www.onscreens.me Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Submission: On October 21 via manual (October 21st 2023, 5:03:06 pm UTC) from HK — Scanned from NL

Summary HTTP 134 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 38 IPs in 5 countries across 43 domains to perform 134 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onscreens.me.
TLS certificate: Issued by E1 on October 13th 2023. Valid for: 3 months.

This is the only time www.onscreens.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 39	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	212.117.190.201 212.117.190.201	7979 (SERVERS-COM) (SERVERS-COM)
1	2600:9000:20b... 2600:9000:20b4:d400:c:dd71:23c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 6	185.94.237.73 185.94.237.73	42567 (MOJHOST-EU) (MOJHOST-EU)
5	2a01:4f8:161:... 2a01:4f8:161:6222::2	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3038::6815:ea82	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:2747	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 13	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
5	45.133.44.52 45.133.44.52	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.133.44.25 45.133.44.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2606:4700:303... 2606:4700:3031::6815:ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.133.44.53 45.133.44.53	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	157.90.84.242 157.90.84.242	24940 (HETZNER-AS) (HETZNER-AS)
1	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
2 5	2606:4700::68... 2606:4700::6812:6528	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:486... 2001:4860:4860::8844	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:813::200d	15169 (GOOGLE) (GOOGLE)
4	2a01:4f8:e0:1... 2a01:4f8:e0:19cb::1	24940 (HETZNER-AS) (HETZNER-AS)
1	168.119.25.102 168.119.25.102	24940 (HETZNER-AS) (HETZNER-AS)
5	205.185.216.42 205.185.216.42	20446 (STACKPATH...) (STACKPATH-CDN)
5	2606:4700::68... 2606:4700::6810:5d2a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:ca04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3036::6815:b61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	88.212.202.52 88.212.202.52	39134 (UNITEDNET) (UNITEDNET)
2	2606:4700:303... 2606:4700:3034::ac43:aba9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	78.47.199.210 78.47.199.210	24940 (HETZNER-AS) (HETZNER-AS)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	174.137.133.17 174.137.133.17	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
134	38

39 2a06:98c1:3121::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.onscreens.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
video.q34r.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
marazma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xml.popmansion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 212.117.190.201 (Luxembourg, Luxembourg)

ASN7979 (SERVERS-COM, US)

pasbstbovc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20b4:d400:c:dd71:23c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.juicyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.237.73 (Netherlands) 1 redirects

ASN42567 (MOJHOST-EU, NL)

poweredby.jads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a01:4f8:161:6222::2 (Berlin, Germany)

ASN24940 (HETZNER-AS, DE)

blow.week1time.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3038::6815:ea82 (United States)

ASN13335 (CLOUDFLARENET, US)

statistic.satiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:2747 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.tapioni.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:6b8::1:119 (Ulyanovsk, Russian Federation) 4 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpadmngr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.capndr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.wpushsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

commentsmodule.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

na.nawpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:ae (United States)

ASN13335 (CLOUDFLARENET, US)

storage.multstorage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

0348649925.e36e2058e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.84.242 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.84.90.157.clients.your-server.de

fp.metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

ads.juicyads.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:6528 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

chaturbate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4860::8844 (United States)

ASN15169 (GOOGLE, US)

dns.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200d (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:e0:19cb::1 (Germany)

ASN24940 (HETZNER-AS, DE)

cc363782e3.03a17e7986.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.25.102 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.102.25.119.168.clients.your-server.de

nereserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

i.jads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:5d2a (United States)

ASN13335 (CLOUDFLARENET, US)

static-assets.highwebmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:ca04 (United States)

ASN13335 (CLOUDFLARENET, US)

nr.static.mmcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nr.mmcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:b61 (United States)

ASN13335 (CLOUDFLARENET, US)

sadjklq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.202.52 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host152.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::ac43:aba9 (United States)

ASN13335 (CLOUDFLARENET, US)

videocdnmetrika.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.47.199.210 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.210.199.47.78.clients.your-server.de

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.137.133.17 (United States)

