2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
2a00:fb01:400:200:5000:45ff:feb5:f777 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html 2yr old
Submission: On July 16 via api (July 16th 2025, 7:56:36 pm UTC) from US — Scanned from AT

Summary HTTP 27 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 5 countries across 15 domains to perform 27 HTTP transactions. The main IP is 2a00:fb01:400:200:5000:45ff:feb5:f777, located in Switzerland and belongs to EVERYWARE-NET EveryWare AG, CH. The main domain is 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io. 2yr old
TLS certificate: Issued by E5 on July 3rd 2025. Valid for: 3mo.

This is the only time 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2a00:fb01:400... 2a00:fb01:400:200:5000:45ff:feb5:f777	24951 (EVERYWARE...) (EVERYWARE-NET EveryWare AG)
6	104.18.3.78 104.18.3.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:293c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.36 13.33.187.36	16509 (AMAZON-02) (AMAZON-02)
3	18.173.210.167 18.173.210.167	16509 (AMAZON-02) (AMAZON-02)
2	35.244.144.25 35.244.144.25	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	104.21.16.1 104.21.16.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.36.200.111 34.36.200.111	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:10:... 2606:4700:10::ac43:b78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	13.32.99.59 13.32.99.59	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.128 99.86.4.128	16509 (AMAZON-02) (AMAZON-02)
1	23.45.96.101 23.45.96.101	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.66.68 65.9.66.68	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:10:... 2606:4700:10::ac43:246e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:17ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac42:a937	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	16

2 2a00:fb01:400:200:5000:45ff:feb5:f777 (Switzerland)

ASN24951 (EVERYWARE-NET EveryWare AG, CH)

2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 104.18.3.78 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

s.nitropay.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::ac43:293c (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 13.33.187.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-36.fra60.r.cloudfront.net

ats-wrapper.privacymanager.io 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 18.173.210.167 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-210-167.fra56.r.cloudfront.net

c.amazon-adsystem.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.244.144.25 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 25.144.244.35.bc.googleusercontent.com

t.nit.ro 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
floors.nitropay.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.21.16.1 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

consent.nitrocnct.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.36.200.111 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 111.200.36.34.bc.googleusercontent.com

ag.dns-finder.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2606:4700:10::ac43:b78 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 13.32.99.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-59.fra60.r.cloudfront.net

geo.privacymanager.io 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 99.86.4.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-128.fra6.r.cloudfront.net

config.aps.amazon-adsystem.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 23.45.96.101 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-96-101.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 65.9.66.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-68.fra56.r.cloudfront.net

tags.crwdcntrl.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::ac43:246e (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.hadronid.net 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::ac43:17ea (None, )

ASN13335 (CLOUDFLARENET, US)

a.ad.gt 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::ac42:a937 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
7	nitropay.com s.nitropay.com — Cisco Umbrella Rank: 22548 8yr old floors.nitropay.com — Cisco Umbrella Rank: 31358 1yr old	283 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 369 12yr old config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 860 3yr old	99 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1147 9yr old	721 B
2	nitrocnct.com consent.nitrocnct.com — Cisco Umbrella Rank: 24943 4yr old	207 KB
2	privacymanager.io ats-wrapper.privacymanager.io — Cisco Umbrella Rank: 1994 5yr old geo.privacymanager.io — Cisco Umbrella Rank: 2049 6yr old	35 KB
2	icp0.io 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io 2yr old	42 KB
1	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 936 7yr old	30 KB
1	ad.gt a.ad.gt — Cisco Umbrella Rank: 1976 10yr old	3 KB
1	hadronid.net 1 redirects cdn.hadronid.net — Cisco Umbrella Rank: 1886 4yr old	130 B
1	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1235 13yr old	13 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1414 13yr old	22 KB
1	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 184 10yr old	130 B
1	dns-finder.com ag.dns-finder.com — Cisco Umbrella Rank: 1316 1yr old	234 B
1	nit.ro t.nit.ro — Cisco Umbrella Rank: 18378 3yr old
1	btloader.com btloader.com — Cisco Umbrella Rank: 1051 6yr old	36 KB
27	15

	Domain	Requested by
6	s.nitropay.com	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io s.nitropay.com
3	c.amazon-adsystem.com	s.nitropay.com c.amazon-adsystem.com
2	ad-delivery.net	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
2	consent.nitrocnct.com	s.nitropay.com
2	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	cdn.id5-sync.com	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	a.ad.gt	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	cdn.hadronid.net	1 redirects
1	tags.crwdcntrl.net	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	secure.cdn.fastclick.net	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	geo.privacymanager.io	ats-wrapper.privacymanager.io
1	ad.doubleclick.net	2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
1	ag.dns-finder.com	btloader.com
1	floors.nitropay.com	s.nitropay.com
1	t.nit.ro	s.nitropay.com
1	ats-wrapper.privacymanager.io	s.nitropay.com
1	btloader.com	s.nitropay.com
27	18

This site contains links to these domains. Also see Links.

