Submitted URL: http://kasebook.info/
Effective URL: https://icewahl.com/sarasleuth/kasebook/
Submission: On October 16 via api from BD — Scanned from DE

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 42 HTTP transactions. The main IP is 35.208.79.127, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is icewahl.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 9th 2022. Valid for: a year.
This is the only time icewahl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
25 icewahl.com
icewahl.com
137 KB
10 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
tpc.googlesyndication.com — Cisco Umbrella Rank: 147
208 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 78
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
5 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8724
792 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 888
694 B
1 gstatic.com
fonts.gstatic.com
44 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
1 KB
1 kasebook.info
kasebook.info
255 B
42 9
Domain Requested by
25 icewahl.com 1 redirects icewahl.com
7 pagead2.googlesyndication.com icewahl.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com icewahl.com
1 kasebook.info 1 redirects
42 11

This site contains links to these domains. Also see Links.

Domain
kasebook.info
Subject Issuer Validity Valid
icewahl.com
Sectigo RSA Domain Validation Secure Server CA
2022-04-09 -
2023-05-10
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.google.de
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
www.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh

This page contains 5 frames:

Primary Page: https://icewahl.com/sarasleuth/kasebook/
Frame ID: 6EACA50D3FD020861E213DF0DDB09B58
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/zrt_lookup.html
Frame ID: 6EFA20530C075FF312B19EE78BCB47E3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6204565184215791&output=html&adk=1812271804&adf=3025194257&lmt=1665949889&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ficewahl.com%2Fsarasleuth%2Fkasebook%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665949889092&bpp=3&bdt=671&idt=247&shv=r20221012&mjsv=m202210100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8069804105297&frm=20&pv=2&ga_vid=828594400.1665949889&ga_sid=1665949889&ga_hid=1440824381&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774718%2C42531705%2C31070341%2C44769662&oid=2&pvsid=1453567000395599&tmod=383869416&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=262
Frame ID: F4E8C059A8B442AB9B53002A8E502070
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 47DFF785DF65CB9FF1593469BB72C9F8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FD591EDF0C93187DC152596AA1909235
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Welcome - kasebook

Page URL History Show full URLs

  1. http://kasebook.info/ HTTP 302
    https://icewahl.com/sarasleuth/kasebook HTTP 301
    https://icewahl.com/sarasleuth/kasebook/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

42
Requests

100 %
HTTPS

82 %
IPv6

9
Domains

11
Subdomains

10
IPs

2
Countries

399 kB
Transfer

994 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kasebook.info/ HTTP 302
    https://icewahl.com/sarasleuth/kasebook HTTP 301
    https://icewahl.com/sarasleuth/kasebook/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
icewahl.com/sarasleuth/kasebook/
Redirect Chain
  • http://kasebook.info/
  • https://icewahl.com/sarasleuth/kasebook
  • https://icewahl.com/sarasleuth/kasebook/
17 KB
4 KB
Document
General
Full URL
https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
3682250366856de4552ca19397ecd172ea4f90a90e9534c42d418f389d3e734e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 16 Oct 2022 19:51:28 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT 0
host-header
6b7412fb82ca5edfd0917e3957f05d89
pragma
no-cache no-cache
server
nginx
vary
Accept-Encoding
x-httpd
1
x-proxy-cache
MISS
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_INVALID_EXPIRES

Redirect headers

content-length
248
content-type
text/html; charset=iso-8859-1
date
Sun, 16 Oct 2022 19:51:28 GMT
host-header
6b7412fb82ca5edfd0917e3957f05d89
location
https://icewahl.com/sarasleuth/kasebook/
server
nginx
x-proxy-cache
MISS
x-proxy-cache-info
0301 NC:000000 UP:
style.css
icewahl.com/sarasleuth/kasebook//themes/spacebook/
71 KB
13 KB
Stylesheet
General
Full URL
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/style.css
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
1eacbab4f087727acb4bc9cb2092431c6ce0289d1fb2b6da7fd3537d5204b097

