NmFeqchWx-ObtikKEXIdEqvs63VfV16g00t8_6i6uIiypDL32WpGz1ZihIRwGMII-fa43OxrNDAOXV9zf5OuO5OjayHXDe3tPlRt8EI8nl74UbArkiysEMJt0OUL7uYyILh8kOdHW6sOhvoDaOwaSa-eGmGWsD3VV0bnLvSyP9LfdgxMMzwtZpedHgA41tXdESMhECuQotUb9QbyIgD9T5KTMdbMg37R5CBccU9sgBxxPz-Gp3s6XsxNFdVDnQCB1_bgBAGABqbRj-vi9KHNngGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIDhgBAQATICqgI6CYBAgICEgICEDki9_cE6WODVwvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0-gsCCAGADAHiDRMI2YfD-PayhAMV9TtVCB0cwgPK0BUBgBcB%26num%3D1%26sig%3DAOD64_1dt8eyUBboplNqu16hvT74YZqvHg%26client%3Dca-pub-3282547114800347%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 adchoices_nl.svg
static.criteo.net/flash/icon/ Frame 617A 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_nl.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-754"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 617A 308 B
636 B 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 617A 293 B
621 B 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 617A 43 B
347 B 22ms
22ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=ddsRvkVk3VvfIs55wUP3X0ZUK42SgfNAJZCZnDPDuxIHyQt2dTkPXYuz8V_1dli0ORZGnSUsevKdA_kpnqS5OSrqkooXbN9R8j5Sz1pKmadiNys6T8jExMSiSII-lRdoLJrSVySnfpqG2t8fylsQ02xtJpGWBvw-LGHWop-txvbsx9BN89qF31sfKbVU00X7Ed6Hhq2x2QJJ25F9EBjRUd0YutHc2U_Ne47VaS566RXpz25r00Maxu_XlyBj8llig2Nz50vGAeR22AZcQgXBgWZ59tBnbaT0Ux6U6A5M9MctArjuKdT0K05mW1_2HlZlAFcHg1Xz00Mc4MCVJgzi72yKbL18McA_nOOAomNVp8u1y4Z_HIT8gwobdqSGmJ8E4l9dGme0HHhFVhDfGaKzzXIC6lFGXTXy9fCUyRSv94a59y9brQ7pWjndZoPrHxSGvD1Afg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2456921
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 barlow-400.css
static.criteo.net/design/googlefont/barlow/ Frame 34EF 1017 B
705 B 17ms
17ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/barlow/barlow-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

1acdff1e7f03270a5ca5581b0ca780826d0ade45170440604ee5228cc3077ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 13:54:47 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391eca7-3f9"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 barlow-700.css
static.criteo.net/design/googlefont/barlow/ Frame 34EF 1017 B
705 B 16ms
16ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/barlow/barlow-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

14f4a8ac3755c13bb7b177a4801fd5dfeb182fa283a2f48367047f9ba00dc91e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 13:54:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391eca8-3f9"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 617A 12 KB
6 KB 22ms
22ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://b1h-euc1.zemanta.com/usersync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Doutbrain%26gdpr%3D0%26gdpr_consent%3D%26us_priv...
https://elb.the-ozone-project.com/setuid?bidder=outbrain&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=&gdpr=0&us_privacy=pbs-ozone

0
776 B

75ms
74ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=outbrain&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=&gdpr=0&us_privacy=pbs-ozone
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8f36ed43801-FRA
content-length: 0
expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 17 Feb 2024 17:46:02 GMT
Content-Type: text/html; charset=utf-8
Location: https://elb.the-ozone-project.com/setuid?bidder=outbrain&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=&gdpr=0&us_privacy=pbs-ozone
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 178
Expires: Thu, 01 Dec 1994 16:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 105ms
53ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 17 Feb 2024 17:46:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 11 KB
11 KB 102ms
57ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=104&m=0&partner=14606&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F26415%2F211223%2F1091f9f6368e43618fc1495fdc1ac84b_logo_65wmkf_babista.png&v=3&w=596&rid=4&s=0nDeUQ5KaeYX9JkuUPVkHfR0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bace398dbbe26b007f372931fad40ee9e5c40a8589064e29156a5517d4c0602b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10938
expires: Sat, 08 Feb 2025 01:41:23 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 16 KB
16 KB 93ms
48ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPoloshirtULVIENTO__326651501.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=krnF-50LTyx2oOSuFnKp5gQF&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2bccceaa3286aeb7b8340996ec4f0ef9ac1ee01ea6356d7b33b73ef148f82b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 16540
expires: Fri, 15 Mar 2024 11:37:06 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 59 KB
59 KB 71ms
26ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPoloshirtMONZIO__329078301.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=m_bCaMlxX-B1Ell-Nl3X6DWZ&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7aa7daa0580c0b918604219d43387e6b0d3ebf1a4a1df49d29d285069fd35ca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 60324
expires: Sat, 02 Mar 2024 16:09:12 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 38 KB
39 KB 103ms
57ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FHemdSTEFZIRANO__326359301.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=ZYA-T8HzbYUEydNbNjDcYGmh&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b186e562bb643ca87e93a8c2a1bf72eeec3d2ea632477f276c7d1497bfaaf451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 39408
expires: Wed, 21 Feb 2024 02:07:29 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 17 KB
17 KB 97ms
52ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPoloshirtTRENZIO__329095801.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=tyCbeH8EqZ7R6QosIYI0jdYu&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0ccec4b622de2055b310d588a23bbc048d55436f0aedef2097c362beded5553e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 17310
expires: Mon, 18 Mar 2024 17:44:53 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 6 KB
7 KB 97ms
52ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatshirtLUCIVENTRO__326150101.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=YGs59OrHsvLiJFEIx4IDEmFv&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

71984d3586c80e2a75de2e706a4d02ca11bff9a6f39f194556087bd8b8a16134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 6610
expires: Tue, 20 Feb 2024 05:22:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 34 KB
34 KB 25ms
24ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatshirtFIORIVESTO__326620801.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=zbueKgqvag4dSD6E8EUS3AIQ&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f891126beb912f66db962a9405bde9cb418239495433e6423341000398b7dfbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 34592
expires: Sat, 02 Mar 2024 01:55:24 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 10 KB
10 KB 21ms
20ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatshirtBELLAVERZI__326386701.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=QTnm-s2VwuGiDX4YD_u7Yov-&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

322913b5b7bb2782da4fef9e1fc6a9f2696c99a420c318dcd3c2236dc5b818f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 9828
expires: Sat, 16 Mar 2024 11:40:10 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 9 KB
9 KB 23ms
22ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatshirtLUCIVENTRO__326149401.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=fm87zUwth0wciMSRz-mFa5Dr&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4ff8b04aa8b5a61b07f7b39a809607111002bfb9d44713b7a2dd0248dfcaf5be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 9406
expires: Mon, 19 Feb 2024 11:09:28 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 63 KB
63 KB 50ms
48ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPulloverVIERENTO__326162401.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=3Oe_pm0qU0GC8ThjVr9XVNmS&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

72160e5fb5022ed8e67ef698c166cf156fc75b97d1a457fcc127ab4aba7da844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 64376
expires: Mon, 19 Feb 2024 09:17:37 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 8 KB
8 KB 52ms
51ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FJeansSTEFLI__326185601.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=T6l4LIEZRGPDoeuBxYD4IwZF&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

792165293f52605878225df149ea9783923983fec57aa163d355744e678607ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 8392
expires: Tue, 20 Feb 2024 09:43:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 40 KB
40 KB 52ms
51ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPoloshirtTOSCARELLO__326651701.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=8qIu5GIFt9Xke_U8XA5r_agH&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

de7e8e948d5f3d00ad167911ecd40a0c25e7a6fca2a52dd102c57aca8522123d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 41220
expires: Wed, 21 Feb 2024 00:12:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 21 KB
21 KB 30ms
29ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatjackeLUCIVERO__326219701.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=D5DmDYbPeLn7mzH2Pdx-s0C-&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

