offshoreleaks.icij.org Open in urlscan Pro
18.66.122.89  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 10108577 Show response offshoreleaks.icij.org/nodes/	29 KB 9 KB	629ms 505ms	Document text/html	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 9773b615a309f79a66d39bd7f19c24d785db22cf4565dcdb83d6b56b79766ea1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options ALLOWALL Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=0, private, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 date Thu, 28 Mar 2024 14:15:10 GMT etag W/"9773b615a309f79a66d39bd7f19c24d7" link <https://offshoreleaks.icij.org/sigma/sigma.min.js>; rel=preload; as=script; nopush,<https://offshoreleaks.icij.org/sigma/plugins.min.js>; rel=preload; as=script; nopush,<https://offshoreleaks.icij.org/vite/assets/application-6365212e.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush,<https://offshoreleaks.icij.org/vite/assets/application-e707487e.css>; rel=preload; as=style; nopush,<https://offshoreleaks.icij.org/vite/assets/application-6365212e.js>; rel=modulepreload; as=script; crossorigin=anonymous; nopush,<https://offshoreleaks.icij.org/vite/assets/application-e707487e.css>; rel=preload; as=style; nopush strict-transport-security max-age=31536000 vary Accept-Encoding via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) x-amz-cf-id r_jj8aj0EgPtnR8HbYIwpHVe2BOw4T5h4lOQ2FlReKhAft2peMbg_A== x-amz-cf-pop FRA60-P2 x-cache Miss from cloudfront x-frame-options ALLOWALL x-request-id 40FC58CA_1752_AC14809C_01BB_66057B6E_52A5_361F0 x-runtime 0.170861
GET H2	200	sigma.min.js Show response offshoreleaks.icij.org/sigma/	117 KB 33 KB	47ms 47ms	Script application/javascript	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/sigma/sigma.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 67df3bfcf311d67464bd6bc661cd2426b9177eec0b975bfacc5049be83e6fccb Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 content-encoding gzip via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) date Thu, 28 Mar 2024 14:12:58 GMT last-modified Mon, 15 Jan 2024 15:26:44 GMT x-amz-cf-pop FRA60-P2 age 173 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id -9VVJMI9g9UAmiA5LC4v5kq6q9GF8WIDYoJ0d-RNLiqe_51Lt0nVpA== x-request-id 40FC5909_559E_AC14809C_01BB_65FCEB45_565D_32BA3
GET H2	200	plugins.min.js Show response offshoreleaks.icij.org/sigma/	292 KB 77 KB	47ms 47ms	Script application/javascript	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/sigma/plugins.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash c084454f0d3b52571dc4c02f6b5a7fe3959c035bfaacf353ca5f5fe4896dd22f Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 content-encoding gzip via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) date Thu, 28 Mar 2024 14:02:20 GMT last-modified Mon, 15 Jan 2024 15:26:44 GMT x-amz-cf-pop FRA60-P2 age 823 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id IrBziBIq72_rSw2KaldoVlRwlpVbNQo1RNNyq5xOv9ifNFCOyXXl4Q== x-request-id 40FC5745_1834_AC14809C_01BB_65FCD45A_B15C_32977
GET H2	200	application-6365212e.js Show response offshoreleaks.icij.org/vite/assets/	1 MB 511 KB	122ms 122ms	Script application/javascript	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/vite/assets/application-6365212e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 934a729fbdd3ba048952f71b48182c5cbdb32e752029e52a280cda14d6a9efdf Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer Origin https://offshoreleaks.icij.org accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 content-encoding gzip via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) date Thu, 28 Mar 2024 14:12:58 GMT last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 173 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id 1oK-k7gkAJZHjGFkpN8YyfW75TtkSpn_GJrpwHGvGai0Q4QlR8_X1A== x-request-id 40FC5686_2726_AC14809C_01BB_65FA3B67_64E9_2F24F