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Sun, 11 Sep 2022 14:30:15 GMT
server
nginx
etag
W/"631df0f7-11c56"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
text/css
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
jquery.js
icewahl.com/sarasleuth/kasebook//themes/spacebook/js/
87 KB
30 KB
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/js/jquery.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Sun, 11 Sep 2022 14:30:15 GMT
server
nginx
etag
W/"631df0f7-15d9c"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
jquery.timeago.js
icewahl.com/sarasleuth/kasebook//themes/spacebook/js/
7 KB
2 KB
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/js/jquery.timeago.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
aa96d94e0dd09fa82f84c719d841c3dd9e3a6806e04da2c65709366af87b3938

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Sun, 11 Sep 2022 14:30:15 GMT
server
nginx
etag
W/"631df0f7-1cba"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
functions.js
icewahl.com/sarasleuth/kasebook//themes/spacebook/js/
72 KB
14 KB
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/js/functions.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
fd7425e990c2e8dd93ea80547bb257354d215b2f2dd92b75d5f8d9e38986b6bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Sun, 11 Sep 2022 14:30:15 GMT
server
nginx
etag
W/"631df0f7-11f83"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
poll.css
icewahl.com/sarasleuth/kasebook//plugins/poll/
2 KB
720 B
Stylesheet
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/poll/poll.css
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
0dfb644a39d19bebfa04ee088afbd7ccd5084a1c9c29b00cd4717b05f53635df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-744"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
text/css
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
social_share.css
icewahl.com/sarasleuth/kasebook//plugins/social_share/
4 KB
779 B
Stylesheet
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/social_share/social_share.css
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
d7501e1311ce428e0c9e76b33a3b8483132e256e9dad15c0f935851926f93c21

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-1193"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
text/css
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
dislike.css
icewahl.com/sarasleuth/kasebook//plugins/dislike/
558 B
458 B
Stylesheet
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/dislike/dislike.css
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
fadca979e3b5bac6dc73303ec85a8fc2167b5c5e875a8d04c8119680eaad5d0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-22e"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
text/css
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
url_parser.css
icewahl.com/sarasleuth/kasebook//plugins/url_parser/
487 B
454 B
Stylesheet
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/url_parser/url_parser.css
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
5d5c00470240d4a75936959a6f05e45a097f62b0b12ff854b71d6eeb43fcde7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-1e7"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
text/css
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
poll.js
icewahl.com/sarasleuth/kasebook//plugins/poll/
2 KB
954 B
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/poll/poll.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
6aec1bcb338cf638173f375e5252eb71bf4e01e1904846c6d41c885dbdb8ae38

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-779"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
social_share.js
icewahl.com/sarasleuth/kasebook//plugins/social_share/
3 KB
919 B
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/social_share/social_share.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
97e1fe70db8dd18f8c06ffc4508b925ba00e633e3b00c2bb01239b73ba6f2025

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-a53"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
dislike.js
icewahl.com/sarasleuth/kasebook//plugins/dislike/
480 B
477 B
Script
General
Full URL
https://icewahl.com/sarasleuth/kasebook//plugins/dislike/dislike.js
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
712c16e531a0aee4e33008b090db1bdb7639562eb42aa8835d8cf7189a79a859

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
last-modified
Wed, 06 Jul 2022 13:27:34 GMT
server
nginx
etag
W/"62c58dc6-1e0"
vary
Accept-Encoding
x-proxy-cache-info
DT:1
content-type
application/javascript
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
expires
Mon, 16 Oct 2023 19:51:28 GMT
1212946473_22215381_1883531606.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
7 KB
7 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1212946473_22215381_1883531606.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
2ac748cc809f6e4003d13cda0fd6247e6e28be19b6028b0f1db2f89a6b3fc27e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:28 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:28 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
7115
x-proxy-cache
MISS
1301283943_1794422330_1174959402.png
icewahl.com/sarasleuth/kasebook//image/a/112/112/
6 KB
7 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1301283943_1794422330_1174959402.png
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
0e4851dc5f0a371f6d136c7d8774fc23092323a8eb0b8de39efa526fd9823494