Domain
nitropay.com

Subject Issuer	Validity	Valid
ic0.app E5	`2025-07-03` - `2025-10-01`	3mo	crt.sh
nitropay.com WE1	`2025-07-01` - `2025-09-29`	3mo	crt.sh
btloader.com WE1	`2025-06-01` - `2025-08-30`	3mo	crt.sh
*.privacymanager.io Amazon RSA 2048 M03	`2025-05-26` - `2026-06-23`	1yr	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M03	`2024-11-19` - `2025-12-18`	1yr	crt.sh
*.nit.ro WR3	`2025-07-09` - `2025-10-07`	3mo	crt.sh
*.nitropay.com WR3	`2025-05-26` - `2025-08-24`	3mo	crt.sh
nitrocnct.com WE1	`2025-06-08` - `2025-09-06`	3mo	crt.sh
dns-finder.com WR3	`2025-07-10` - `2025-10-08`	3mo	crt.sh
ad-delivery.net WE1	`2025-07-04` - `2025-10-02`	3mo	crt.sh
*.doubleclick.net WE2	`2025-06-23` - `2025-09-15`	3mo	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2024-12-22` - `2026-01-21`	1yr	crt.sh
secure.cdn.fastclick.net DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2025-06-08` - `2026-06-09`	1yr	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M02	`2024-09-07` - `2025-10-07`	1yr	crt.sh
id5-sync.com WE1	`2025-05-24` - `2025-08-22`	3mo	crt.sh

This page contains 1 frames:

Primary Page: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Frame ID: 87F979801804C2E3AFE87E5BD049F692
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

27
Requests

96 %
HTTPS

35 %
IPv6

15
Domains

18
Subdomains

16
IPs

5
Countries

771 kB
Transfer

2658 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://nitropay.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2F2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io%2Ftemplates%2Fadtop.html&ref=&_it=amazon&partner_id=720 HTTP 301
https://a.ad.gt/api/v1/u/matches/720?_it=nitro

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request adtop.html Show response
2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/ 348 B
3 KB 324ms
216ms Document
text/html 2a00:fb01:400:200:5000:45ff:feb5:f777
EVERYWARE-NET Eve...

General

Check archive.org

Download Go to

Full URL

https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:fb01:400:200:5000:45ff:feb5:f777 , Switzerland, ASN24951 (EVERYWARE-NET EveryWare AG, CH),

Reverse DNS

Software

Resource Hash

5e6a6ee6f0cc012b5b1783d629e8925eeec5f74b23ffc4ce7099cd9e3e524f73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: accept-ranges, content-length, content-range, x-request-id, x-ic-canister-id
content-encoding: gzip
content-length: 218
content-type: text/html
date: Wed, 16 Jul 2025 19:56:36 GMT
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBggRYIEcHW/5i6fSAwsXfCI9kGK/nWGadmjtsFDxsxR8v9+ddgwJIY2FuaXN0ZXKDAYIEWCCFkHnmVDgM/7WnOwSaq/jSFnOthUYaGP3MOhoJTSx3foMBgwGDAYIEWCAOg2iJQBk1CetdWY+wQS8vsvqGo2LoC0iHk18mQ0pmOoMBggRYIKKWjBORkDLMZKGCcFv4ex/cxjs70h7phqnunslEWXTTgwGDAYMBggRYIIlNimNUhKnRu4KCWpU6GuAfS3Irpnr//172VIRMFBrEgwGCBFgg4GMLZQBm/pzZ2zCy8HibDNvqeVSvCPYh2ZMletj8sTyDAYMBggRYIO7q5szALOuowfFgFFoJnnochksulUo8KHO/5XWPB4aJgwGDAYMBgwJKAAAAAABwL3wBAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCBBmNqL6kzx4KAvw9QirDy0Hm5ZoLGEyI0UJAK+5a3E2IIEWCD6TctMy3qesNWSgUvKhAZsdVBhIlDAYUIHLDaZPqVC9oIEWCCFEhkS4KSNYouYG/G3EYDHTuVbuFC8CaAPC1aNic9fioIEWCDfm5tLeZQebF23eK31EZsLDDyhTz9cc7DPuvJ5mN5QbYIEWCBkK9LwwKPgOC36K5qRC18z03MH1nLWo1pwHi+JWxR8xoIEWCDOj3iDDfJ1cumnLJ/tnVQUj1MsnnmRm2mWFBiIvLkRE4IEWCA5XgH05osOClxw59qI2HgZ4APUeRnYZa5e7RMvrf6Rx4IEWCB0RBh9gQcPjACZm508IJXV7rrFrZ4pvR6FPO/M0sNLZ4IEWCD5NuDqcCM8wYwc8UhJxnGs2rbA5OE6ck9yVSbdj2F2O4IEWCAztmCuCnRnRwRvfF697zVZ9V6TwQ4QjH6mOf423J5Qc4IEWCDZzk7kJNaTW3UrhP1GOhw+08LI/B1aBJC1x9JWwx2zzYIEWCAzIFD160IZTewD/784MCL/+TNb2Z7T+j/k3/gzcLwHKYMBggRYIG0XDDW0/Ae9AAGqf2866KvVIV7VqCgGhTbv88K3f8UOgwJEdGltZYIDScrVgpmk8bSpGGlzaWduYXR1cmVYMIgiDkziaOdbNzYcbJQED62QMqs2ekUelAkgP4HuVVzJ+TQA8PHviCcF6udE0+nlgmpkZWxlZ2F0aW9uomlzdWJuZXRfaWRYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCa2NlcnRpZmljYXRlWQJ92dn3omR0cmVlgwGCBFggGCLhOfJsae9msL7UVBfNveUDwf8UyCRmJ+bmHaDylsuDAYMBggRYIKQBS3QiYwRUiHA6nGPUKZa255pAvXHYbOvborhQgVZngwJGc3VibmV0gwGDAYIEWCA5O3pC7Gu7COFmphObRZlD16vgfdem4XueFVhdkP+M5IMBgwGDAYMBgwJYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCgwGDAk9jYW5pc3Rlcl9yYW5nZXOCA1gb2dn3gYJKAAAAAABwAAABAUoAAAAAAH///wEBgwJKcHVibGljX2tleYIDWIUwgYIwHQYNKwYBBAGC3HwFAwECAQYMKwYBBAGC3HwFAwIBA2EAlV9S9zwt7FmmN7KU5QuTTbXW3innO7z4Tn2GpKxBute1OfmBet6JFpYdnda/klcBDVhXFW6P5qr89v0Gh5XnC9M5mzQRMAyczI66DQaMEOTPtvTifRlbHq14XWGOs5O5ggRYIEy5ZnwgI5Lxw0GtR2OQgOGnBjKnYdKylVGyxCZN96txggRYIDCoDQc5KiHBQlEd4wNeg1bsGuSCXcwxHnsGkuJnIZdLggRYIGNkuXLxbP7mogplWyZz/u1FJ+CW/67EA6VgYPuVii2JggRYIK6+d/FcurMKrdu5tLMEhQmaLPRZt6eJ8Y8z8+xWiCCcggRYIFIYubyvEukb4CCE89c0TjH1CTvCdsOJgXqgE+BMHKJygwJEdGltZYIDSYDfmeDX4rSpGGlzaWduYXR1cmVYMKtHPb97w/NvfcDBUW4hzfnAZIGvsGRI5zS46ME2BhZ1SPC9vOgQL3sb4vujjTh34A==:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYIEWCDZiYZ20LcqBkEMBNM40xdv5nSOIDY+xyySmdcaIRyIWIMBggRYIN9MzhhQ7NhXtRLAEQZrZd8jmWswohn3Fbb9tquS6by2gwGCBFggeUD3U1Piyx8/VOoZwnX+rs9Cmtp/IiQgzw1Gq/TFzfyDAYIEWCCTPlvjRxdTxwQN1YNPQdm9Djp/IhJvymfmjqWwOcQf34MBggRYIIYnuCaH4xnxJglKVAUyge27U9MD3XM1ugbhHa4/2hZkgwGCBFggIGBz36VNtLFxyLoQ1NV/317fFJuzODMyzN0+QLsx3W6DAYMBgwJVL3RlbXBsYXRlcy9hZHRvcC5odG1sggNYIF5qbubwzAErWxeD1inokl7uxfdLI//EznCZzZ4+Uk9zggRYIAhmqfpLgPG+ZxvhWDrZkbDRYVME0b5o7Bwh1ZeGgCoCggRYIA2jp7tTfb+EDHa8X0dO08UGGNXPymr71pOaZZInMR3Q:
strict-transport-security: max-age=31536000; includeSubDomains
vary: origin, access-control-request-method, access-control-request-headers
x-cache-ttl: 10
x-ic-canister-id: 2h7ko-mqaaa-aaaad-qf56a-cai
x-request-id: 019814cf-73b3-7a12-8200-a6f003bfdfcd