384693e04ae63abcf9831052624dae083ed79d5595722735679df92730f66355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 21662
expires: Sun, 18 Feb 2024 14:53:02 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 4 KB
4 KB 51ms
50ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FJeansVESTOROSA__326695901.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=ciio7rX8hHX-GiTYPxrY0Wzz&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0809300bb652a3b516179fd74025fee437aaf011dbe5c0089b682c6faa3ff1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 3856
expires: Sat, 16 Mar 2024 18:52:09 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 18 KB
18 KB 53ms
52ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FSweatshirtFIORIVESTO__326664701.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=Fj0eSY70Wut8vyJL81xhJznN&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0c9d262d755b980141bd625ab12d19652b33372b870deec9e77c0fb106aff9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 18102
expires: Sat, 24 Feb 2024 08:13:43 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 617A 61 KB
62 KB 54ms
53ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=14606&q=80&r=0&u=https%3A%2F%2Fsuperzoom.onlinesuperimage.com%2Ffsicache%2Fserver%3Ftype%3Dimage%26source%3D%2FBABISTA%2FPoloshirtFIORENTA__329095401.png%26width%3D600%26height%3D600%26effects%3DPad%28CC%252CF1F1F1%29%252CMatte%28FFFFFF%29%26format%3Djpeg%26padding%3D3%252C3%252C3%252C3&v=3&w=800&rid=4&s=bKyZFSnAVJdPVqNGrDIA3t4c&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4d7e3108ba3230949cba31770e396ce9c3c3f0a5dc38149e594be4f2ee07cf06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 62882
expires: Sat, 24 Feb 2024 08:43:14 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 617A 0
127 B 12ms
12ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=oCq9rs-VWgABWCOhR7FKFhew5ymtlGZDlH3wCe6h9LIekpa6zFtCKR8BlDXru4C4H51uY-UlPPV60l4XHz12M6jMnUHZXiB1HqDmeefXUaEj1ECCCeRcW9dCBwn6ZkLwdOWj-fXvK_70QzBZZ7PAK1rgC0CPHMbELdU-VXCj8kvIKs74ZwnvM6Nk40xk5ICiZBgVvD5yGOfpf4kFEmwnjfg5rS0WJyddCXl-y3q74O8a7KWQvlWD8emkBb2efzmffZD-xw&sds=2&rev=90666&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 617A 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8F45 0
0 64ms
64ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CptxY2fDQZfrMF6qG1PIPuuuOkAOXranwdezZnLWrErCQHxABIJHi5B9gkYSAgIwYoAGcr_uoAsgBAuACAKgDAcgDCKoEnQJP0B6HHWeLKNO_t9K37SYyTku-vA6Wb4LpZJrsEdkKvaqpZlkeJuy-S5SV_ZwPyjr2KBzaf2ZcClPKxIaORfjXad02gxNozpxe7A9LV8nTED9NpQ4oJJ-PJsld3Lz2TxqLP0m0dCtIHTmULKoWvo0mQRrDZxgdUvV-a0fj28DWW4Q9vyN5u2MEXUgu1_RPcPCI-9Wis6svNlncWxq26d7fuOZCVBRCyyjoRllw46g_jO4u1024B3XiazXv2E5hJ3CZAnV6vxqzFiscyopE-tQqHlXD7SyF0-c3sQly9-1UwfsOjfRdbGIukRmSGDdmtMNlG-SfDoHUqM1YNLyLDH24FyD4RXBEQhtnTMzb8GjB7T3SJJYyl5B20o1IwdXABKvP4IflBOAEAYgFyLLqqE6SBQQIBBgBkgUECAUYBKAGAoAHzNCE1wGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAfIHBBDbvgPSCCYIgOGAEBABGB0yAqoCOgmAQICAhICAhA5Ivf3BOliW8cL49rKEA_IIG2FkeC1zdWJzeW4tNDgzNjY4NjY1NDc1MDM4NJoJ7gFodHRwczovL3d3dy5oZXJvLXdhcnMuY29tLz9kZWxheWVkc2lnbnVwPXRydWUmbnhfc291cmNlPWFkeF9hZHdvcmRzZGlzcGxheS5od193Yl91Y18tLmNjLXd3X2VuLmctbS5hLTI1NjUuYXUtcHV6emxlX2F1Lm9wdC1wdXJjaGFzZTIuY29tLW5ld2FjLmNyLWxlZ2FjeWxvb3Q3My5jbi0zMDBfNjAwLmxwLWRlbGF5ZWQuZHQtZGlzcGxheS5jaWQtMjEwMjM1OTQ4MjQuYWdpZC0xNjQ1NjcxOTc2MTEuY3NkLTEzMDIyNC4tgAoDyAsB4g0TCNGew_j2soQDFSoDVQgdurUDMtgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi0xNTcwNjYxOTYyODY2OTgxGJD9Eg&sigh=VsB53XffK-w&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTwAvHhf_JCpbNRqclHiDOgWFbdkchOZxdwFrObKJJli_253qlhtYk59fCyyVp-SzBnPbeQ8hWb6job8t6WltCCAuFmdTROKB6Siw8bgUU4cYAQ&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 barlow-400-latin.woff2
static.criteo.net/design/googlefont/barlow/ Frame 34EF 21 KB
21 KB 55ms
30ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/barlow/barlow-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/barlow/barlow-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/barlow/barlow-400.css
Origin: https://ads.eu.criteo.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 13:54:46 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391eca6-5298"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 11 Feb 2025 17:46:02 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 3452 13 KB
6 KB 109ms
33ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10347820662436277457/6d2ffcf2f345faf1241bbdc8550c4c21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 22:46:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 154748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 22:46:54 GMT

GET
H3 200 a618878085f25e85e82e2d2cde62e0f0.jpg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 73 KB
74 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/a618878085f25e85e82e2d2cde62e0f0.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a23dc622c53ccbeb6a6f008f67e10fb1999d3fab6afa17d410a92680b3cf058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Thu, 13 Feb 2025 04:44:26 GMT
date: Wed, 14 Feb 2024 04:44:26 GMT
x-content-type-options: nosniff
age: 306096
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75239
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 a917a8a6e55e1480180aa06e8ed95e67.svg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 35 KB
11 KB 20ms
20ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/a917a8a6e55e1480180aa06e8ed95e67.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e3ea11cdabcf2683bd67e1b664a71c81a7722bb59963ef632fdb3f5cd53ab13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Sat, 15 Feb 2025 16:04:56 GMT
date: Fri, 16 Feb 2024 16:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92466
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11359
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 54ms
54ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202402150101&jk=1706768843899614&bg=!sbKlsv3NAAZN4L4YbeA7ADQBe5WfOEbXpajZ2JygHtTx_ClUUk4JCU7ehl4_4I_lAIiFQ7pv0uAKrlspr1-tuf1FLwYCAgAAAJpSAAAAAmgBB5kCxexqq3FVjgE-CBlCNsiwBx2NvR7meE2f1OKn6-ln31sVGN5gerBx-ZEfmFiLemEvD7nsl_dXLjtF3eQiKxw86fSAHrIPuO1Y67KR1O4Uzs0kHo2TL0oiE-q6H4iIZ2-xGTFKwg2Rzk-v1YFyJdEpD1bmhADBB3AJO0otrTfbOCSk7386DIGW0yi0Uzu5svF3G3bmHZkppgS4f2n_6bldwqIqIsd60-l4lgvzOz1j2Zhg889l74urfTOBttrebw06S0sL7QmTMz-VNXFsrIHKqPRWj8Nhes6iRaCwC9Arv2n5dYxm3v6iXc1kKwvVYfVmX2H6Q5o8WSsurgEAPbrG1Cc79hyJl4J5YtTM3GpOUDw8sRZHR7G1YZUOJB5J0GVStNXXji_c4BEb07cLXlxDq6BGj1QyeEK4N4U8eGNQ2m7kFnD3rzHBab-WNaS10FQ_g0VxobqrYvdmmDgg6nZAHgog6v7H8eOMpy-7hdwFIgApXRUlUDgjJ_VxdunH5eTGMRWuksdgujrX9L32P50ECPX-qb0VdXiP93hYGtSsJklEZelGTjmsJ9xho6UY0WVZWugPV4IZTOAqDvzK83pedCPWP5ebGj_qfeq6e--QBCWClGvoTPad3ygvvX9uC8zvK5i2eNCij4EOD3AMmgWKKOSvSwerzkSIoVvYN9XnC5JoOIK8eSyLsrPfrNokf-qFQoikZ13BBCFVU-_eKRiE8vjpi9-uxYC6_kVQOPRqLBPF2N0lXmstSCLkqm-PXKcLPrIjBvoV07hGWDAF1c5IB7NxBs5tKdcXNtOlMz1qk7Sq4TmulRAc5QKAJhFzjeljjaouLra9vrHUoF0-qy4FrMTNabDRd2jY2DUOTQxhKIy-a2PpqsSFl0IuTMfT731n7agAlaBz18XF0-krwNVo1IT10CLeDnve9ymObnWhKeJ4kzvpSEY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 28BC 0
915 B 13ms
13ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
an-x-request-uuid: d6b4523d-0f4c-448d-a783-d1c6596aeebd
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 5.79.98.55; 5.79.98.55; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CDD8 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bac3S2fDQZerHAvT71PIP8s2M0AQAAAAAOAHgBAI&bg=!XV6lXhHNAAZN4L4YbeA7ADQBe5WfOOOLGLIZfjSemdK5SFBVQid03rUjqFYAK3tTgnPSOTo6hFXj0Ue4UR8wiQai2gsxAgAAAH1SAAAAAWgBB5kDD4usp-Gm0geDYxOET_UCVZzCNiKftQ4vT_RZUXMPRcPooUrGDfJW1Nw4XYPizOhDOYWnGdXM37LPUWS9yO0zb4W_Yq9KRpKBdgERQqEJiD6w3eo9LbrtYu5brmAZxfD6r40x27mjBsXADeYETmhiYYNmGjmqPtZ6RJG1dCFz-gLwV6V3gqcuAYyERPRIndqIIiZpN3Kx_aebBQW-HV-zxFg_Tdy4DyOSfkTJth0h7EvKUFDH4CZBeTP7rJSaRNtZVC5c7uey5BuBr2iT6bVzWbBmMfCpVZPnovPkBfCUaIurQODZH7rP1mysSLZP7a4zJCOzyMAnwfRd7iZVEz7JaLXr7OLekJVSAKtSG_BuWh1VTX1ML7TNNlfbg-uANvZyx2YAqeU0BYFDIH0MkWvBbKezXD-_IHrlVNwxL95CTKeKosDEp1YqFVSfmbg8pUyO_KHSCp6cLkNC0_Y1WggSyq2Arrmm6_dVCf1QmvJuaZ8QE7xjfoibQrV3iDIvSuA-pcY5VSLs5_fLIFhk0BbkahuBCnKXWOfFbHHPCO8z3PYBafj1FyL37_NvKeaNJPQDGAIkaKkQbpYO7DXUVg-HSLiars3iB6tBSInwwvp6_fjuWTrFAmVCAYV8k7-8ilYoKwq6CAXP2SUwTvqlIDY2OU6Pn3sWQgYCTMH4kbV1z2NV7huwSQvXUBxwuk0XFTqar1Rn-_aeNjDx2_Uo4tRf8MQGzGUuSUV7XZCRllDPoI2TTLtZjkNDbcfRtqHTG7c_k0UVLLqk1K0-10mhd_WjVe24ccGhcOXqIXAL7bMJC-F2kBeOdQdXyuG10WOXxCcqC5fCRI04bArTHK9JD-in2esguhFTYgPQeHPSRqUOsQjM1TBywVpgfyVdHwdcJicBhdGhMgzcptv-hOhqK-w6Xdxc2DtYPMHJq5i7JBpfjzRFqFTwXvF6LXv5tQ3jWL4KiqgskqS_sVMj8M5MCJ6C607hEYAhKRUF7_9AmCfkcNQ6dwRtivWcWM_actCErnUhNiVhMybUSBjQrmhx2nuqHA