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:28 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:28 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
6307
x-proxy-cache
MISS
652517113_1356078467_1965931304.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
6 KB
7 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/652517113_1356078467_1965931304.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
5ca90aed2935a159d07732567e0147b7092deea5b1b0ce15837d85e4c361d0bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
6422
x-proxy-cache
MISS
1158675410_1701937345_746513822.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
5 KB
5 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1158675410_1701937345_746513822.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
33f56d51809e2b10e54744bd5fc45c73242945610b0b48821e647d5829c35a83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
5190
x-proxy-cache
MISS
870209480_1607301199_1806269349.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
6 KB
6 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/870209480_1607301199_1806269349.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
4bcd19dff81c226fbe7a80a32c4b37589c4a491031a4bc680b2884180f7c6031

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
6045
x-proxy-cache
MISS
749211911_2072753538_1013411174.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
5 KB
6 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/749211911_2072753538_1013411174.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
737bf14e707f3e3a29fec19c5d4996e90a99a49efe172d48f08cf393aa5f61d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
5618
x-proxy-cache
MISS
1168866296_1069123409_1546656008.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
6 KB
6 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1168866296_1069123409_1546656008.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
1c8012f315241dbfd0dda27d94be9f8be3cd6af9e0cc6f9daf2c7440e59d7433

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
6278
x-proxy-cache
MISS
1185858075_1925131483_171434512.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
6 KB
6 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1185858075_1925131483_171434512.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
2aee47ea025f010c1803afa2eb72c4c97589f331b30ef132f48afb13207f9666

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
5707
x-proxy-cache
MISS
1606568185_477641564_2120776752.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
7 KB
7 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/1606568185_477641564_2120776752.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
dad3de7923d590df7a16b4eef5b2a6c0f0b04deaaec82864940aad3e97575845

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
6874
x-proxy-cache
MISS
17110921_840499482_1914530350.jpg
icewahl.com/sarasleuth/kasebook//image/a/112/112/
5 KB
5 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//image/a/112/112/17110921_840499482_1914530350.jpg
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
48a59aedd74660477afd418f3ea32139e07e14f0a34597d76d52481a8f285149