ASN27257 (WEBAIR-INTERNET, US)

xml.xmlwiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xml.poprtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	onscreens.me www.onscreens.me	143 KB
17	q34r.org video.q34r.org	134 KB
11	jads.co 1 redirects poweredby.jads.co — Cisco Umbrella Rank: 26789 i.jads.co — Cisco Umbrella Rank: 62227	850 KB
7	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 7957	4 KB
6	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 3539	140 KB
5	highwebmedia.com static-assets.highwebmedia.com — Cisco Umbrella Rank: 15158	75 KB
5	chaturbate.com 2 redirects chaturbate.com — Cisco Umbrella Rank: 12343	34 KB
5	gstatic.com fonts.gstatic.com	101 KB
5	week1time.com blow.week1time.com	107 KB
4	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 31021	4 KB
4	03a17e7986.com cc363782e3.03a17e7986.com	3 KB
4	unpkg.com unpkg.com — Cisco Umbrella Rank: 1102	64 KB
3	mmcdn.com nr.static.mmcdn.com nr.mmcdn.com	30 KB
3	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 32	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	227 KB
3	pasbstbovc.com pasbstbovc.com — Cisco Umbrella Rank: 910632	34 KB
2	popmansion.com 1 redirects xml.popmansion.com — Cisco Umbrella Rank: 149005	915 B
2	marazma.com 1 redirects marazma.com — Cisco Umbrella Rank: 168548	899 B
2	videocdnmetrika.com videocdnmetrika.com — Cisco Umbrella Rank: 113545	2 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 10154	1 KB
2	dns.google dns.google — Cisco Umbrella Rank: 943	702 B
2	metricswpsh.com fp.metricswpsh.com — Cisco Umbrella Rank: 31505	435 B
2	capndr.com js.capndr.com — Cisco Umbrella Rank: 29445	24 KB
2	wpadmngr.com js.wpadmngr.com — Cisco Umbrella Rank: 13730	50 KB
2	satiq.net statistic.satiq.net	22 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	2 KB
1	poprtb.com xml.poprtb.com — Cisco Umbrella Rank: 128955	165 B
1	xmlwiz.com xml.xmlwiz.com — Cisco Umbrella Rank: 109884	165 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 373	86 KB
1	sadjklq.com sadjklq.com — Cisco Umbrella Rank: 128837	1 KB
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 45	5 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108	50 KB
1	nereserv.com nereserv.com — Cisco Umbrella Rank: 29651	201 B
1	juicyads.me ads.juicyads.me — Cisco Umbrella Rank: 129780	284 KB
1	wpushsdk.com js.wpushsdk.com — Cisco Umbrella Rank: 50816	128 KB
1	e36e2058e8.com 0348649925.e36e2058e8.com	207 B
1	multstorage.com storage.multstorage.com — Cisco Umbrella Rank: 26003	905 B
1	nawpush.com na.nawpush.com — Cisco Umbrella Rank: 39253	2 KB
1	commentsmodule.com commentsmodule.com — Cisco Umbrella Rank: 93625
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2250	255 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 250	6 KB
1	tapioni.com cdn.tapioni.com — Cisco Umbrella Rank: 49106	1 KB
1	juicyads.com js.juicyads.com — Cisco Umbrella Rank: 42759	94 KB
134	43

	Domain	Requested by
18	www.onscreens.me	www.onscreens.me
17	video.q34r.org	www.onscreens.me video.q34r.org unpkg.com
7	mc.yandex.com	2 redirects www.onscreens.me video.q34r.org mc.yandex.ru
6	mc.yandex.ru	2 redirects www.onscreens.me video.q34r.org videocdnmetrika.com
6	poweredby.jads.co	1 redirects www.onscreens.me poweredby.jads.co
5	static-assets.highwebmedia.com	chaturbate.com static-assets.highwebmedia.com
5	i.jads.co	poweredby.jads.co
5	chaturbate.com	2 redirects poweredby.jads.co chaturbate.com
5	fonts.gstatic.com	fonts.googleapis.com
5	blow.week1time.com	www.onscreens.me blow.week1time.com
4	static.bookmsg.com	www.onscreens.me
4	cc363782e3.03a17e7986.com	js.wpushsdk.com www.onscreens.me
4	unpkg.com	video.q34r.org
3	accounts.google.com	2 redirects www.onscreens.me
3	www.googletagmanager.com	www.onscreens.me www.googletagmanager.com chaturbate.com
3	pasbstbovc.com	www.onscreens.me pasbstbovc.com
2	xml.popmansion.com	1 redirects video.q34r.org
2	marazma.com	1 redirects video.q34r.org
2	videocdnmetrika.com	sadjklq.com videocdnmetrika.com
2	counter.yadro.ru	1 redirects video.q34r.org
2	nr.mmcdn.com	chaturbate.com
2	dns.google	video.q34r.org
2	fp.metricswpsh.com	js.wpadmngr.com
2	js.capndr.com	js.wpadmngr.com
2	js.wpadmngr.com	cdnjs.cloudflare.com js.wpadmngr.com
2	statistic.satiq.net	www.onscreens.me statistic.satiq.net
2	fonts.googleapis.com	www.onscreens.me video.q34r.org
1	xml.poprtb.com
1	xml.xmlwiz.com
1	cdn.jsdelivr.net	videocdnmetrika.com
1	sadjklq.com	video.q34r.org
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	nr.static.mmcdn.com	chaturbate.com
1	pagead2.googlesyndication.com	video.q34r.org
1	nereserv.com	js.wpushsdk.com
1	ads.juicyads.me	poweredby.jads.co
1	js.wpushsdk.com	js.wpadmngr.com
1	0348649925.e36e2058e8.com	js.wpadmngr.com
1	storage.multstorage.com	js.wpadmngr.com
1	na.nawpush.com	js.wpadmngr.com
1	commentsmodule.com	video.q34r.org
1	region1.google-analytics.com	www.googletagmanager.com
1	cdnjs.cloudflare.com	blow.week1time.com
1	cdn.tapioni.com	blow.week1time.com
1	js.juicyads.com	www.onscreens.me
134	45