GET
H3 200 ads-1751.js Show response
s.nitropay.com/ 730 KB
228 KB 1012ms
967ms Script
text/javascript 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://s.nitropay.com/ads-1751.js

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afa753c26a86fcd49a7290334c54aaa53291bda9a83d03665f21d75353edd38e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
x-goog-meta-goog-reserved-file-mtime: 1752010105
content-encoding: gzip
cf-cache-status: MISS
etag: W/"c718fadc99800ecf6428a213e21b81cd:1752695580000:AT"
x-goog-hash: crc32c=naVZoA==, md5=xxj63JmADs9kKKIT4huBzQ==
x-goog-stored-content-encoding: identity
expires: Thu, 16 Jul 2026 19:56:37 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 741911
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:37 GMT
content-type: text/javascript
last-modified: Wed, 16 Jul 2025 19:53:00 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-guploader-uploadid: ABgVH89uqceXwxR_Gqlhr3glnqCa3ntVzDkgdM9PNgRn_eVmXrvz1VVODTU_MW6quIMtOD4F3JigHyI
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: private, max-age=600
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9604105aca91690a-FRA
access-control-allow-origin: *
x-goog-generation: 1752010838466894
server: cloudflare

GET
H2 200 tag Show response
btloader.com/ 122 KB
36 KB 96ms
34ms Script
application/javascript 2606:4700:10::ac43:293c
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:293c -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daa68ff3788dd57afbe52d408f779a020c5f6b886f2f3fb7a14ada50ebb63d07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-robots-tag: noindex, nofollow
cache-control: public, max-age=300, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
cf-cache-status: HIT
etag: "86e45c41feac4612ee8ccb39947f7ecb"
via: 1.1 google
cf-ray: 960410632a6c3eba-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36394
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: application/javascript
last-modified: Wed, 16 Jul 2025 18:59:05 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 ats.js Show response
ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ 102 KB
34 KB 116ms
33ms Script
application/javascript 13.33.187.36
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ats.js
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-36.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 861c5c97ffcba20ab6f470ebaa8695cf580a23d327c490ccc230a8cff97eb615