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Wed, 26 Oct 2022 19:51:29 GMT, 0
pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
last-modified
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-type
image/jpeg
x-httpd
1
cache-control
max-age=864000000, must-revalidate, no-cache, no-store, must-revalidate
accept-ranges
none
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
4845
x-proxy-cache
MISS
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
164 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6204565184215791
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9bc6b4ef19719c27a04e016e9f92e0542398b5ac19d2e2fb7a7b83132584ce1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://icewahl.com/
Origin
https://icewahl.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54275
x-xss-protection
0
server
cafe
etag
8258621820495150755
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 16 Oct 2022 19:51:28 GMT
css
fonts.googleapis.com/
10 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook//themes/spacebook/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 16 Oct 2022 19:51:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 16 Oct 2022 18:41:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 16 Oct 2022 19:51:28 GMT
logo.png
icewahl.com/sarasleuth/kasebook//themes/spacebook/images/
6 KB
7 KB
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/images/logo.png
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook//themes/spacebook/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a0e0a5b5315d5260e99a280c256e307505cdf1caa5d8c350e2f6c3453ce183db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook//themes/spacebook/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:28 GMT
last-modified
Fri, 14 Oct 2022 17:11:10 GMT
server
nginx
etag
"6349982e-1965"
x-proxy-cache-info
DT:1
content-type
image/png
cache-control
max-age=31536000
host-header
8441280b0c35cbc1147f8ba998a563a7
accept-ranges
bytes
content-length
6501
expires
Mon, 16 Oct 2023 19:51:28 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://icewahl.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 10 Oct 2022 18:50:34 GMT
x-content-type-options
nosniff
age
522054
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 10 Oct 2023 18:50:34 GMT
captcha.php
icewahl.com/sarasleuth/kasebook//includes/
493 B
803 B
Image
General
Full URL
https://icewahl.com/sarasleuth/kasebook//includes/captcha.php?dir=ltr
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.208.79.127 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
127.79.208.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
f3edfd6f47a1cc995bbc75994ae072b291018df785db6c5853a2cd7d4370496a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/sarasleuth/kasebook/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Thu, 19 Nov 1981 08:52:00 GMT, 0
pragma
no-cache, no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
server
nginx
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_INVALID_EXPIRES
content-type
image/png
x-httpd
1
cache-control
no-store, no-cache, must-revalidate, no-cache, no-store, must-revalidate
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache
MISS
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/
352 KB
116 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6204565184215791
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36f00054b0a3b92479ba937f61483910a436b0240dde04051e3b46a8c48378f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118624
x-xss-protection
0
server
cafe
etag
15252930969921966858
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 16 Oct 2022 19:51:29 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/ Frame 6EFA
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6204565184215791
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://icewahl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
34248
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4420
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 16 Oct 2022 10:20:41 GMT
etag
9671129459699598864
expires
Sun, 30 Oct 2022 10:20:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/
389 B
694 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=icewahl.com&callback=_gfp_s_&client=ca-pub-6204565184215791&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
37a262ec94e703e391a6d23503facbbc6d97aba1c8ea2a71420e3b4b7241e474
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
250
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=icewahl.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=icewahl.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Ficewahl.com%2Fsarasleuth%2Fkasebook%2F&tn=DIV&cls=topbar&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: icewahl.com
URL: https://icewahl.com/sarasleuth/kasebook/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Oct 2022 19:51:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame F4E8
603 B
68 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6204565184215791&output=html&adk=1812271804&adf=3025194257&lmt=1665949889&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ficewahl.com%2Fsarasleuth%2Fkasebook%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665949889092&bpp=3&bdt=671&idt=247&shv=r20221012&mjsv=m202210100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8069804105297&frm=20&pv=2&ga_vid=828594400.1665949889&ga_sid=1665949889&ga_hid=1440824381&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774718%2C42531705%2C31070341%2C44769662&oid=2&pvsid=1453567000395599&tmod=383869416&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=262
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://icewahl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 16 Oct 2022 19:51:29 GMT
expires
Sun, 16 Oct 2022 19:51:29 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