This site contains links to these domains. Also see Links.

Domain
theporndude.com
bongacams.com
t.me
ddownload.com
www.amateurshouse.com

Subject Issuer	Validity	Valid
onscreens.me E1	`2023-10-13` - `2024-01-11`	3 months	crt.sh
Buypass Class 2 CA 5	`2023-05-31` - `2023-11-26`	6 months	crt.sh
*.juicyads.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-12` - `2024-06-11`	a year	crt.sh
analdinall.com R3	`2023-09-04` - `2023-12-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
q34r.org GTS CA 1P5	`2023-08-31` - `2023-11-29`	3 months	crt.sh
satiq.net GTS CA 1P5	`2023-10-12` - `2024-01-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.jads.co Sectigo RSA Domain Validation Secure Server CA	`2022-12-26` - `2024-01-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-08-30` - `2024-08-29`	a year	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
js.wpadmngr.com R3	`2023-09-13` - `2023-12-12`	3 months	crt.sh
commentsmodule.com GTS CA 1P5	`2023-10-12` - `2024-01-10`	3 months	crt.sh
na.nawpush.com R3	`2023-09-30` - `2023-12-29`	3 months	crt.sh
js.capndr.com R3	`2023-08-23` - `2023-11-21`	3 months	crt.sh
multstorage.com GTS CA 1P5	`2023-09-22` - `2023-12-21`	3 months	crt.sh
0348649925.e36e2058e8.com R3	`2023-10-18` - `2024-01-16`	3 months	crt.sh
js.wpushsdk.com R3	`2023-09-14` - `2023-12-13`	3 months	crt.sh
notification.tubecup.net R3	`2023-10-16` - `2024-01-14`	3 months	crt.sh
*.juicyads.me Sectigo RSA Domain Validation Secure Server CA	`2023-05-12` - `2024-05-24`	a year	crt.sh
*.highwebmedia.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2023-09-30` - `2024-10-09`	a year	crt.sh
dns.google GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
03a17e7986.com R3	`2023-10-18` - `2024-01-16`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.mmcdn.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
sadjklq.com GTS CA 1P5	`2023-09-24` - `2023-12-23`	3 months	crt.sh
videocdnmetrika.com GTS CA 1P5	`2023-09-28` - `2023-12-27`	3 months	crt.sh
bookmsg.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.marazma.com GTS CA 1P5	`2023-09-30` - `2023-12-29`	3 months	crt.sh
popmansion.com E1	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.xmlwiz.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-05` - `2024-09-05`	a year	crt.sh
*.poprtb.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-27` - `2024-07-26`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Frame ID: 9902354FF6EA6377056C38B7EB8A56A1
Requests: 59 HTTP requests in this frame

Frame: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Frame ID: 032F58045669DEE018A4660A1C00FAC3
Requests: 34 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000494
Frame ID: C9A592FED3A0CBFA6ACAFC77BBB76F89
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000494
Frame ID: 8F851CD82F34A591320D317667052385
Requests: 2 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1005493
Frame ID: 1AD1809001CCB66ADF63E2A96E3F46AF
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1005493
Frame ID: 3B95BA7C9F8D6F17D8B966064750D3EA
Requests: 3 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000493
Frame ID: 6E5774729759268014AEE371A5DF6C4E
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000493
Frame ID: 71A8780138AA4BC39AE57524E2E0DF21
Requests: 2 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000049
Frame ID: 8C7B09A19A6A60B1EE10ED038A27CA49
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=1000049
Frame ID: E7B2E24BDEE6BA92AD20183433CB4E09
Requests: 3 HTTP requests in this frame