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 075E 70 B
149 B 103ms
31ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7A03 0
0 60ms
60ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CB6as2fDQZa3AF_X31PIPnISP0AzJntKxXNWdkfdwwI23ARABIABgkYSAgIwYggEXY2EtcHViLTMyODI1NDcxMTQ4MDAzNDfIAQmpAuwUsmdyFLI-4AIAqAMByAMCqgSPAk_Qc6J7E0IcF0DoYeoc2YYeYtFRPHAt0HMdsbCkiXe4beS5UCk9lKJevW_VAe2UYLyWxSWnP_WQasf6wJM2GoYYKDdVooXXGzeRiIWFqfL7NmFeqchWx-ObtikKEXIdEqvs63VfV16g00t8_6i6uIiypDL32WpGz1ZihIRwGMII-fa43OxrNDAOXV9zf5OuO5OjayHXDe3tPlRt8EI8nl74UbArkiysEMJt0OUL7uYyILh8kOdHW6sOhvoDaOwaSa-eGmGWsD3VV0bnLvSyP9LfdgxMMzwtZpedHgA41tXdESMhECuQotUbtwTTsIBun6814fEWD144QC57e_lmrgTzi_e7AYmFQOBVjR_XvengBAGABqbRj-vi9KHNngGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIDhgBAQATICqgI6CYBAgICEgICEDki9_cE6WODVwvj2soQD8ggbYWR4LXN1YnN5bi00ODM2Njg2NjU0NzUwMzg0gAoD-gsCCAGADAHiDRMI2YfD-PayhAMV9TtVCB0cwgPK0BUBgBcBshccChoSFHB1Yi0zMjgyNTQ3MTE0ODAwMzQ3GJD9Eg&sigh=ErY7ZtECUKY&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_2IPRG-a0YrFb2sIlDcij2fwhL-FKCuBPbE1_50kGCNj9Ib9_IqmAVXeupYpjLoR7dKCeXBT0Y5M0-C28Xn00mgujhpM6JUXD8jwYAQ&cbvp=2&vis=1
Requested by: Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 7A03 0
126 B 54ms
13ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kcP0C5mlBKwC2ASdg2ICAgAAANC3CKomKeP4vpLkCRDY8NBlnVpE_SgJe094xAAAEgAACgpBUVVCQVFFQkFR&wp=ZdDw2QAF4C0IVTv1AAPCHP5IIYIBIzM36Dgehg&cbvp=2

Requested by

Host: 26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:01 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 138030
server: Kestrel
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 3452 390 B
713 B 78ms
30ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lustria:400

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad55601942a04362c48260474dbc57ea47087c18631805b784e1def5e540eaee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 17 Feb 2024 17:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 17 Feb 2024 15:54:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 17 Feb 2024 17:46:02 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&s=pbs&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Damx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-o...
https://elb.the-ozone-project.com/setuid?bidder=amx&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=

0
431 B

61ms
61ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=amx&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8f4f9013801-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=amx&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=
date: Sat, 17 Feb 2024 17:46:01 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 011C 0
0 54ms
53ms Fetch
image/gif 172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvjZmB-6QgMNz3e7UI_Cjx88Y_w025O6xQahD45G_adE9gAVw2e7Xu2cBlcq_Hvb2XxeUqIk9XM1ervQi93Nj78ejUBCGlURT_-G7YErYV0fvQg4rjsEUpIsXJZXPSfZGXaO3DzA9UEcqiSCaq1DsjhGcBBxEvknh6unaV5uPk1cyN0P4J5ZvJmszu_6x7vLsrktpbciYBRMZnFeufUBD_4mqRrguxq2ySkJXfiAWDXvR8FVfSk30VnHOxEqDY5axliAXNuFyAMH2pvqCRkUIAK6JYQePfd2K1in3df00CtVjP_-TxYU4i29bt8mVPp3mbs4XjRyebegaMyMNjxGHdevAp3GYYlijkp5mWstTy1nGmEUSMCLX0nxSk6wzU4ueRF9aForZCHXC1F8xkpJAKzbpYjOm_5sTtbai1vuHzhah9ul2R7elTFGcF54IX5qxB5WUeq8fx_iKykmIJsuTBZI79EmPgrK3vY5kaHkiH0LqSGE9Zh15pzJIRWfAC8ZXge-aCWPReIHpCWFikFX1xJIOXcfofDN543bNR2PLdh-IzqVeruxL10AFWhq7PbQXbnbSgKytH03Y4pQxLRIeN9J17M8hEW106SYqxIsvoEk4A7CJGLuJnKBc9RbQe_KGNBDWhMJCgn_0ZvgVQigacNdIB3fjtCvNhnQbrIeES6wCbUltW4FZyD1be7KTRueO2RjZ8whfhxlu55tbfFU1BnRJc8_51VZtU4DgAFf6bngrwzVmkoPQaRWQt8DeI_ftSn5ADgQRTSXFVB5xkNnN2z_ZF52Qb18rFho5_hAlQm4uQ8W7iiQZ3qaMBU-FuZWqPEgtW1TNPbtP8ZQfU-joLyT9LtjU785AmN1tIxCzXEXMw_7j3SUCQBirBewAtvC-JmqSsU5tfdshEYnCl_paQbQWqoXH3G-BqcDCGKjzR5CRp2kTdVRYqRXCFD3RnvDKikjGi9swPeXpqVPCO842ykilpf8cmemyMj1FmlRJU7ulY8bkYiBlJCfm7A77n-psx-4OpVkRPk8DaDjpu0H-Iv0QpYQ8BdjKT_YCYKVj9J01ua0SNZv-6cuni--qIPpdPCj5wTLpzAfPtvNEciWZttZaAFD5UJieZpSs9lKRYt7pbl7SrgQlt_ORVy0eCfmXIJwizroRM2pK_tkvvzU6fiWrBKptOJgiEh7RiYQkSS5XVTySdGITZ8R9Rtp_x58vEQ_TZIwC42N1uiT4D7f2wnm0srbLRnzryugBMghQuNtKDW0IASpStfXNvNC8ShPeYOVJG58v-SG8aMgr4HIXUppdEler6mmjzibx8PUsUF5wEzVLH0NRQ7-v3GezGlujM0UHc7hwaXDdm8ktJ0pOc-sqzLdZvYeIYGCjh0HNnp2UCXifBhtOaTiEYUOoeEyQyRtMWwbCqSccmP4zVPvBP5XNaJkbROMTCOycMYLA8I2uqoycjyh5R65I1ptg&sai=AMfl-YSzcQiQkvJkPa1h771gEqEknKIu9vDernMde6Hz0BsX2FBg7DhGfMoRsuUak8WuLYU1v9E5O9ay_olwWgcl28IAM3IHsP3xwPa7WwSlWporZO9SH9dV8xJT9NOTOV6DTDYgKU-NFMPeAxiLw3I4lMdtNTnTnEwLmRzyIOsStO8qbnChmVgbNxDtHXbPBCtKYfW2VHEGf8t39J8s7EyTcAbQrsXK_2IZF4t5Z42hL72rtnc0gy0yLvxZGKx0i9eMZchT1HO0yUf3a0aPBJ7UPqL6WC2u7Ipou9nlBR3oIFTYpkDZ-nHds4_ZZF0NvnOQUbFlfuNKWgbWOIenhRqVl11BM3hI40KsCeA8iqqrB10yH1T2tY0bL7aqF7Ew48YzMk3Jx1Pt7GSdUy6athcmAY-ZSNGUskhMNlQbWaXkJACd3lC9GPtX4VtLO6QMi8W7DbPHXqWs0PUGKqZ3pESD7y0pZgw-W5jdvMgKm15aP1XQqXrMeoPPjq8XExgRwF5otKC_cg&sig=Cg0ArKJSzN3m-X6BGlh-EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9uaXlhbWEuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=650&vt=11&dtpt=443&dett=3&cstd=205&cisv=r20240215.66588&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 17 Feb 2024 17:46:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 17 Feb 2024 17:46:02 GMT