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

vary: accept-encoding
cache-control: must-revalidate,public,max-age=3600
content-encoding: gzip
x-amz-version-id: VlKuRQVK09Ly3IR2jaF2pqDq6HLGId.9
etag: W/"57a5316544e237240d64f1155bb29c62"
age: 839
via: 1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: zaV4x85N7ATV57KGVremB2w5ITKU70gvWQwgvm-OqKEiv5TU7VrjvA==
date: Wed, 16 Jul 2025 19:42:40 GMT
content-type: application/javascript
last-modified: Mon, 07 Jul 2025 14:38:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256

GET
H3 200 gpp-61d490e.min.js Show response
s.nitropay.com/ 227 KB
47 KB 42ms
41ms Script
text/javascript 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://s.nitropay.com/gpp-61d490e.min.js

Requested by

Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a63b2b0e36917ac85677f057a33ea1714ffc9b70362d799c23f1b9fd007f57c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
content-encoding: gzip
x-goog-hash: crc32c=kd50Hw==, md5=85Xn3RooJE0C7GGraVVcGw==
etag: W/"f395e7dd1a28244d02ec61ab69555c1b"
age: 297884
cf-cache-status: HIT
x-goog-stored-content-encoding: identity
expires: Sun, 20 Jul 2025 09:11:54 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 232723
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: text/javascript
last-modified: Mon, 23 Jun 2025 17:15:57 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-guploader-uploadid: ABgVH89J8mZXEntJpOyPD5Uz0XWv_cvTbRh-_KnVyKO0_5XYfIXyPIf3pvMWaOw9j0ANbS_vY9T9wR8
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: public, max-age=604800
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041062df6c690a-FRA
access-control-allow-origin: *
x-goog-generation: 1750698957275780
server: cloudflare

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 383 KB
93 KB 110ms
28ms Script
application/javascript 18.173.210.167
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.210.167 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-210-167.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d313d18773b4665e814f46dfdf164d5cd9aa0814584afbc4853c48661bcdcbd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

vary: Accept-Encoding
cache-control: max-age=3600
content-encoding: gzip
etag: W/"8c3143c23845122ee3464b3e466daf8f"
age: 2099
via: 1.1 fd4a8fa7c304171992e7f22fc8894904.cloudfront.net (CloudFront), 1.1 e787a68a5271d06ea7b7e56fa6886dc8.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: S-Ip8js7xn-GL3wVlilwewNIK1BKRhpeSd71rnMWaHJQoxEjThJYwQ==
date: Wed, 16 Jul 2025 19:21:34 GMT
content-type: application/javascript
x-amz-cf-pop: FRA60-P1, FRA56-P12
server: AmazonS3
last-modified: Thu, 26 Jun 2025 22:21:46 GMT
x-amz-server-side-encryption: AES256

GET
H2 204 p
t.nit.ro/ 0
0 237ms
149ms Fetch 35.244.144.25
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://t.nit.ro/p?d=QkBodHRwczovLzJoN2tvLW1xYWFhLWFhYWFkLXFmNTZhLWNhaS5pY3AwLmlvL3RlbXBsYXRlcy9hZHRvcC5odG1sWiQwMTk4MTRjZi03OWJkLTdkZWEtOWUwNi1kYzI0MGYzMTkyNGRiAkFUagE5igEQCgtfZXhwLmZsb29ycxIBMZIBAJoBBzRhMDk5NDm4AQDQAdcN2AEB
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 25.144.244.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 16 Jul 2025 19:56:38 GMT
vary: Origin

GET
H3 200 1.gif
s.nitropay.com/ 42 B
647 B 40ms
40ms Image
image/gif 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://s.nitropay.com/1.gif?x=1&adslot=

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 3
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=ljrbyA==, md5=2JdGiI2i2VELZKnwMers1Q==
cf-cache-status: HIT
etag: "d89746888da2d9510b64a9f031eaecd5"
age: 533427
x-goog-stored-content-encoding: identity
expires: Thu, 17 Jul 2025 15:46:11 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 42
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:38 GMT
x-goog-custom-time: 1970-01-01T00:00:00Z
content-type: image/gif
last-modified: Fri, 22 Jan 2021 08:58:45 GMT
vary: Accept-Encoding
priority: u=3,i
x-guploader-uploadid: ABgVH8_Jpcgxx8XMLv9N8V7lKcdFnixLSu5VLg2_a3anoNUul-A3Gazkd6jhvj7HlW-jwl4Z
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: public, max-age=604800
x-goog-meta-
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041062ef75690a-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1611305925409947
content-length: 42
server: cloudflare

GET
H2 200 f Show response
floors.nitropay.com/ 2 B
159 B 289ms
199ms Fetch
application/json 35.244.144.25
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://floors.nitropay.com/f?s=1751&c=AT&fp=r7z2h6
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/ads-1751.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.144.25 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 25.144.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

content-encoding: gzip
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: application/json
vary: Origin

GET
H3 200 additional-consent-providers.csv Show response
consent.nitrocnct.com/ 107 KB
108 KB 91ms
47ms XHR
text/csv 104.21.16.1
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://consent.nitrocnct.com/additional-consent-providers.csv
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/gpp-61d490e.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.16.1 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e44f6ec86acfe83aca288597bf56662e535055f48fec6083360b1a15d8262499