Frame: https://storage.multstorage.com/log/count.html
Frame ID: 112C1ACE775531B532FF6E0226136651
Requests: 1 HTTP requests in this frame

Frame: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0
Frame ID: 3F9AEB9BAAA99282A765E4C2142CB6D4
Requests: 10 HTTP requests in this frame

Frame: https://chaturbate.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js
Frame ID: FDAED6ACD20D6A73A7B95B7403C36B35
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231017/r20190131/zrt_lookup.html?hello=world
Frame ID: FCC52FEB1C9EA237510B6C3F20C4D28D
Requests: 1 HTTP requests in this frame

Frame: https://videocdnmetrika.com/f.php?sid=212040
Frame ID: 7421A7005F3B468BFDD7053BEEA2013A
Requests: 5 HTTP requests in this frame

Frame: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=38&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&cpa=1c9ef2c0-3850-4f46-8869-8de50e0c83a2
Frame ID: 5BBF499A3CD2DBEC2DB0CC9E86891616
Requests: 2 HTTP requests in this frame

Frame: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
Frame ID: B8F24FD9590F7EC0744FEFEA85799F27
Requests: 2 HTTP requests in this frame

Frame: https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092
Frame ID: 24266F45BFC076A936AC68C55B0B194D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

_yuki: 新人？ほんとに？www チケットショーは気まぐれ開催♬ / 09/27/2023, 15:56:04 - stripchat - ONScreens.me

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

134
Requests

90 %
HTTPS

68 %
IPv6

43
Domains

45
Subdomains

38
IPs

5
Countries

2704 kB
Transfer

5315 kB
Size

53
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://theporndude.com/
Title: ThePornDude

Search URL Search Domain Scan URL

URL: https://bongacams.com/
Title: Live Porn Cams

Search URL Search Domain Scan URL

URL: https://t.me/+qa6AVJcnAak2M2Zh
Title: Click to join our telegram group to get notification for latest videos of hottest girls recorded

Search URL Search Domain Scan URL

URL: https://ddownload.com/free300353.html

Search URL Search Domain Scan URL

URL: https://ddownload.com/zpl0sp0yylhn/2023.09.27_14.02.54___yuki.mp4
Title: ddownload Download File 1 2023.09.27_14.02.54___yuki.mp4

Search URL Search Domain Scan URL

URL: https://www.amateurshouse.com/
Title: RealLifeCam Voyeur Free Videos

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://poweredby.jads.co/js/jads.js HTTP 301
https://poweredby.jads.co/js/jads2.js

Request Chain 69

https://chaturbate.com/in/?track=lstlbmescreeons&tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1 HTTP 302
https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Request Chain 70

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10163.JXd52u012a7sWWAJUsn16hIShYfk9t4HM07OexjIee4Kwk_zGTWPqrRfFX9WRUux.PLZn8YbGfC4imr3idBZhbuINiDU%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10163.2CFR4t05jHCKqaL4-k46Y1f9PjRrmcRjDY2sWzSn4lERbIae6VlDG7HnmsUAfAQCN2-XcH2bJyEwJ1dlzQHQ-yM9f-34p_CqIs9spavYzKpVfeOZSNEOc8FcbXjv_HI-DC-I1FbZaKIj-rISILDtFy5Cdqhx26hq5knvw5Dood49kt9IPZhtDnoDXrKCHZHOxCGoRgt51MrCPiAE3FeVR_7sXHUqB1w3efRsvHDMxos%2C.K0wsxcujlZO2zRh_FSzzaQCG1IE%2C

Request Chain 73

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxFeQsnGG3PwHkPry_PS9zRam5Isy3bsM8aOV3048ZIj7Vg04lItadFfkVtw13SsTL5-qMi HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw12wGEr3osqRSki80_zMtJ4Cwf2nmHEO_vizZYCCw0fRxGmlX-x90IGx1NWFHRuyrdSsM_pg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S571321991%3A1697907781298392&theme=glif

Request Chain 78

https://mc.yandex.com/watch/86516845?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhayg6jvevqcsa7rv%3Afp%3A414%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A1041052663306%3Ahid%3A829532024%3Az%3A120%3Ai%3A20231021190301%3Aet%3A1697907781%3Ac%3A1%3Arn%3A1057243103%3Arqn%3A1%3Au%3A1697907781509982295%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C57%2C64%2C1%2C%2C0%2C%2C363%2C2%2C%2C%2C%2C506%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907779910%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697907781%3At%3A_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/86516845/1?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhayg6jvevqcsa7rv%3Afp%3A414%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A1041052663306%3Ahid%3A829532024%3Az%3A120%3Ai%3A20231021190301%3Aet%3A1697907781%3Ac%3A1%3Arn%3A1057243103%3Arqn%3A1%3Au%3A1697907781509982295%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C57%2C64%2C1%2C%2C0%2C%2C363%2C2%2C%2C%2C%2C506%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907779910%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697907781%3At%3A_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Request Chain 93

https://chaturbate.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://chaturbate.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js