GET
H2 200 9oRONYodvDEyjuhOnC8zMw.woff2
fonts.gstatic.com/s/lustria/v13/ Frame 3452 11 KB
12 KB 65ms
19ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lustria:400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08e0a7e1c290b0d6d3f7c21866d6ddb921ea10afcd18abfbdd63875339e94c77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:53:45 GMT
x-content-type-options: nosniff
age: 377537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11716
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:29:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:53:45 GMT

GET
H3 200 a917a8a6e55e1480180aa06e8ed95e67.svg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 35 KB
11 KB 19ms
19ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/a917a8a6e55e1480180aa06e8ed95e67.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10347820662436277457/6d2ffcf2f345faf1241bbdc8550c4c21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e3ea11cdabcf2683bd67e1b664a71c81a7722bb59963ef632fdb3f5cd53ab13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Sat, 15 Feb 2025 16:04:56 GMT
date: Fri, 16 Feb 2024 16:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92466
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11359
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 70809388b74ce267d31ae041085404fb.jpg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 83 KB
83 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/70809388b74ce267d31ae041085404fb.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23c58ec7411480f6410ab9bba9fc7e51b73d273e0bc7561a2674cf0ab99f42c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Fri, 14 Feb 2025 15:38:51 GMT
date: Thu, 15 Feb 2024 15:38:51 GMT
x-content-type-options: nosniff
age: 180431
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84671
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 204 current
prebid-match.dotomi.com/match/bounce/ Frame 075E 0
104 B 131ms
66ms Image
text/plain 2a02:fa8:8806:21::1690
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&rurl=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dconversant%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:21::1690 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://sync.go.sonobi.com/us.gif?gdpr=0&gdpr_consent=&loc=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D[UID]
https://elb.the-ozone-project.com/setuid?bidder=sonobi&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=5769215e-2ece-4868-9a09-2bc9879530dd

0
895 B

57ms
57ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=sonobi&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=5769215e-2ece-4868-9a09-2bc9879530dd
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8f86d263801-FRA
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:02 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-31
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://elb.the-ozone-project.com/setuid?bidder=sonobi&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=5769215e-2ece-4868-9a09-2bc9879530dd
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpb...
https://elb.the-ozone-project.com/setuid?bidder=unruly&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=OPTOUT

0
1 KB

71ms
71ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=unruly&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=OPTOUT
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8f92e023801-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=unruly&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=OPTOUT
pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0
etag: OPTOUT
content-type: text/html

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7A03 42 B
174 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssD-1r3DCxjHVsHrHr3Ec64uH1TQMIJostIQCOFyCSTww8f0fiyYWUlrM7MRzLELY4JX64huLz4iVkZRdA7aqcydNBebeFf0xSWcurqD0KnhK_I1DW82MnFgYNIKPStuJZrDutarA&sig=Cg0ArKJSzLexYNd3uDy7EAE&id=lidar2&mcvt=1000&p=300,1168,900,1468&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3420047787&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=412476100&rst=1708191961777&rpt=225&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: icedodo.onionfist.com
URL: https://icedodo.onionfist.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8F45 42 B
64 B 54ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1s9yVWZr50gDsdsY5onLVUz3TG3cghrL2F_ZHUzN8UlqEOfa_qv8wbUgGFJK-2PH6MsymrMXcgxlXm_Ae1YX5wbesxHI4ACttXLYB-qYAJAtcYKRNDLJH9cLegSmxTnPvlsnrkJmJM6Tlo_Dwq7eHBgXQKYN-lrOCog&sai=AMfl-YRRMU3uwa9PeovheaiDhhN4W11_A95cGiKH9mPeNG1LHEmohUGIjL13VhdmBEw--sOVygjNtvM60Iy-UWWt3G8n3a2n7stZISOGuBSTTW8f0_RkvVrH0kn6FUHNdRndtvKkFGGT0uJEwCTOuetivA&sig=Cg0ArKJSzFIjj5FFp2rDEAE&cid=CAQSTwAvHhf_JCpbNRqclHiDOgWFbdkchOZxdwFrObKJJli_253qlhtYk59fCyyVp-SzBnPbeQ8hWb6job8t6WltCCAuFmdTROKB6Siw8bgUU4cYAQ&id=ampim&o=132,300&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=364&tls=1364&g=100&h=100&tt=1364&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://icedodo.onionfist.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdp...
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=3090312644581042843

0
1 KB

67ms
67ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=3090312644581042843
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8fa2f053801-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=3090312644581042843
date: Sat, 17 Feb 2024 17:46:02 GMT
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 617A 0
127 B 14ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 17 Feb 2024 17:46:02 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_pr...
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZdDw2bmqPTsAABeMABmKQQAA%262238

0
1 KB

62ms
62ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZdDw2bmqPTsAABeMABmKQQAA%262238
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8fb08ae3801-FRA
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzzW2uxNc0qWBEuc5EprtEmP%2FXQnskL5%2FploYps9%2BQR61Mm5lVH376s9yDGs0tuUSEcsmozlIZax4Owg6xbexQaNLlrMO9HgaTovw1TSdit67lVnUGy0Vjk66AgZS8haXQ6U1%2BvK"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZdDw2bmqPTsAABeMABmKQQAA%262238
cache-control: no-cache
cf-ray: 856fd8faba4a39eb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame 075E
Redirect Chain

https://x.bidswitch.net/sync?ssp=ozone&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
https://x.bidswitch.net/ul_cb/sync?ssp=ozone&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Dozone%26user_id%3D%40%40CRITEO_USERID%40%40
https://x.bidswitch.net/sync?dsp_id=462&ssp=ozone&user_id=k-rRQvxpeEcFm2_PV5StClHA1DB41m1cuE6zqngA&gdpr=0&gdpr_consent=
https://elb.the-ozone-project.com/setuid?bidder=bidswitch&gdpr=0&gdpr_consent=&us_privacy=&uid=a746dca6-052d-4715-9677-9ca36c309241

0
1 KB

64ms
64ms

Image
text/plain

172.64.144.78

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=bidswitch&gdpr=0&gdpr_consent=&us_privacy=&uid=a746dca6-052d-4715-9677-9ca36c309241
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Server: 172.64.144.78 San Francisco, United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Feb 2024 17:46:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 856fd8fc5a2e3801-FRA
content-length: 0
expires: 0

Redirect headers

Location: //elb.the-ozone-project.com/setuid?bidder=bidswitch&gdpr=0&gdpr_consent=&us_privacy=&uid=a746dca6-052d-4715-9677-9ca36c309241
Date: Sat, 17 Feb 2024 17:46:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 909D 0
0 342ms
105ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002QLYzgAAH&ru=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

Referer: https://elb.the-ozone-project.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

date: Sat, 17 Feb 2024 17:46:03 GMT
server: 33XP001
x-33x-status: 2000208

POST
H2 204 rum Show response
elb.the-ozone-project.com/cdn-cgi/ Frame 075E 0
189 B 21ms
21ms XHR
text/plain 172.64.144.78

General

Check archive.org

Show headers Download Go to

Full URL

https://elb.the-ozone-project.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.78 San Francisco, United States, ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&publisherId=OZONEAIP0001&siteId=1500000135&cb=1708191960960&bidder=ozone
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/json