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=46FWvA==, md5=C5ebpuopeCk4sUi4/a0dgg==
cf-cache-status: REVALIDATED
etag: "0b979ba6ea29782938b148b8fdad1d82"
age: 3317
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WE6XkevmxjmVkluB3VpMjGEPXBgdQ42ttn85Fnbh4%2BW%2Bomm2uQkf8asv%2BapTi1hV%2B8pQAjGjrCKidxaswdBFSZGhLynqGL45rEJirkLvzSbc8F%2BJioTQh20lMVBdk3w8jPFbuwRbw%2BQ%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
expires: Wed, 16 Jul 2025 20:47:02 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 109172
server-timing: cfL4;desc="?proto=QUIC&rtt=28539&min_rtt=28457&rtt_var=10835&sent=10&recv=8&lost=0&retrans=0&sent_bytes=3644&recv_bytes=3466&delivery_rate=952118&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=14902&unsent_bytes=0&cid=55e5d9c3e00819aa&ts=49&inflight_dur=30&x=103"
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: text/csv
last-modified: Tue, 25 Feb 2025 15:57:30 GMT
vary: Accept-Encoding
x-guploader-uploadid: ABgVH89YMBxCi_P0s3oawVWjxTHVFetXGAZsI2Bi_-tFPN7_YmK1Hrzx8MZI3UIr49uvrrb9pnrx7Ng
cache-control: public, max-age=3600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: STANDARD
cf-ray: 960410638da6d289-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1740499050366347
content-length: 109172
server: cloudflare

GET
H3 200 vendor-list-v3.json Show response
consent.nitrocnct.com/ 711 KB
100 KB 155ms
112ms XHR
application/json 104.21.16.1
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://consent.nitrocnct.com/vendor-list-v3.json
Requested by: Host: s.nitropay.com
URL: https://s.nitropay.com/gpp-61d490e.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.16.1 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 215d3fe7ac922d9431d684af3dc94e5810a7aa8685c1df14371c6b0549b778d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=bGS4/w==, md5=vdZSHdvugOh2S8mtChxOSw==
cf-cache-status: MISS
etag: W/"bdd6521ddbee80e8764bc9ad0a1c4e4b"
age: 400
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cX2dkx%2BmleO2LC%2BwRIEc8AKL7i9h2%2FE7qLHDrP6kY%2BPmbG0%2BBrDP1oryRFjQ8%2F633ZJHgdNEd1vlHVim8oynulb2yyLH%2BfbfexBdurykSVwNZB20C4FbwGzDNuJEKQz2bZu5%2BZnFZrI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
expires: Wed, 23 Jul 2025 19:49:58 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 728235
server-timing: cfL4;desc="?proto=QUIC&rtt=28376&min_rtt=28016&rtt_var=4819&sent=24&recv=11&lost=0&retrans=0&sent_bytes=19119&recv_bytes=3599&delivery_rate=952118&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=15475&unsent_bytes=0&cid=55e5d9c3e00819aa&ts=60&inflight_dur=58&x=103"
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: application/json
last-modified: Thu, 10 Jul 2025 16:15:08 GMT
vary: Accept-Encoding
x-guploader-uploadid: ABgVH89pTMOCo9Rs3pN068mZFQzHnQAbbPXmWOAWo3tjXnPXE5WobxnXJZr5trD2YQaN2BhG17FvUx0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-goog-storage-class: STANDARD
cf-ray: 960410638da5d289-FRA
access-control-allow-origin: *
x-goog-generation: 1752164108407669
server: cloudflare

GET
H2 200 dns Show response
ag.dns-finder.com/meta/ 2 B
234 B 230ms
150ms Fetch
text/plain 34.36.200.111
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://ag.dns-finder.com/meta/dns
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=6278260873756672&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 111.200.36.34.bc.googleusercontent.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

cache-control: private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers: X-Resolver
x-resolver: default
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
101 B 112ms
39ms Image
image/gif 2606:4700:10::ac43:b78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 285662
x-goog-stored-content-encoding: identity
expires: Sun, 13 Jul 2025 13:10:57 GMT
x-goog-stored-content-length: 43
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: image/gif
vary: accept-encoding
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH89V1iahC6Cjq-VzVhMwJuRuFGdrWSd1EmKaFBwd176LrlH8maeXucob3ZaRTw6Vy_yxQ11jrBA
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041063fef21e18-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico
ad.doubleclick.net/ 1 KB
130 B 89ms
35ms Image
image/x-icon 142.250.186.38
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

content-encoding: gzip
age: 83171
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 16 Jul 2025 20:50:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 15 Jul 2025 20:50:27 GMT
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
vary: Accept-Encoding
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif
ad-delivery.net/ 43 B
620 B 109ms
37ms Image
image/gif 2606:4700:10::ac43:b78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.2254588582852758
Requested by: Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 285662
x-goog-stored-content-encoding: identity
expires: Sun, 13 Jul 2025 13:10:57 GMT
x-goog-stored-content-length: 43
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: image/gif
vary: accept-encoding
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH89V1iahC6Cjq-VzVhMwJuRuFGdrWSd1EmKaFBwd176LrlH8maeXucob3ZaRTw6Vy_yxQ11jrBA
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041063fee91e18-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 / Show response
geo.privacymanager.io/ 29 B
627 B 102ms
30ms Fetch
application/json 13.32.99.59
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: ats-wrapper.privacymanager.io
URL: https://ats-wrapper.privacymanager.io/ats-modules/438cb908-ed61-41e9-b716-05d5f4122a64/ats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-59.fra60.r.cloudfront.net
Software: /
Resource Hash: 3c8eaa1f8c510af938c52ef9f1a39ec3a75504baf375ee5941cbd0a4e92d8f56