GET H2	200	application-e707487e.css offshoreleaks.icij.org/vite/assets/	324 KB 59 KB	117ms 117ms	Stylesheet text/css	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/vite/assets/application-e707487e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash e707487efd98d0c93316c059505fb336806f7cb44a8f3806b2979dfc3c1cfbe7 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 content-encoding gzip via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) date Thu, 28 Mar 2024 14:02:20 GMT last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 823 vary Accept-Encoding x-cache Hit from cloudfront content-type text/css x-amz-cf-id spAhZAbbKbc8BU9Wkmhzer0_5nqmLTyGP6Y036N3r59Z8kWNUMK3MA== x-request-id 40FC5754_FA28_AC14809C_01BB_65FA4174_C981_2F24F
GET H2	200	opencorporates-02eee8e8.png offshoreleaks.icij.org/vite/assets/	20 KB 20 KB	114ms 114ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/opencorporates-02eee8e8.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 02eee8e85eead78cf577b020a5ac4210463d3a466707cd7e650891f950a8af4e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:03:51 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 872 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 20373 x-amz-cf-id ro_amV9q99MtvuT0YE_P_HgbRIJoWOb1d_jC9Yx7i53d8VDTgSStnQ== x-request-id 40FC56A0_445C_AC14809C_01BB_65FCE321_C12C_329AF
GET H2	200	spinner-6847b2b5.gif offshoreleaks.icij.org/vite/assets/	59 KB 59 KB	138ms 138ms	Image image/gif	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/spinner-6847b2b5.gif Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 6847b2b59ba6f3a30775291a4a8170b7e5909494e158b25f05c788e5952f5003 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:12:58 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 229 vary Accept-Encoding x-cache Hit from cloudfront content-type image/gif content-length 60107 x-amz-cf-id o0Ho1XD8GWtylrAwrpzTbAjqhJql7o8-2B6so7xBZJjjfONHxuuSQQ== x-request-id 40FC580F_1FEC_AC14809C_01BB_65FBAC19_9015_2FD7F
GET H2	200	js Show response www.googletagmanager.com/gtag/	301 KB 101 KB	155ms 67ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-PJ4Y19JL7T Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4f7d01c394c45f7efb0d8a0a3f5815bf5173253a9a25390d5307e522d16f3b40 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Mar 2024 14:15:10 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 102736 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 28 Mar 2024 14:15:10 GMT
GET H2	200	font-awesome.min.css maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/	28 KB 7 KB	132ms 49ms	Stylesheet text/css	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/vite/assets/application-e707487e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Mar 2024 14:15:10 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 1053 age 1291336 cdn-cachedat 09/24/2023 10:03:53 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:54 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"89916fa773ce96569604016ef25cab50" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 03c32cd711050016a0af8b6c82d222fb timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 86b83b157cdc9944-FRA cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	11 KB 1 KB	134ms 48ms	Stylesheet text/css	2a00:1450:4001:81c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900 Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/vite/assets/application-e707487e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 14fa9e2dcf11020036faa3a26e24de0fc5c0edc4b34867b7c38b503158bac52c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:15:10 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 28 Mar 2024 13:23:34 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 28 Mar 2024 14:15:10 GMT
GET H3	200	fontawesome-webfont.woff2 maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/	69 KB 70 KB	181ms 84ms	Font font/woff2	104.18.11.207 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1 Requested by Host: maxcdn.bootstrapcdn.com URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css Origin https://offshoreleaks.icij.org accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Mar 2024 14:15:11 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 860 age 10244301 cdn-cachedat 09/10/2023 07:55:34 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 70728 last-modified Mon, 25 Jan 2021 22:04:55 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag "926c93d201fe51c8f351e858468980c3" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 29eebfae98cc0877df15c56761010114 accept-ranges bytes timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 86b83b167e9834bc-WAW cdn-requestpullsuccess True