Response headers

date: Sat, 17 Feb 2024 17:46:03 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://elb.the-ozone-project.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 856fd8feed003801-FRA

GET
H3 200 b3cf8cb21fa3ae6d591c860676b0cc0f.jpg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 56 KB
56 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/b3cf8cb21fa3ae6d591c860676b0cc0f.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0724f2518b385cbf579e9e13439e4daee4bca3b3492e0d9d0509a6bef9a7ebf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Thu, 13 Feb 2025 03:51:45 GMT
date: Wed, 14 Feb 2024 03:51:45 GMT
x-content-type-options: nosniff
age: 309261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57007
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 a917a8a6e55e1480180aa06e8ed95e67.svg
s0.2mdn.net/sadbundle/10347820662436277457/media/ Frame 3452 35 KB
11 KB 20ms
19ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10347820662436277457/media/a917a8a6e55e1480180aa06e8ed95e67.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e3ea11cdabcf2683bd67e1b664a71c81a7722bb59963ef632fdb3f5cd53ab13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10347820662436277457/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Sat, 15 Feb 2025 16:04:56 GMT
date: Fri, 16 Feb 2024 16:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92470
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11359
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 10:22:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: country.adinplay-venatus.workers.dev
URL: https://country.adinplay-venatus.workers.dev/

Verdicts & Comments Add Verdict or Comment

262 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 19:13:03	Name: _li_ss Value: ChMKBgjdARCeFwoJCP____8HEKgX
i6.liadm.com/s	1970-01-20 19:13:03	Name: _li_ss Value: CgA
.onionfist.com/	1970-01-21 04:05:51	Name: _ga_FMZ46HP0K6 Value: GS1.1.1708191959.1.0.1708191959.0.0.0
.onionfist.com/	1970-01-21 04:05:51	Name: _ga Value: GA1.1.1455867885.1708191959
.onionfist.com/	1970-01-20 18:31:18	Name: StatsSend Value: true
.adnxs.com/	1970-01-21 04:05:51	Name: receive-cookie-deprecation Value: 1
.rubiconproject.com/	1970-01-21 03:15:27	Name: khaos Value: LSQDE0JL-9-EWFP
.rubiconproject.com/	1970-01-21 03:15:27	Name: audit Value: 1\|naVuGyos1qqbLtvbvlnePOXUadRsMXL7tE4q61KpmVkVRDUNBN5zCAl6v3y1doctQ6sHEkGxOYMqkV56dXS+fDOAeVvN3U5A7YLrICeHmIzL409bXDoFYCKPLRELhl3xG7JtXJVTTK0=
.the-ozone-project.com/	1970-01-20 18:29:53	Name: __cf_bm Value: CcaIFOPXM9NRiTeC713kU9hWMlvo9LJm1ADVu.fTxNo-1708191960-1.0-ASHRlTAbeGEPIJmbXpnI0NofdBHdPiKzxeVmoVd2n25lpdikIrE8iCip5DzJFCc5IN8q5rCzQ6cZz7YVAOzvPW0=
.adnxs.com/	1970-01-20 20:39:27	Name: XANDR_PANID Value: OWraEyQWRsvNHT3R8W5n1OkHDHldosGsbuG27v8QxKGcSpu-gMLYtTZz14GcNtFcv6gBTil6HzB3X7iIHDrvwOyJ1zGQD95DaPIae9b6noI.
.adnxs.com/	1970-01-20 20:39:27	Name: icu Value: ChgIzYVEEAoYASABKAEw2OHDrgY4AUABSAEQ2OHDrgYYAA..
.adnxs.com/	1970-01-20 20:39:27	Name: uuid2 Value: 6345704150174416501
.onionfist.com/	1970-01-20 18:29:51	Name: lotame_domain_check Value: onionfist.com
.criteo.com/	1970-01-21 03:51:27	Name: uid Value: 87984261-37e8-4389-a1eb-053a6ca76203
.criteo.com/	1970-01-21 03:51:27	Name: receive-cookie-deprecation Value: 1
.onionfist.com/	1970-01-21 03:51:27	Name: cto_bundle Value: hIpohF9CdExnZmdwYmJuZkdLbjBKUHZseEJ3bFlLRUVldVhhYm9md2lkRW9zRFJveURvTEJUTjIxbXZWNVNxVk5PVSUyQjNwazclMkJiY2lFd2tyU3NiMFhPeXVOdmZxcklJaXBpa2Q2Tk13QTk0YWdtT3NjMTRQYXozNzNLaEJPTFVnTUQyN0FlRmNhZUpVelE2QlRZTyUyRkhWRGhFUFElM0QlM0Q
.openx.net/	1970-01-21 03:15:27	Name: i Value: 45d27cb8-67f5-4fb9-abb4-be0203b8fff7\|1708191961
.casalemedia.com/	1970-01-21 03:15:27	Name: CMID Value: ZdDw2bmqPTsAABeMABmKQQAA
.casalemedia.com/	1970-01-20 20:39:27	Name: CMPS Value: 2238
.casalemedia.com/	1970-01-20 20:39:27	Name: CMPRO Value: 2238
.the-ozone-project.com/	1970-01-20 20:39:27	Name: ozone_uid Value: 2cVLmy3xahNHfQR0cjwIVAzN5wG
.adsby.bidtheatre.com/	1970-01-20 18:39:56	Name: __kuid Value: 9eb6ccd6-a439-4403-a779-5fd60aaa17f0.477405961
.doubleclick.net/	1970-01-21 03:51:27	Name: IDE Value: AHWqTUnKSY3ZrxnYL17erRS19F_FJIcOW0gjw8ulS3qpHF86NXnz9mfF5ztHZyrzXbA
.mediago.io/	1970-01-21 03:15:27	Name: __mguid_ Value: 1605e69889c8be7b2bwnha00lsqde14a
.doubleclick.net/	1970-01-20 18:29:52	Name: test_cookie Value: CheckForPermission
.liadm.com/	1970-01-21 04:05:51	Name: lidid Value: 73df5e9b-44e1-4194-92bc-0c9254626b2c
.amazon-adsystem.com/	1970-01-20 23:56:44	Name: ad-id Value: A1IWiDNB40FjgN5KP6jFC94
.amazon-adsystem.com/	1970-01-21 04:05:51	Name: ad-privacy Value: 0
.onionfist.com/	1970-01-21 03:51:27	Name: __gads Value: ID=ce8af5e5f5af65f3:T=1708191961:RT=1708191961:S=ALNI_MZW7n9il_8ac5Z4uVbqT2DA_t9iaQ
.onionfist.com/	1970-01-21 03:51:27	Name: __gpi Value: UID=00000d5b56491c51:T=1708191961:RT=1708191961:S=ALNI_Maq5hVxUR2nSQUY612bQZU7vrpfGg
.onionfist.com/	1970-01-20 22:49:03	Name: __eoi Value: ID=9a2e0fdd515fbf01:T=1708191961:RT=1708191961:S=AA-AfjbGMgM8zt_4p9fphE6-C0a2
.csync.loopme.me/	1970-01-20 20:39:27	Name: viewer_token Value: e8a63ac7-8293-4622-b00d-713ae45b5b8b
.adnxs.com/	1970-01-20 20:39:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVPI?Rtc!@wnfH8K6pQK`!5=E<L5?%M%g>Z8jfC4g0i6POCkL[FlxxD!@X-$[dxBw$bpRzqF1`*b^f9)t+gm
.doubleclick.net/	1970-01-20 22:49:03	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 18:29:55	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 20:39:27	Name: ar_debug Value: 1
prebid.a-mo.net/	1970-01-20 18:29:52	Name: _Amc_b Value: 0
.go.sonobi.com/	1970-01-20 19:13:03	Name: __uis Value: 5769215e-2ece-4868-9a09-2bc9879530dd
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s8631\|ZdDw3
.smartadserver.com/	1970-01-21 04:00:06	Name: pid Value: 3090312644581042843
.bidswitch.net/	1970-01-21 03:15:27	Name: tuuid Value: a746dca6-052d-4715-9677-9ca36c309241
.bidswitch.net/	1970-01-21 03:15:27	Name: c Value: 1708191963
.bidswitch.net/	1970-01-21 03:15:27	Name: tuuid_lu Value: 1708191963
.the-ozone-project.com/	1970-01-20 20:39:27	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJiaWRzd2l0Y2giOnsidWlkIjoiYTc0NmRjYTYtMDUyZC00NzE1LTk2NzctOWNhMzZjMzA5MjQxIiwiZXhwaXJlcyI6IjIwMjQtMDMtMDJUMTc6NDY6MDMuNjA4NTI3NTc0WiJ9LCJpeCI6eyJ1aWQiOiJaZER3MmJtcVBUc0FBQmVNQUJtS1FRQUFcdTAwMjYyMjM4IiwiZXhwaXJlcyI6IjIwMjQtMDMtMDJUMTc6NDY6MDMuMzkxNjQzMjM1WiJ9LCJsb29wbWUiOnsidWlkIjoiZThhNjNhYzctODI5My00NjIyLWIwMGQtNzEzYWU0NWI1YjhiIiwiZXhwaXJlcyI6IjIwMjQtMDMtMDJUMTc6NDY6MDEuOTgzOTIyNDA0WiJ9LCJvcGVueCI6eyJ1aWQiOiJhZmEwY2MyZS03N2VkLTQzYTctOWFlZS1iNmZmZTZjNDBlODciLCJleHBpcmVzIjoiMjAyNC0wMy0wMlQxNzo0NjowMS4zNDU1ODQ5MjdaIn0sInNtYXJ0Ijp7InVpZCI6IjMwOTAzMTI2NDQ1ODEwNDI4NDMiLCJleHBpcmVzIjoiMjAyNC0wMy0wMlQxNzo0NjowMy4yNTg4NDU0ODhaIn0sInNvbm9iaSI6eyJ1aWQiOiI1NzY5MjE1ZS0yZWNlLTQ4NjgtOWEwOS0yYmM5ODc5NTMwZGQiLCJleHBpcmVzIjoiMjAyNC0wMy0wMlQxNzo0NjowMi45NzM4MTY2MTNaIn0sInVucnVseSI6eyJ1aWQiOiJPUFRPVVQiLCJleHBpcmVzIjoiMjAyNC0wMy0wMlQxNzo0NjowMy4xMDEzNTEzNjNaIn19LCJiZGF5IjoiMjAyNC0wMi0xN1QxNzo0NjowMS4zNDU1ODI3ODRaIn0=