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-amz-apigw-id: NyW8sFDTDoEEiQg=
age: 52134
x-amzn-trace-id: Root=1-68773850-46383a191e0227b963e20a7a;Parent=1019da945ad39d63;Sampled=0;Lineage=1:06620786:0
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-requestid: 61baa6f0-06f7-4503-a7c3-472f52e459c3
via: 1.1 53fd5912708d75e6ec2b16a58625cb1e.cloudfront.net (CloudFront), 1.1 39e6266db143f6443f194d8c60e22480.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 29
x-amz-cf-id: iisKFxtZM-Jv6GhRZcbr-DvKtOp0MIrEFuaisMGwwf8vPcB4k0KMcQ==
date: Wed, 16 Jul 2025 05:27:44 GMT
content-type: application/json
x-amz-cf-pop: FRA50-P2, FRA60-P3
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 da657530-03e5-4306-95bc-d4eb370426c9 Show response
config.aps.amazon-adsystem.com/configs/ 563 B
830 B 95ms
29ms Script
application/javascript 99.86.4.128
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/da657530-03e5-4306-95bc-d4eb370426c9
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-128.fra6.r.cloudfront.net
Software: CloudFront /
Resource Hash: bdefb972e3debe61731be8775ddf7c61f4b9633d5b66d7bfc3610e05f6c38db2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

cache-control: max-age=3600
age: 858
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 563
x-amz-cf-id: gurkLE0-i1OXAhgb1HLBQECmLv6rVnIvFiZFvOK64PU-2vTWC7JZnQ==
date: Wed, 16 Jul 2025 19:42:20 GMT
content-type: application/javascript
x-amz-cf-pop: FRA6-C1
server: CloudFront

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 3 KB
3 KB 125ms
124ms XHR
application/json 18.173.210.167
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2F2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io&pubid=da657530-03e5-4306-95bc-d4eb370426c9
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.210.167 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-210-167.fra56.r.cloudfront.net
Software: Server /
Resource Hash: d2fde0707869da6380e81bab6740fccdeec3669006a37f22965420a911885b0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
via: 1.1 e787a68a5271d06ea7b7e56fa6886dc8.cloudfront.net (CloudFront)
access-control-allow-origin: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
x-cache: Miss from cloudfront
content-length: 2566
x-amz-cf-id: divXWW0n1s2LZFpEJrUAaZr7h_2CeLYeh049Zp4HZ7FS9GESvLelUA==
date: Wed, 16 Jul 2025 19:56:37 GMT
content-type: application/json;charset=UTF-8
x-amz-cf-pop: FRA56-P12
server: Server

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 390ms
328ms XHR
application/javascript 18.173.210.167
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.210.167 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-210-167.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

access-control-max-age: 3000
content-encoding: gzip
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-allow-methods: GET
x-cache: Miss from cloudfront
x-amz-cf-id: mONubCPacTA-pxDfHVCldouFbkZ499CeIRBaHhy2n6ExzHGS83lW0g==
date: Wed, 16 Jul 2025 19:56:39 GMT
content-type: application/javascript
vary: Origin,accept-encoding
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
cache-control: public, max-age=86400
via: 1.1 0140ca34c2d577c2578595f0c9e0050e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P12
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 lang.png
s.nitropay.com/cmp/ 2 KB
2 KB 47ms
46ms Image
image/png 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://s.nitropay.com/cmp/lang.png

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda5ec1c59939f001bdc15f557f3a905110aac0a60afc5a1eb92d8cdc2d2cbb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=7x+tRA==, md5=ygcqOWX0miwkLEXVNRY6Uw==
cf-cache-status: HIT
etag: "ca072a3965f49a2c242c45d535163a53"
age: 305
x-goog-stored-content-encoding: identity
expires: Wed, 16 Jul 2025 20:23:48 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 1887
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: image/png
last-modified: Fri, 21 Oct 2022 09:20:58 GMT
vary: Accept-Encoding
priority: u=3,i
x-guploader-uploadid: ABgVH88RiPdZfiR98dz3SCHrPfzeB6w-9uztudPw-NNc-cIMoVPIcd1XXNJc5BmvORg29Bj8
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041064b88a690a-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1666344058779792
content-length: 1887
server: cloudflare

GET
H3 200 cancel.png
s.nitropay.com/cmp/ 1 KB
2 KB 45ms
44ms Image
image/png 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://s.nitropay.com/cmp/cancel.png

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89863d0411e5273c7c2befe50bceeab57034e26b5df8751cc13c3bd78c73511d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=QrhBNA==, md5=xwey1QGlO8LGbpjk5cq++w==
cf-cache-status: HIT
etag: "c707b2d501a53bc2c66e98e4e5cabefb"
age: 3250
x-goog-stored-content-encoding: identity
expires: Wed, 16 Jul 2025 19:23:22 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 1302
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: image/png
last-modified: Fri, 21 Oct 2022 09:20:58 GMT
vary: Accept-Encoding
priority: u=3,i
x-guploader-uploadid: ABgVH8-Ev8kcfvFpxWaKhuzsI7IDvK3vo2wn3HJWg_2KrWY8OjpfLLvLJVkwENkDC8iOOSWsJrdurYQ
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041064b88c690a-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1666344058825998
content-length: 1302
server: cloudflare