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	141ms 51ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://offshoreleaks.icij.org accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 25 Mar 2024 20:16:13 GMT x-content-type-options nosniff age 237538 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 25 Mar 2025 20:16:13 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	130ms 41ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://offshoreleaks.icij.org accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 26 Mar 2024 07:44:23 GMT x-content-type-options nosniff age 196248 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 26 Mar 2025 07:44:23 GMT
GET H2	200	KFOlCnqEu92Fr1MmYUtfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 15 KB	121ms 86ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://fonts.googleapis.com/ Origin https://offshoreleaks.icij.org accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 25 Mar 2024 18:30:09 GMT x-content-type-options nosniff age 243902 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15752 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 25 Mar 2025 18:30:09 GMT
GET DATA	200 OK	truncated /	928 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 218b6546e5d2bf4b0aa005d0292436b41a51e7f9e3670b4ae7a4f759534c39f1 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	766 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash de0ce64b00bf216a53bab8ced28ab1af08c8abdb47b7a05de5a7e34845c3841b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	375 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3f1379353012d1865412e24b881c26709507d0a2704c4de2956c17339b8800f5 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	bg_banner-00398e35.png offshoreleaks.icij.org/vite/assets/	437 KB 438 KB	43ms 42ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/bg_banner-00398e35.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/vite/assets/application-e707487e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 00398e350675dbd17f50e8201af6d84ce3771c1e86addbf2d77640ed1f32b153 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/vite/assets/application-e707487e.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:02:21 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 803 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 447476 x-amz-cf-id azrEDPACEpdHoi6LleIS85gm5hsvaT6VwDOkPr6CrXS6Kxs7NHi7UQ== x-request-id 40FC5745_7FF0_AC14809C_01BB_65FCDF19_7982_329AF
GET H2	200	banner_people-6d2850f7.png offshoreleaks.icij.org/vite/assets/	64 KB 64 KB	43ms 42ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/banner_people-6d2850f7.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/vite/assets/application-e707487e.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 6d2850f789d524ff4f0de98e68a57b6a0e15378ad15db4c0a2f0605799b347dc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/vite/assets/application-e707487e.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:06:46 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 648 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 65069 x-amz-cf-id oLQu73aZk5wV635AjrUXvNvsdr8MNFYqtqPuntXuL8VIUFpva5rpdQ== x-request-id 40FC5745_9DEE_AC14809C_01BB_65FCEB79_59DC_32BA3
GET H2	200	power-players.json Show response offshoreleaks.icij.org/	51 KB 12 KB	44ms 43ms	Fetch application/json	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/power-players.json Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/vite/assets/application-6365212e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash abd7997af445bf71f26ac3018c641f2481386083a9eb54ccd4947bc062abcf82 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options ALLOWALL Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-runtime 0.094097 strict-transport-security max-age=31536000 content-encoding gzip via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) date Thu, 28 Mar 2024 14:00:34 GMT x-amz-cf-pop FRA60-P2 age 877 etag W/"abd7997af445bf71f26ac3018c641f24" x-frame-options ALLOWALL vary Accept-Encoding content-type application/json; charset=utf-8 x-cache Hit from cloudfront cache-control max-age=0, private, must-revalidate x-amz-cf-id pw3x76EJ6gAtfOVIf1clUMkz89A6lMC7CsShY7RcGgJeD047COL2mA== x-request-id 40FC58CA_8C1C_AC14809C_01BB_65FBB456_4162_2FDB3