249 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://icedodo.onionfist.com/assets/drift_enabled-5ab2ce45.js(Line 528) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://icedodo.onionfist.com/assets/drift_enabled-5ab2ce45.js(Line 528) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://icedodo.onionfist.com/assets/drift_enabled-5ab2ce45.js(Line 528) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	warning	URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cadmus.script.ac/d1r100yi8pmbig/script.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://icedodo.onionfist.com/singleplayer Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

26ef0f0847ba18d224e0b4a61a7f4d8d.safeframe.googlesyndication.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.eu.criteo.com
ads.pubmatic.com
ajax.googleapis.com
api.adinplay.com
api.btloader.com
b1h-euc1.zemanta.com
bcp.crwdcntrl.net
btloader.com
cadmus.script.ac
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.indexww.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdnjs.cloudflare.com
cm.adform.net
cm.g.doubleclick.net
country.adinplay-venatus.workers.dev
csm.eu.criteo.net
csync.loopme.me
dis.criteo.com
dsum-sec.casalemedia.com
eb2.3lift.com
elb.the-ozone-project.com
euexchangesync.digitaleast.mobi
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.clean.gg
i.liadm.com
i6.liadm.com
ib.adnxs.com
icedodo-api.onionfist.com
icedodo.onionfist.com
id5-sync.com
image6.pubmatic.com
imageproxy.eu.criteo.net
imasdk.googleapis.com
invstatic101.creativecdn.com
js-sec.indexww.com
match.adsby.bidtheatre.com
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
prebid-match.dotomi.com
prebid.a-mo.net
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
rtb.openx.net
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
securepubads.g.doubleclick.net
server.cpmstar.com
ssbsync-global.smartadserver.com
ssc-cms.33across.com
ssp-sync.criteo.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.cloudflareinsights.com
static.criteo.net
stats.adinplay.com
sync.1rx.io
sync.go.sonobi.com
tags.crwdcntrl.net
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
trace.mediago.io
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
x.bidswitch.net
country.adinplay-venatus.workers.dev
104.18.36.155
104.18.38.76
108.138.36.28
13.248.245.213
130.211.23.194
131.153.168.131
142.250.185.226
145.40.97.66
15.197.193.217
151.101.193.108
162.19.138.82
172.217.18.102
172.217.18.2
172.64.144.78
172.64.151.101
178.250.1.6
178.250.1.9
18.195.163.73
185.64.189.112
185.89.210.46
188.166.17.21
198.47.127.19
2001:4860:4802:34::36
213.227.153.230
23.211.9.91
2600:1f18:ed:550e:5c7b:a93e:1c30:ee84
2600:9000:225b:7800:a:e047:753:eb41
2602:803:c003:200::41
2606:4700:10::6816:4ad8
2606:4700:10::ac43:266a
2606:4700:20::681a:346
2606:4700:20::681a:3e8
2606:4700:20::681a:8a9
2606:4700::6810:3865
2606:4700::6810:5514
2606:4700::6811:190e
2606:4700::6812:1791
2607:f350:3:2569:0:10:0:200d
2a00:1450:4001:802::200a
2a00:1450:4001:806::200a
2a00:1450:4001:808::200a
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2001
2a00:1450:4001:811::2006
2a00:1450:4001:812::2008
2a00:1450:4001:813::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::6
2a02:2638:3::9
2a02:2638:3::c
2a02:2638:d::c
2a02:fa8:8806:21::1690
2a06:98c1:3120::3
2a06:98c1:3121::3
34.102.146.192
34.120.107.143
34.197.210.85
34.95.69.49
34.95.81.168
34.96.70.87
34.98.64.218
35.186.253.211
35.208.249.213
35.214.149.91
35.214.211.207
37.157.3.20
46.228.174.117
51.89.9.253
52.212.53.200
52.46.143.56
67.202.105.22
69.173.144.138
69.173.144.165
72.246.169.246
91.134.110.133
93.119.15.97
98.98.134.243
00bead1ec2bdfa7a0d5a404041f133bfbdca1c4613a0de7c55b2e4d2b267ee6a
010839eea18fce4acd0940e276d8256b8fcdbced6235f6b31aed0cd10220b886
01116c590ef6315848e888b5e1fe89b806ca3c14a99c7ba08a287cbbd2072d7e
025624d361ed749ac803d38785651b6a21f7d2b90b0def0ad4f51c10d02dd989
04b75088563e96412f6cd6570d62a7499012e248848c91d0b8696ac7ccc09b99
04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05c01a014da4ccd84595d3b23a2ce7afd4bf944054ec0cb979feb6dbe64b61ac
0724f2518b385cbf579e9e13439e4daee4bca3b3492e0d9d0509a6bef9a7ebf3
07a8814a5b06c38c54daebe2da82d619c02f8b42df6621e1bc530bc208357f37
07b56bb0474f3fcc2c98de80273cd04f5c6533563f93f7061bac13f2aaa8bff9
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08e0a7e1c290b0d6d3f7c21866d6ddb921ea10afcd18abfbdd63875339e94c77
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a77ebd3f139d12403725f1d049de7f3fa491a5860c4a953e9661ac265ea4069
0a7c5cebbb6d6eff010530c59b73e9e423125219661ff9bc5866c55cd17a5607
0aa99dfbee84f4187359be179ffb7703a4712c967d73c1a8e5c55fc1715bdb7f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0c9d262d755b980141bd625ab12d19652b33372b870deec9e77c0fb106aff9ff
0ccec4b622de2055b310d588a23bbc048d55436f0aedef2097c362beded5553e
0d4810306646d5d3c7d997d6995112ebe5e5b9bc838d87b34b5cd6a9257e3cd9
0d951b0c8b13b798f1a91f64f4f687258e095371935dcc820d33d84e69711525
13571b2f1bdc9f0b6795862c73ca2e24956560820215fd31a195fd9113be5e31
13da183c6431e3b0dc8860296928a36cb121f58725aba85936d27c203624ce27
14f4a8ac3755c13bb7b177a4801fd5dfeb182fa283a2f48367047f9ba00dc91e
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
193fdc7a48ae60adfa28663712b68539bead2a82033545589d0d97565c6e983b
1acdff1e7f03270a5ca5581b0ca780826d0ade45170440604ee5228cc3077ae8
1b3e60c51fb720dc3b2cca549093cf8c5a82632161e2353ad7fae30a7c03c0e9
1cbccbb8abc82c539e05421e7697adb711ea4196d62aed9b4ff516ce810d7517
1d8488f58b2658c5c303c573a1c0d7f6b1fbd8470ff759208aa117be26275126
1dfd2cbf7386c405b35568a4b7d371b14dcb1a7a3c8a79d633e210540cf4aef2
1e90427208e4a107c9579cb0993dc22b0dab5b053494a98a7f39b7be8c6e0519
1e9874eefe0a4e95e331b5b04a922700be2eccafad2f0944ab68f9090d537381
1ebdd717aaec82d85e69929c786ae6293497d347214f0cc0c77b767042def9a1
2125b73ae211f46f82ee27eee87e5aa312c5bbf2aedca1b50b7d80f21fd3d5d2
212e69a72b5ce406cbe56e64866da4e7941c454dc875018df88f99cbc7c2412b
21c15efa936b131e1bef6edb6f48d63affd5a31a9995d2a0174670d4aa85672a
23c58ec7411480f6410ab9bba9fc7e51b73d273e0bc7561a2674cf0ab99f42c2
245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c
267e3d136401cb98ba047585892fa819be7f88f2bed901d74d0f0bb587f4523a
2701e9dfbba0a3b6b0973610e9ecb3047d6c66242730dde294255e699c26bda6
288fd8ba8cb04967d8ffdb274e8828d79fe679e6991ceff828f0f48e04f315db