11 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd23875a50370454f05b7483391a931c3f0bf03111a93373ec7eb596bd54f9d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11153
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6204565184215791&plah=icewahl.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 16 Oct 2022 19:51:29 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 47DF
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://icewahl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
4500
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 16 Oct 2022 18:36:30 GMT
expires
Mon, 16 Oct 2023 18:36:30 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame FD59
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7f0b18e790a82dc44003f167cd67d1f15bd06d092417aa49ac9054b40e825dbe
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-yFCXFkYSTDpCMzqvfL9Hyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://icewahl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-yFCXFkYSTDpCMzqvfL9Hyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 16 Oct 2022 19:51:30 GMT
expires
Sun, 16 Oct 2022 19:51:30 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
OLZMwUuXKff5QHkWgJZ5Acpn9ezP58Pxr98BvfUDCEE.js
pagead2.googlesyndication.com/bg/ Frame 47DF
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/OLZMwUuXKff5QHkWgJZ5Acpn9ezP58Pxr98BvfUDCEE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
38b64cc14b9729f7f940791680967901ca67f5eccfe7c3f1afdf01bdf5030841
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 18:13:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5889
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16062
x-xss-protection
0
last-modified
Tue, 11 Oct 2022 09:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 16 Oct 2023 18:13:21 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame FD59
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221012&jk=1453567000395599&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame 47DF
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?FmK3oQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 19:51:30 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221012&jk=1453567000395599&bg=!XF-lXxvNAAYeOJy_Pjg7ACkAdvg8WnCiUkTZyFODlNhI0EUKVTBX8LZpBxzTK8w8se8h92y8gCy9lgIAAABJUgAAAAJoAQcKAG2g_m72cGh_fjqib0WAarvgjeCLRM-gCfjneSnOPXdqLw2mfwFoXp1DziTnKKV3XlvjJNl-nEMt9ddrHSyOWLYJBOpun-8xBJsUc7xWKOg-v1oWL_0sgHAsFr5EFNU_Tw9q73hVYawRYFiJ3FjRmQKbq2n0uER4kuT7_ZWRhg96vUs9NSKpSSKQnthyd32exFGNquCNhhtKKUXUjHgouzIXDq1a54K8mH2Cfe2VAqy_wB8DerpiBHHY-8LNTP2VEjP06o-1i2rajnXFotTSYADv22zFMfwR5RPTyhY3DRJWSJ97xD_RebYksIUlu7m8eg9OSgvEOFkvwb4AU8p-d7_YLsp96pbw6OOOLLF5fVVFEz_DtzIjt0j5xhuXiJRrpvQzNUR9KaMQQjcPrbgCvJF1bmsgcwlMuaz_TBh3DeUELG4FdrGYyoies01t3R1j6yAA6M4rAH9wZO2LoZQ3pooMGsQLg0bvfQ09_WS4G5thuGCyIh7njNVSCDhoAAUIl60nkMSQEKS9NHBtpBqrEt4Y07EFYZGaGoQmTocwBXLGOcBAxvXOWkUmIPo1vupc1xQUvndzzle_B14K2AhVyQXsiZ5VcyIRkEAyvxIsYYdg_HKiPCSp7PSCywGlm-Wxf847WVnC8HJ5FRl0lfeJd6ZOT1IS3Te_gJ8-mGLKMZDljENU3sxb_vPW_XAofWBiTtEXftjzov2sgQCbAD35JUC5-dzpXSdxB7QKRLaSe95QrEUKjl4-lBlFFEIITahbcjzFMxBqy0QFKQSjdGZmDmtO-R9oroEAwV6NYqH5TRVF3Cbv6DE-7KC1G9_7XqYFRyCT3lFHscFoFWsRKIU7GNqEXAm1ipZ1qknfdwppCiaeQ2btBlvzDUOogUCObfVCEYbB0bihVFWA76oJtGramiuX18Mk9_ukbtnFRePWhJnlR2y1FdpWifOdAt1zULf4kpbt1pehE8GhDvCfh8e6pJqFos2mjrc7XkEWfoBzjSS1ui7nufJOIoxZeb9GFIoZr1IS2wG0_s6SG9Jt5Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://icewahl.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| baseUrl string| token_id string| search_users_url string| search_tags_url string| search_groups_url string| search_pages_url string| lng_download string| lng_close string| lng_just_now string| lng_ta_second string| lng_ta_seconds string| lng_ta_minute string| lng_ta_minutes string| lng_ta_hour string| lng_ta_hours string| lng_ta_day string| lng_ta_days string| lng_ta_week string| lng_ta_weeks string| lng_ta_month string| lng_ta_months string| lng_ta_year string| lng_ta_years string| lng_ago string| lng_dir function| $ function| jQuery function| autosize function| showButton function| loadComments function| loadFeed function| loadPage function| loadGroup function| loadPeople function| loadProfile function| loadHashtags function| loadSubs function| loadBlocked function| postComment function| share function| doShare function| deleteModal function| cameraModal function| likesModal function| sharesModal function| hideModal function| loadLikes function| loadShares function| hideSearch function| delete_the function| edit_message function| edit_comment function| report_the function| friend function| loadNotifications function| page function| group function| deleteNotification function| privacy function| manage_the function| manage_report function| doLike function| doBlock function| poke function| showNotification function| checkNewMessages function| postChatImage function| postChat function| chatInput function| checkChat function| loadChat function| addSmile function| showEmojis function| chatPluginContainer function| openChatWindow function| closeChatWindow function| minimizeChatWindow function| disableTitleAlert function| addFriendArray function| cleanOldFid function| startUpload function| stopUpload function| focus_form function| resizeGallery function| manageResults function| chatLiveSearch function| profileCard function| notificationTitle function| dropdownMenu function| messageMenu function| postPrivacy function| sidebarShow function| adminSubMenu function| checkAlert function| searchFriends function| reload function| gallery function| getNext function| startLoadingBar function| stopLoadingBar function| liveLoad function| doMention function| pollVote function| addAnswer function| share_social function| doDislike object| friends_windows object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms

5 Cookies

Domain/Path Name / Value
icewahl.com/sarasleuth/kasebook// Name: PHPSESSID
Value: 1e950cbadfb81131e463b8b8c2f07fa0
icewahl.com/sarasleuth/kasebook// Name: lang
Value: english
.icewahl.com/ Name: __gads
Value: ID=bdbf88323459492a-2290e18348ce000d:T=1665949889:RT=1665949889:S=ALNI_Ma6ZTzXCcJnNTsyrfsszwfXKUuf6A
.icewahl.com/ Name: __gpi
Value: UID=00000b73cbb031e9:T=1665949889:RT=1665949889:S=ALNI_MaEZA-IsoFaKu9YC4ZCfaCqb08VOg
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
icewahl.com
kasebook.info
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
162.255.119.62
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:803::2004
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:806::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:82a::2001
35.208.79.127
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0dfb644a39d19bebfa04ee088afbd7ccd5084a1c9c29b00cd4717b05f53635df
0e4851dc5f0a371f6d136c7d8774fc23092323a8eb0b8de39efa526fd9823494
1c8012f315241dbfd0dda27d94be9f8be3cd6af9e0cc6f9daf2c7440e59d7433
1eacbab4f087727acb4bc9cb2092431c6ce0289d1fb2b6da7fd3537d5204b097
2ac748cc809f6e4003d13cda0fd6247e6e28be19b6028b0f1db2f89a6b3fc27e
2aee47ea025f010c1803afa2eb72c4c97589f331b30ef132f48afb13207f9666
33f56d51809e2b10e54744bd5fc45c73242945610b0b48821e647d5829c35a83
3682250366856de4552ca19397ecd172ea4f90a90e9534c42d418f389d3e734e
36f00054b0a3b92479ba937f61483910a436b0240dde04051e3b46a8c48378f4
37a262ec94e703e391a6d23503facbbc6d97aba1c8ea2a71420e3b4b7241e474
38b64cc14b9729f7f940791680967901ca67f5eccfe7c3f1afdf01bdf5030841
48a59aedd74660477afd418f3ea32139e07e14f0a34597d76d52481a8f285149
4bcd19dff81c226fbe7a80a32c4b37589c4a491031a4bc680b2884180f7c6031
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5ca90aed2935a159d07732567e0147b7092deea5b1b0ce15837d85e4c361d0bf
5d5c00470240d4a75936959a6f05e45a097f62b0b12ff854b71d6eeb43fcde7c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6aec1bcb338cf638173f375e5252eb71bf4e01e1904846c6d41c885dbdb8ae38
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
712c16e531a0aee4e33008b090db1bdb7639562eb42aa8835d8cf7189a79a859
737bf14e707f3e3a29fec19c5d4996e90a99a49efe172d48f08cf393aa5f61d5
7f0b18e790a82dc44003f167cd67d1f15bd06d092417aa49ac9054b40e825dbe
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
97e1fe70db8dd18f8c06ffc4508b925ba00e633e3b00c2bb01239b73ba6f2025
a0e0a5b5315d5260e99a280c256e307505cdf1caa5d8c350e2f6c3453ce183db
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aa96d94e0dd09fa82f84c719d841c3dd9e3a6806e04da2c65709366af87b3938
d7501e1311ce428e0c9e76b33a3b8483132e256e9dad15c0f935851926f93c21
d9bc6b4ef19719c27a04e016e9f92e0542398b5ac19d2e2fb7a7b83132584ce1
dad3de7923d590df7a16b4eef5b2a6c0f0b04deaaec82864940aad3e97575845
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3edfd6f47a1cc995bbc75994ae072b291018df785db6c5853a2cd7d4370496a
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
fadca979e3b5bac6dc73303ec85a8fc2167b5c5e875a8d04c8119680eaad5d0d
fd23875a50370454f05b7483391a931c3f0bf03111a93373ec7eb596bd54f9d9
fd7425e990c2e8dd93ea80547bb257354d215b2f2dd92b75d5f8d9e38986b6bc