GET BLOB	200 OK	a46b20b0-1a79-4ab6-8451-e5056bd700c9 https://offshoreleaks.icij.org/	12 KB 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://offshoreleaks.icij.org/a46b20b0-1a79-4ab6-8451-e5056bd700c9 Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8e5c1cdd06973103e157ab84fddcede14e3f02a26e8645b88a9bcc87b2dacd65 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Length 12287 Content-Type application/javascript
GET BLOB	200 OK	3cdf4fa9-ef64-42d4-ba20-5a934dce0633 https://offshoreleaks.icij.org/	12 KB 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://offshoreleaks.icij.org/3cdf4fa9-ef64-42d4-ba20-5a934dce0633 Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8e5c1cdd06973103e157ab84fddcede14e3f02a26e8645b88a9bcc87b2dacd65 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Length 12287 Content-Type application/javascript
POST H2	204	collect region1.analytics.google.com/g/	0 250 B	136ms 47ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-PJ4Y19JL7T&gtm=45je43p0v9103967456za200&_p=1711635311011&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=2077819516.1711635311&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1711635311&sct=1&seg=0&dl=https%3A%2F%2Foffshoreleaks.icij.org%2Fnodes%2F10108577&dt=GEORGETOWN%20HOLDINGS%20INC.%20%7C%20ICIJ%20Offshore%20Leaks%20Database&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1120 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-PJ4Y19JL7T Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 28 Mar 2024 14:15:11 GMT server Golfe2 content-type text/plain access-control-allow-origin https://offshoreleaks.icij.org cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 250 B	144ms 48ms	Ping text/plain	2a00:1450:400c:c00::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-PJ4Y19JL7T&cid=2077819516.1711635311&gtm=45je43p0v9103967456za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-PJ4Y19JL7T Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 28 Mar 2024 14:15:11 GMT server Golfe2 content-type text/plain access-control-allow-origin https://offshoreleaks.icij.org cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	191 KB 70 KB	73ms 72ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-3383794-9&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-PJ4Y19JL7T Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ab2eb9e144953a1093e1016615a6eb3e2c2de5576d49c7dc8b4619d788e589b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Mar 2024 14:15:11 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 71192 x-xss-protection 0 last-modified Thu, 28 Mar 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 28 Mar 2024 14:15:11 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	149ms 63ms	Image image/gif	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-PJ4Y19JL7T&cid=2077819516.1711635311&gtm=45je43p0v9103967456za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1730293686 Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 28 Mar 2024 14:15:11 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	11-a17628cc.png offshoreleaks.icij.org/vite/assets/	54 KB 54 KB	48ms 47ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/11-a17628cc.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash a17628cce8f79d49e9276c5fa40aa073342f293ea193d55681fd02fbbdb17f08 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:09:04 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 452 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 55046 x-amz-cf-id XPZGgUb4-idt0MROoySDssLh9OlEyeZoXZx3aN-1XCZHL2R3nOwDPA== x-request-id 40FC5686_3794_AC14809C_01BB_65FA52BD_167B_2F2AD