GET
H3 200 logo.png
s.nitropay.com/cmp/ 3 KB
3 KB 53ms
52ms Image
image/png 104.18.3.78
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://s.nitropay.com/cmp/logo.png

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.3.78 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d8fea63a817b75ec9bfbc153b60b576dd31392e4d2afbec0d83cc813f8aca4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=naGVVg==, md5=lAqluB6Zu7dBSsxHSom62Q==
cf-cache-status: HIT
etag: "940aa5b81e99bbb7414acc474a89bad9"
age: 271
x-goog-stored-content-encoding: identity
expires: Wed, 16 Jul 2025 20:31:54 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 2592
server-timing: cfExtPri
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: image/png
last-modified: Fri, 21 Oct 2022 09:20:58 GMT
vary: Accept-Encoding
priority: u=3,i
x-guploader-uploadid: ABgVH8-mHLaLmzH5eZWgWyDbNuUeOXBoc_g26OHUxOPzUl_fiztvvBd9uT5_q-um5-7peXs_
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 96041064b88d690a-FRA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1666344058842900
content-length: 2592
server: cloudflare

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 67 KB
22 KB 186ms
92ms Script
application/javascript 23.45.96.101
AKAMAI-AS

General

Check archive.org

Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.96.101 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-96-101.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 033873c3e102ae6d955242452bde606a05e65a01f46de358e337f158f43b2666

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

cache-control: max-age=900
content-encoding: gzip
etag: "10ab4-63a0ee37f7c40-gzip"
expires: Wed, 16 Jul 2025 20:11:38 GMT
accept-ranges: bytes
content-length: 21994
date: Wed, 16 Jul 2025 19:56:38 GMT
last-modified: Wed, 16 Jul 2025 17:04:41 GMT
content-type: application/javascript
server: Apache
vary: Accept-Encoding

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 43 KB
13 KB 103ms
33ms Script
text/javascript 65.9.66.68
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-68.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c5fdea6bcb7b7dc4aabe9e409df609b922dde30401ccf5c25f0f384f7e8c43b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"6016bf24a16f4d1d8384c5f7f11c49fb"
age: 71376
via: 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: EK-MEzKg7zOGzGSYrlr0N1lQnBGBC0iDiIvNBNMXIfW5aQL3VsxQ4Q==
date: Wed, 16 Jul 2025 00:07:03 GMT
content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256

GET
H2

200

720 Show response
a.ad.gt/api/v1/u/matches/
Redirect Chain

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2F2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io%2Ftemplates%2Fadtop.html&ref=&_it=amazon&partner_id=720
https://a.ad.gt/api/v1/u/matches/720?_it=nitro

6 KB
3 KB

132ms
40ms

Script
application/javascript

2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/720?_it=nitro
Requested by: Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html
Protocol: H2
Server: 2606:4700:10::ac43:17ea -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8afa8ec524f503c133b679001d75d1ea4a569f165c9a4a268336a61b616304ea

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

cache-control: max-age=7200
content-encoding: gzip
cf-cache-status: HIT
age: 1560
cross-origin-resource-policy: cross-origin
cf-ray: 96041066295b9265-FRA
date: Wed, 16 Jul 2025 19:56:38 GMT
last-modified: Wed, 16 Jul 2025 19:23:46 GMT
content-type: application/javascript
vary: accept-encoding
server: cloudflare

Redirect headers

cf-ray: 960410656b8dbbb9-FRA
location: https://a.ad.gt/api/v1/u/matches/720?_it=nitro
date: Wed, 16 Jul 2025 19:56:38 GMT
vary: accept-encoding
server: cloudflare

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 105 KB
30 KB 104ms
34ms Script
text/javascript 2606:4700:10::ac42:a937
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: 2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac42:a937 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29bae1dcdf00016dc39035e1e58df59d774ca61cb53d1ac62a4c55d07f4cb374

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"ba94621886d32c86f627d4eb456f1aa9"
age: 5
expires: Wed, 16 Jul 2025 20:56:38 GMT
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: text/javascript;charset=utf-8
vary: accept-encoding
last-modified: Mon, 14 Jul 2025 11:37:32 GMT
x-amz-id-2: juxBCX3XljWz1SUDTm7pW5eogf2keYm0gnDjvgSACbqMLy7JuPIZ4yyBHMJKrQdN2Uz8l4vsf9mhoz11tx3+qAZXxvAmh5NK
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
x-amz-request-id: 0BGF3CFP505JKYEW
cf-ray: 960410655fa2a5f9-FRA
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 503 favicon.ico
2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/ 39 KB
39 KB 104ms
104ms Other
text/html 2a00:fb01:400:200:5000:45ff:feb5:f777
EVERYWARE-NET Eve...