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
2a1d690e7ca0fe353d26d8f060b088f9ee060fb589e9cfe0d0a24cc0599c9c25
2bba322c8b41132a5f26b6be9c4ff8faa2e45beacf9d43a12a50a4e0bc73af3d
2bccceaa3286aeb7b8340996ec4f0ef9ac1ee01ea6356d7b33b73ef148f82b93
2df104a01223ec5b90123db0d9cee82022f389ad95eb29c1ba982971a904af6a
2e43550b22528467f3b7ecdbb7552733007c0a7d31bb24a23e195495a7cd34c4
2eced75e72c897a68978a797ecf1c25c593e742d8599fd47bc7160342060df01
2f151f24ea5609d805d1eec2d3529fca442d375db2965f51d8c003d9be442c5f
309c794d20c6824c9c401713bc7ba07938e85509e557ddbc944f6fa17e7b7469
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
322913b5b7bb2782da4fef9e1fc6a9f2696c99a420c318dcd3c2236dc5b818f2
351b4bae56595d6878b3ffd7940ac231a0a85427f4cb1e5adb1952b71998f35a
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
384693e04ae63abcf9831052624dae083ed79d5595722735679df92730f66355
3a23dc622c53ccbeb6a6f008f67e10fb1999d3fab6afa17d410a92680b3cf058
3a73a461cb86f1eab514640581aa3f0bcd5362d109b885af44d463ac1a9e8faf
3ad2764a56cc3906620c233983a88c7da09a09fcb106f3f9387fe2e0bcdaef5d
3b268705bc5c25d2b56743f0fd0fe83c0f5c7704704c22b4475bfcafbb54363b
3b47f12e5c46755af00c0d4fd2ff086e28a3cc486acfeab18854cd838db1d8ec
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e8ac68c0c3aa435a98a32c211504988d89ce91d21cf93c7897bce6eda3831ad
3f4c8c96241004e265f7b48fa4a458c50c2199d961046694be42cf8e70fc494e
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
403e0a9bdb3451791dd998df02a43a7153af0dce1aa9837b7a98805da5c98b5d
40ce40ce6163bd79d7e21ebd1427b7c78222ee4f00eaff8b6470d9f3ee9c0470
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
42b057d46c710357a16406e761339550b9751f89ab3308ab5ab3fe1640dea746
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4519f6763576bfb10f1bebce9739388c2b87ab4ba120abc97515203d9aba257d
45cba01e7b1bab38cd7813fd607e2238e18432129a02fc71bb07feab7c447daf
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
49e5358500b9d35d009ccb1447059ea3d1084929cdfd694ae04d4bffa5fd569e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bf8af452d156bb9f6e3e52a9ec955976cfb83447ff0a2b2e9267f8558c82099
4c02ca2f935770ca4a80cf2f9311bac7da1ce03b6e656392211e4c522d4d623c
4cc478aa240a6ae5babda9e926fabf72425cd40483c7e6d43e8d84d54f0a7885
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
4d7e3108ba3230949cba31770e396ce9c3c3f0a5dc38149e594be4f2ee07cf06
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f530dc6724889ca2261d21dc7a8a8165e025a77aae89905249de90eee518287
4ff8b04aa8b5a61b07f7b39a809607111002bfb9d44713b7a2dd0248dfcaf5be
503356fc833b6993471d90111a7c91857956c272eb391944fa26f52304d6ba03
5101d202c69226aa554c5a7dd1e747e5bfcd5354fcf9013f43cbda40e6362996
5202da33b86163dd94f769ae1dfbc51208aaebc31a2a805e495858d4dfb65cfe
524729e1c999d25dabe8422cc9cf682b33edf39515615f2f7beb682b498c64f2
53ca7615b20decf9ef711cff865c3d52c4bfe565844b479b690ff30a93073570
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
5531c7f222284138127220814018233aaa95be34d8de16dc8498493791d33c90
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d9b87b4ec1e7029c3616db556e2ba7489f83744eea0701eeb6eb8519f5832
59e5bd424ba24b6ff61f49b4db145c38b46f73bd16c0cf1e40b6b299211b561f
6062b68e4723a354112f553124c21bee946e9c4523e083be1807347e2bf695e3
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61eae0480dcc464beb4cd150bf5b44a5e0654919abd845f74fbadf913876f1af
64879f6cac8521a6cb2db4b9a28df4914675e7209d0eb406a9be2b26e5414f7d
64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3
6587ca701069ab74cbd210a6b2e16d125fe26e0bdfe7adb83572334c1b061bd9
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
66aca9de6116d42d7e0e581691098615ea9664cff8181de43e434bd3a1e23c21
67ea8e8bbc4ebf94e5cecaaf31d76f849d16520d198b95c09e7780c87465fb65
6a33dffcf3751fac1b661711b10ccf39bc110d310893ad5a88c024f6c1dba9b9
6e15407b9884b29fb9f59c29de2949bb525a2fd9a720e71e079c197655a098da
6e1f8443ca6c54198ecf9de819d279c5cf64f08da7c49e1943b865c49395ca0f
6e44447753f3ffc670d17549e5cef273be87f8e818cc2e6590d5a6860a73413b
6fb91a72a2c6a3243678074a338201ebeae386e02c780676b826a44ee9859015
70651252ddc3ae3cc902b7f374fb9037f0a27192fb31b66acbf5300441b45ad3
71984d3586c80e2a75de2e706a4d02ca11bff9a6f39f194556087bd8b8a16134
72160e5fb5022ed8e67ef698c166cf156fc75b97d1a457fcc127ab4aba7da844
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
763edbe61cf206714338a5ae0a3a6622a5e2c7f46cc49f22ac14af26075b0ace
792165293f52605878225df149ea9783923983fec57aa163d355744e678607ea
79ad6a0937d3f116ad409e6a3192ef8e509334cbb910752a22c3226b9568da41
7aa7daa0580c0b918604219d43387e6b0d3ebf1a4a1df49d29d285069fd35ca8
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
7e3ea11cdabcf2683bd67e1b664a71c81a7722bb59963ef632fdb3f5cd53ab13
7e528d05c965e9b1b74940b92ffbc23fe18e6446fd3f265ac1076ffe3126f322
7f4dbde280c79f74bb5644141fe0a77de44ea8c2b75a19c67a999c81d482915a
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
81652961859d57567a0f729d1f60cb5c62f5e313b241ede8813ce3f0356c9777
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
81c61cf7d07b9975791c32a8d8dbcef66529bd90d45a9eae4e192aa946d0d552
8228fca6089db4c6665696c23fb99dac2632534ecefc32b281982e3ca5eb5bdf
82b97e913af393820fe397542a0df336221fcfe20a6050951742b8575f043a15
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
83e09c3baeaf18d66f2705d6caab6b3bccb87fda120dbcd38040e28bcd32e6a3
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
84ac4635e0d5dbbf1984587cfce326b2e435f514386d472984813d567c8494ee
84f28d66dcbeba45f8c4a70ecb2c6108f4b61108675c26744675907c27ca08fa
855299d6520016d035232b532f0056a5a7a58a43dbf2f8bad8af5e27b6f384ab
85efcb9d3f90c54792ab11ffa434e7238e6eec17886ed55f9d711a1b01738f38
873bb29aaa089ec041f6a3ff60d5e7cee49c491e902fee8e566ceff7a58c567c
8873add23e0ca8d2d1e22d2b38688ae0d9a5dfa85588c1501459139867b3a43d
88ce46aa34da9e700594ec151c9ae36fac7035c7662f807ba99ca1714a4edadf
88ffd69bd741b98af80169262464f02cc942e7b9fce445d51873f685c6be7527
8919cd27aa0d14ebb363de3ca2440f308c78b1ef89e54e7d66ebf54d233b6bd9
8b1976fe80c2d62438ff78bd757560555c15428672d295f4ae75f385e28ab687
8b3f66c9c71bff65933ddd3c9a09a603c2a15542df82d58f0c5df8e9f79fbf53
8c7d65d6f80e68acad46770ff9bf2086c50f638d675301fe9975d39393a558cd
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8df314f99f23f6460c1781996ca3db6328784fc863a6972ae83138b9346fe7ea