GET H2	200	39-207487f6.png offshoreleaks.icij.org/vite/assets/	55 KB 56 KB	48ms 47ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/39-207487f6.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 207487f66217e96ab8bf8728220c866cb215bb80326d15907d849cec26a930ce Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:04:59 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 640 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 56540 x-amz-cf-id f0nhF5tdN4L4wIhOlytUEUER0qccAJekZhEMX08Cd7FbGOTFzt4kMQ== x-request-id 40FC59DB_85CA_AC14809C_01BB_65FCD34D_A103_32977
GET H2	200	22-193089ff.png offshoreleaks.icij.org/vite/assets/	56 KB 57 KB	157ms 156ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/22-193089ff.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 193089ff02bc2ff9768d6daddf48693729253fe24e6126b2b1b9fdae320241f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:15:11 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 vary Accept-Encoding x-cache RefreshHit from cloudfront content-type image/png content-length 57633 x-amz-cf-id qpsDRg5RcPyZtvsKFwfbeXp0mIZgiU3enFbSxXLxmREOpBHgmcnSCA== x-request-id 40FC5745_2216_AC14809C_01BB_65FD08D6_7C36_32C2B
GET H2	200	56-10cad74a.png offshoreleaks.icij.org/vite/assets/	47 KB 48 KB	90ms 89ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/56-10cad74a.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 10cad74a375d032d3aab3ce0a233f283daa5e57f1d552bc4a919acc80bb3fa98 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:11:49 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 401 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 48429 x-amz-cf-id hYb0Y7TibiuxzDIUO80G--mX0Kges7a7Uvu1py5RKyLcvtH2zJnsMg== x-request-id 40FC5894_C1C6_AC14809C_01BB_65FA3B68_6500_2F24F
GET H2	200	25-451b03de.png offshoreleaks.icij.org/vite/assets/	46 KB 47 KB	91ms 91ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/25-451b03de.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 451b03de532e1a59ee81824e7d4cb449e8be1ba389d952d3b2ada41ccc3a7297 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:08:42 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 461 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 47348 x-amz-cf-id 5KsGWtJAtAuqw6liCxuicQP8ny8M7XtVSJsa0t-GxXYQfnfuipVUVw== x-request-id 40FC5745_D30E_AC14809C_01BB_65FCE7C7_1CD6_32BA3
GET H2	200	16-348c9774.png offshoreleaks.icij.org/vite/assets/	58 KB 59 KB	90ms 89ms	Image image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://offshoreleaks.icij.org/vite/assets/16-348c9774.png Requested by Host: offshoreleaks.icij.org URL: https://offshoreleaks.icij.org/nodes/10108577 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 348c9774b81f588eba3771ca51f0b3cd73b10e1015218d5dec9a1c87ab0a5f2e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:08:12 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Tue, 06 Feb 2024 16:59:00 GMT x-amz-cf-pop FRA60-P2 age 456 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 59560 x-amz-cf-id RByos03rSqod9CQ282v7t3-Bny_-DSIH5ARSSVjVE0N3yS68WEfW2A== x-request-id 40FC5894_F720_AC14809C_01BB_65FA6498_5B59_2F2E1
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	128ms 40ms	Script text/javascript	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-3383794-9&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 28 Mar 2024 13:48:08 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 1623 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Thu, 28 Mar 2024 15:48:08 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	1 B 211 B	47ms 46ms	XHR text/plain	2a00:1450:4001:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1266607963&t=pageview&_s=1&dl=https%3A%2F%2Foffshoreleaks.icij.org%2Fnodes%2F10108577&ul=en-us&de=UTF-8&dt=GEORGETOWN%20HOLDINGS%20INC.%20%7C%20ICIJ%20Offshore%20Leaks%20Database&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YADAAUABAAAAACAAI~&jid=528928359&gjid=25764011&cid=2077819516.1711635311&tid=UA-3383794-9&_gid=1700132149.1711635311&_r=1&gtm=457e43p0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&npa=1&z=1124107749 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://offshoreleaks.icij.org/ accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 28 Mar 2024 14:15:11 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://offshoreleaks.icij.org cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	favicon-32x32.png offshoreleaks.icij.org/	1 KB 2 KB	41ms 41ms	Other image/png	18.66.122.