General

Check archive.org

Download Go to

Full URL

https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:fb01:400:200:5000:45ff:feb5:f777 , Switzerland, ASN24951 (EVERYWARE-NET EveryWare AG, CH),

Reverse DNS

Software

Resource Hash

4590fedec40512161c719c93090725ce720c6c92819c91f6f2a9752e7b4cbae5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 019814cf-7c11-7223-b6b7-6454c6d9536e
x-ic-canister-id: 2h7ko-mqaaa-aaaad-qf56a-cai
access-control-expose-headers: accept-ranges, content-length, content-range, x-request-id, x-ic-canister-id
access-control-allow-origin: *
content-length: 39773
date: Wed, 16 Jul 2025 19:56:38 GMT
content-type: text/html; charset=utf-8
vary: origin, access-control-request-method, access-control-request-headers

Verdicts & Comments Add Verdict or Comment

166 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nitropay.com/	1970-01-21 06:51:37	Name: __cf_bm Value: 2epo4PKPGkdAthf7tYLi.n8_F2cadvoXtZLjj2qG45E-1752695797-1.0.1.1-3wbWzNHC9byh4n2.Iv8PKkPOCWkHZdBp3mTzDZwo2oGFmbl7HLQXNMQrR9wfo1fVeQ5IVvLHbkwKa2vL0HumGSRRiO6Tak13.zK3bhZPVEA
.icp0.io/	1970-01-21 15:37:11	Name: ncmp.domain Value: icp0.io
2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/	1970-01-21 06:54:28	Name: _lr_geo_location_state Value: 9
2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/	1970-01-21 06:54:28	Name: _lr_geo_location Value: AT

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/templates/adtop.html Message: [GroupMarkerNotSet(crbug.com/242999)!:A0D0000FEC060000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
a.ad.gt
ad-delivery.net
ad.doubleclick.net
ag.dns-finder.com
ats-wrapper.privacymanager.io
btloader.com
c.amazon-adsystem.com
cdn.hadronid.net
cdn.id5-sync.com
config.aps.amazon-adsystem.com
consent.nitrocnct.com
floors.nitropay.com
geo.privacymanager.io
s.nitropay.com
secure.cdn.fastclick.net
t.nit.ro
tags.crwdcntrl.net
104.18.3.78
104.21.16.1
13.32.99.59
13.33.187.36
142.250.186.38
18.173.210.167
23.45.96.101
2606:4700:10::ac42:a937
2606:4700:10::ac43:17ea
2606:4700:10::ac43:246e
2606:4700:10::ac43:293c
2606:4700:10::ac43:b78
2a00:fb01:400:200:5000:45ff:feb5:f777
34.36.200.111
35.244.144.25
65.9.66.68
99.86.4.128
033873c3e102ae6d955242452bde606a05e65a01f46de358e337f158f43b2666
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
215d3fe7ac922d9431d684af3dc94e5810a7aa8685c1df14371c6b0549b778d8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29bae1dcdf00016dc39035e1e58df59d774ca61cb53d1ac62a4c55d07f4cb374
3c8eaa1f8c510af938c52ef9f1a39ec3a75504baf375ee5941cbd0a4e92d8f56
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4590fedec40512161c719c93090725ce720c6c92819c91f6f2a9752e7b4cbae5
5e6a6ee6f0cc012b5b1783d629e8925eeec5f74b23ffc4ce7099cd9e3e524f73
6d313d18773b4665e814f46dfdf164d5cd9aa0814584afbc4853c48661bcdcbd
6d8fea63a817b75ec9bfbc153b60b576dd31392e4d2afbec0d83cc813f8aca4d
861c5c97ffcba20ab6f470ebaa8695cf580a23d327c490ccc230a8cff97eb615
89863d0411e5273c7c2befe50bceeab57034e26b5df8751cc13c3bd78c73511d
8afa8ec524f503c133b679001d75d1ea4a569f165c9a4a268336a61b616304ea
a63b2b0e36917ac85677f057a33ea1714ffc9b70362d799c23f1b9fd007f57c8
afa753c26a86fcd49a7290334c54aaa53291bda9a83d03665f21d75353edd38e
bdefb972e3debe61731be8775ddf7c61f4b9633d5b66d7bfc3610e05f6c38db2
c5fdea6bcb7b7dc4aabe9e409df609b922dde30401ccf5c25f0f384f7e8c43b5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2fde0707869da6380e81bab6740fccdeec3669006a37f22965420a911885b0e
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
daa68ff3788dd57afbe52d408f779a020c5f6b886f2f3fb7a14ada50ebb63d07
e44f6ec86acfe83aca288597bf56662e535055f48fec6083360b1a15d8262499
eda5ec1c59939f001bdc15f557f3a905110aac0a60afc5a1eb92d8cdc2d2cbb5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io 2a00:fb01:400:200:5000:45ff:feb5:f777 Public Scan Open in urlscan Pro

Internal

Effective Hostname

Submitted URL

Effective IP

Summary

urlscan.io Verdict: No classification

Domain & IP information

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

Screenshot Live screenshot Full Image

Page Statistics

27 Requests

96 %HTTPS

35 %IPv6

15 Domains

18 Subdomains

16 IPs

5 Countries

771 kBTransfer

2658 kBSize

4 Cookies

1 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

2h7ko-mqaaa-aaaad-qf56a-cai.icp0.io
2a00:fb01:400:200:5000:45ff:feb5:f777 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

35 %
IPv6

15
Domains

18
Subdomains

16
IPs

5
Countries

771 kB
Transfer

2658 kB
Size

4
Cookies

27 HTTP transactions
0 data transactions