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ffe2a727695724479ab9727e5a993e0c1b22ef92ffcd1f6097ab5ebf271c030
92432d9d966d6fd7f214f72c4f20e1d30ca3266d9098bfcf8b6667e518f24af4
933a243adf3deca8cd427af9eefadf83bd418f2ba0add60bce7b5690117e4c0a
97e23f516c8d4aa522a051a6b717af275e0df8584dc42c00e8876cbd58048583
9933224bef8faed81f3a9509eebbf55cca3323ba787398ef83a63a39c48943f7
998bccb15b7b41d8515ebad88e3dd29e226843b7e87ff235791c1f32608c5fed
9a637295cbf7a378f5b940da61df91245d2834622dd2bdfd6f93352a35d87089
9ba08c12c2a8a82cb36243ae0d8e25498447a5aaa40eb53ec7999b5b6cf6fba5
9dbbb6e78a450043257bc854e89ee39c00bafabfdcfbeda912c85b92c697fc91
9fe1b6127375ef39e7862d97e1f7336e28c83969c1ecd58ccd60cd4118274a37
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a08ca5b236dff037b6604911a4f0ab0238b446d1e0eb6236e94545782dba7c88
a1302917307ffb9b5a250c2a567105e7b3f05434bdd8ae6941130bceb20a6ad9
a14dc2ffbd3f617801f333754ea17b6f8e366a97810c7ff3cde5f5984095b5f5
a18d394d86b24b65f1414eb0b1aac6a671e70e5d0c6b21869b54b564398e397b
a1b5d8a1b9676f3ed3eedd876181b5092a19d2cc390aced76777558114cc43a3
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a372427de538145f750b1e0c61c75ba96d1ad367be4a4d5cbde052638f5442b3
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a80401b7c3e77c80a5fc54e9b41562e3cd2532ac1c5d0d0e1d4b2b48ea3fa449
abc80c3a40363318f236e3e05075d97a1e2dc631c0561a66d9de55ceb0e24ac0
ad55601942a04362c48260474dbc57ea47087c18631805b784e1def5e540eaee
b00bffe4036a3edde337a2c196f1de34a1baa6dd4c62190907a966013cacc819
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b186e562bb643ca87e93a8c2a1bf72eeec3d2ea632477f276c7d1497bfaaf451
ba0620d5f2b9dea906218ec98f53ef30c04ed4002a31bd8ddd93db117d6178e9
bace398dbbe26b007f372931fad40ee9e5c40a8589064e29156a5517d4c0602b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd2b37d485552bb52ba9cdaeda41308544b90c532e40e62dbee3cfa426f4814b
bd792ba9d6a730d9bfbc7d6fd9f70006b230557b3b15ac14bad7e53e1f6f777b
be841fb1be621323169d606ebcb933b6df2d7e732d4d65914ee302da94b69b12
bf8929d75ef1bee42a0e57beb0d701844de17584014cc495178e8d3b0bd66f8f
c0b33b627a1f0aadea568e31ce72b48725454112e9e04b18718d77ab0bc8f04e
c10acb0f008a8acb53e850596442e990b452d16d5e6650091e69d57a3b22bda5
c1a0398e0c8c7f0a32b19d6302623c64341d088180d9dec3caaacdddccf0436f
c203275adfc7cab99b60a1ed4637f63460bdafcfeaa513859659fd2b8686abd1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2b4dbefcc475f33af8142919cb457cadc9410831789d756652fec9b45c10532
c67502a4a5b601d68637e5c7104886745406898e8e1c1040ba000368f74913b3
c6d3940fcff9b3f3691285dedd97063d5f6518f3e6f88d94a7f9525f241def1d
c861dd92be984fe498ece34c0f3c921861ac51bfee50323fcae21231abf7a82b
ca6600199c86d1466f88f113442e748af68591f6541d8513fad5adfa021333ac
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce7323b3dd529c8f2ce21ee4572a84714ebf19fe389a6680bd2199e54d99c92a
cf1874406eab19c9c85668ec54fd683a32f2d5cbb4502ef28e5e036af032b473
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0809300bb652a3b516179fd74025fee437aaf011dbe5c0089b682c6faa3ff1b
d0b40a0e26aa96da3791fd2dd16315fd2fc1dfe8817f032ce49dd7b37f0ca290
d41c64bb804476446eb890e867cf5ddb548a90404bea8bbdfea62a5653f79d2e
d41fdbc334c758ac8fcc2b4f0382c716fba14d1d70fbadcb4b54fe1cb03ce90b
d42fe173d2fe56ec066870dd43c69effc0d4eeaadfb0f3f9c76952a80ed9f68c
d4a16853ceddacfcda7d170317a08e5a87e8e05f3320d9857c3a140c795ee3b0
d4d352faffd52a1054daa9e5c89eabf489d84aeff0c2acefdfc45a57ac3a614e
d54e63f13834a0c4bb4c7752aee1db9adfcfc577f9f029233bb75a3401caab4a
d7dfc33f14801b0acd968b39d024c8a03f37dcc270eada74d34a9dd4a612b360
d910a41d3f2e46b1983df5f450165dca1cf8b484d165c4d26b2d88514b98f0f1
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da80171367ccb86206235641cfa5efc267725e1870f5cc5c2a777dc57c7d5ebe
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
de7e8e948d5f3d00ad167911ecd40a0c25e7a6fca2a52dd102c57aca8522123d
debb082a27a8f82a26f5bed523ccea13e900f5a6b0c8bbb5932ecdfa6faafecd
e04d4432638d24c029f5d79cc581d98c2c8f9c7b9912f9811dde3d1ac7f509f1
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e174e40cd1a60ff31b41054671ff512e2a07bd1c72ac933146d36e8ba953444d
e23c5362587d7c8eed74a850073b851578fde2453d8868c78ee972124dac016d
e332388e9cb4ee190b923812abe541e0f2fee6fbe26525fc28de2b0edf1b324e
e388e19ca38c825b329e762c79c66bbd41bd334f18312c5e97fde0a8f64bca36
e3a3d3112c83441d5f997a137e1ef5db72f7f41ba4c716d16ba17b49c0137708
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d9b1ead4773f585f6a3288d7acdb3995056b139ffa74e4e719da8e842e88cf
e62a245f6c54d8fce0b8465db472b87d80af8ecbd7a2607c773dc99c49ed7584
e69ebb618368cac570852b227972d9b0ad88d1d263af768621aa0c0e337d652c
e7f20567ce6e05417b5fa8e631d8f9c93d9bf24da7a27a659e8c778eea530aeb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec1c8b36f75a62cead538a3d6bd9bcc2daf25d381d17487dfd7932bcd0e7e6f9
eecb856ac2b3a13abed04ce16fe9fd6d8bc139ae1f1a41eb79c97249b3418464
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f1d64e886f0cf600e482709d64439a2cdd931d4d8ffabcaf1fda2862cc576246
f4dc808f2d6c1efaa9de51daf1a1070758ce5f2b00695174f590de066476c6f2
f5611f7ff21f02896b5399660878704ad838955b70dec87fe9722d535cca52f8
f6cd320c5ba515fef3997afe473332231160a2cb715f1a99679a7cefa1cf0be0
f7274ba10554801c2589a0461ef72855be2ac1463f95598dd237822016a4de06
f72ba901357663dc0208eeb769861373a170349659bb46240ee6c82bb00bc904
f735c375a2c11a0b5d4e5bb5d0427410e710bd7ca2822ac38c80f166ce6c3d9f
f891126beb912f66db962a9405bde9cb418239495433e6423341000398b7dfbe
f8d9ce9f2c05da22c399ff6f8cd46bd47dea1a60a2c89c9ab693e5e5b70bbabc
f94765a4aeac664cf30d5d2ce3a822a79eac8060ce3cc22e11d057fee8f84910
fe3e26a2458472a8567fd7ca96d83b9f1cbc77959604f9a2689a83683cdb3cb0
ff5106392d964d4895de91cc86276a27d2d5017ad2bec731186e7690d3017b46
ff9ce35d5fae856bab207c9f8d8eb3dff6354f007ea9f9b9a32f5cc018d52876
ffd1d75e8e500457e3572de354b8cbe87e4abd823ff6668c5c80c30d15751d27

icedodo.onionfist.com Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

333 Requests

92 %HTTPS

45 %IPv6

55 Domains

91 Subdomains

73 IPs

9 Countries

9795 kBTransfer

15451 kBSize

44 Cookies

3 Outgoing links

Page URL History

Redirected requests

333 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

icedodo.onionfist.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

333
Requests

92 %
HTTPS

45 %
IPv6

55
Domains

91
Subdomains

73
IPs

9
Countries

9795 kB
Transfer

15451 kB
Size

44
Cookies

333 HTTP transactions
2 data transactions