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offshoreleaks.icij.org/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-89.fra60.r.cloudfront.net Software / Resource Hash 3e5d647a4c4781370f69b9a1a7980426bc7b9f1acc07c33cba0e3d7e81754114 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://offshoreleaks.icij.org/nodes/10108577 accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Thu, 28 Mar 2024 14:03:34 GMT via 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront) last-modified Mon, 15 Jan 2024 15:26:44 GMT x-amz-cf-pop FRA60-P2 age 735 vary Accept-Encoding x-cache Hit from cloudfront content-type image/png content-length 1269 x-amz-cf-id zAeqslh5IdTgn0QfJuL7j2tr3BNpW6Ywvt7R6Vx1l9wTrhzEMn-OTA== x-request-id 40FC566A_966C_AC14809C_01BB_65FA3695_161A_2F24F

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| sigma object| conrad object| gexf function| gtag object| dataLayer object| FontAwesomeConfig object| ___FONT_AWESOME___ object| Rails boolean| _rails_loaded function| $ function| jQuery function| _ function| vueRecaptchaApiLoaded function| loadGraph object| lk object| google_tag_manager object| google_tag_data object| googletag function| onYouTubeIframeAPIReady object| gaGlobal string| GoogleAnalyticsObject function| ga object| gaplugins object| gaData

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.icij.org/	1970-01-21 05:03:15	Name: _ga_PJ4Y19JL7T Value: GS1.1.1711635311.1.0.1711635311.60.0.0
			.icij.org/	1970-01-21 05:03:15	Name: _ga Value: GA1.2.2077819516.1711635311
			.icij.org/	1970-01-20 19:28:41	Name: _gid Value: GA1.2.1700132149.1711635311
			.icij.org/	1970-01-20 19:27:15	Name: _gat_gtag_UA_3383794_9 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
offshoreleaks.icij.org
region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.de
www.googletagmanager.com
104.18.11.207
142.250.186.35
18.66.122.89
2001:4860:4802:32::36
2606:4700::6812:acf
2a00:1450:4001:800::2003
2a00:1450:4001:803::200e
2a00:1450:4001:812::2008
2a00:1450:4001:81c::200a
2a00:1450:400c:c00::9a
00398e350675dbd17f50e8201af6d84ce3771c1e86addbf2d77640ed1f32b153
02eee8e85eead78cf577b020a5ac4210463d3a466707cd7e650891f950a8af4e
10cad74a375d032d3aab3ce0a233f283daa5e57f1d552bc4a919acc80bb3fa98
14fa9e2dcf11020036faa3a26e24de0fc5c0edc4b34867b7c38b503158bac52c
193089ff02bc2ff9768d6daddf48693729253fe24e6126b2b1b9fdae320241f3
207487f66217e96ab8bf8728220c866cb215bb80326d15907d849cec26a930ce
218b6546e5d2bf4b0aa005d0292436b41a51e7f9e3670b4ae7a4f759534c39f1
348c9774b81f588eba3771ca51f0b3cd73b10e1015218d5dec9a1c87ab0a5f2e
3e5d647a4c4781370f69b9a1a7980426bc7b9f1acc07c33cba0e3d7e81754114
3f1379353012d1865412e24b881c26709507d0a2704c4de2956c17339b8800f5
451b03de532e1a59ee81824e7d4cb449e8be1ba389d952d3b2ada41ccc3a7297
4f7d01c394c45f7efb0d8a0a3f5815bf5173253a9a25390d5307e522d16f3b40
67df3bfcf311d67464bd6bc661cd2426b9177eec0b975bfacc5049be83e6fccb
6847b2b59ba6f3a30775291a4a8170b7e5909494e158b25f05c788e5952f5003
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d2850f789d524ff4f0de98e68a57b6a0e15378ad15db4c0a2f0605799b347dc
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
8e5c1cdd06973103e157ab84fddcede14e3f02a26e8645b88a9bcc87b2dacd65
934a729fbdd3ba048952f71b48182c5cbdb32e752029e52a280cda14d6a9efdf
9773b615a309f79a66d39bd7f19c24d785db22cf4565dcdb83d6b56b79766ea1
a17628cce8f79d49e9276c5fa40aa073342f293ea193d55681fd02fbbdb17f08
ab2eb9e144953a1093e1016615a6eb3e2c2de5576d49c7dc8b4619d788e589b9
abd7997af445bf71f26ac3018c641f2481386083a9eb54ccd4947bc062abcf82
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
c084454f0d3b52571dc4c02f6b5a7fe3959c035bfaacf353ca5f5fe4896dd22f
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
de0ce64b00bf216a53bab8ced28ab1af08c8abdb47b7a05de5a7e34845c3841b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e707487efd98d0c93316c059505fb336806f7cb44a8f3806b2979dfc3c1cfbe7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615