Request Chain 114

https://counter.yadro.ru/hit?rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI6MWMwMzo6OQ%3D%3D;0.45281294859222987 HTTP 302
https://counter.yadro.ru/hit?q;rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI6MWMwMzo6OQ%3D%3D;0.45281294859222987

Request Chain 128

https://mc.yandex.ru/watch/90175160?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhchtfcedhsff42qn%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A474108378081%3Ahid%3A666199240%3Az%3A120%3Ai%3A20231021190302%3Aet%3A1697907783%3Ac%3A1%3Arn%3A112455856%3Arqn%3A1%3Au%3A1697907783644683904%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C56%2C126%2C1%2C0%2C0%2C%2C33%2C0%2C%2C%2C%2C240%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907782214%3Arqnl%3A1%3Ast%3A1697907783%3At%3A&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.ru/watch/90175160/1?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhchtfcedhsff42qn%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A474108378081%3Ahid%3A666199240%3Az%3A120%3Ai%3A20231021190302%3Aet%3A1697907783%3Ac%3A1%3Arn%3A112455856%3Arqn%3A1%3Au%3A1697907783644683904%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C56%2C126%2C1%2C0%2C0%2C%2C33%2C0%2C%2C%2C%2C240%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907782214%3Arqnl%3A1%3Ast%3A1697907783%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Request Chain 131

https://xml.popmansion.com/load HTTP 302
https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092

Request Chain 132

https://marazma.com/load HTTP 302
https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420

134 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request _yuki-www-09-27-2023-15-56-04-stripchat Show response
www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/ 42 KB
12 KB 142ms
64ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d3a96f72fc5651a73af0b87aad70c2cab19fd08b8654f7a59b8f6d410fbd323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=7776000
cf-cache-status: HIT
cf-ray: 819b12490bd76724-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:00 GMT
expect-ct: max-age=86400, enforce
expires: Fri, 19 Jan 2024 15:37:24 GMT
last-modified: Sat, 21 Oct 2023 15:37:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xq95HlsNkrBbdNtOT4PskpEFVTpgyUZrUkvD0t3MwbyvKR7NP40Td7Qy7GzviCGLaFpZgQsoRx2JFWASmm%2BzzRBw3z3yOMpaZMrebj%2BG3Tcl4q9KPPcFkBDK5H40yLRDqgFIa%2BQFXWjx27HDK2sy"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-page-cache-status: MISS
x-xss-protection: 1; mode=block

GET
H2 200 2257.43eefc83.css
www.onscreens.me/_astro/ 36 KB
7 KB 39ms
37ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/2257.43eefc83.css

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e957ad826b3692f0701ee735e55e436839885f1b0f577e8a8dd6d3c34837eb22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5882
cf-polished: origSize=37189
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 12:45:35 GMT
server: cloudflare
etag: W/"9145-18a74d38d51"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59r2LZZWH9SwpBqyK0R16WfOyLolxKIpmEaErk4iJnK%2BS0m2RUXp0f2t9ZRiNbE1OxMZjQOf%2B9cKy3oQd5LE7br%2F0RyLsI2XioylEJwHBVBIaokcwB980qR%2FlWEFBDKZTdk5VzwnonfROdnwrTMn"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12497c446724-AMS
expires: Fri, 19 Jan 2024 14:12:34 GMT

GET
H2 200 9bebb836.js Show response
pasbstbovc.com/t/9/fret/meow4/1949468/ 84 KB
33 KB 121ms
50ms Script
application/javascript 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://pasbstbovc.com/t/9/fret/meow4/1949468/9bebb836.js
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: fe96f13702d4d2a958955b174dc5655f7dcecbae9107dd0d7e9ea4c2a698c494

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
last-modified: Thu, 19 Oct 2023 14:15:51 GMT
server: nginx
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
etag: W/"65313a17-151c8"
vary: Accept-Encoding
content-type: application/javascript
x-js-ab2: current
timing-allow-origin: *

GET
H2 200 jp.php Show response
js.juicyads.com/ 93 KB
94 KB 109ms
31ms Script
application/javascript 2600:9000:20b4:d400:c:dd71:23c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.juicyads.com/jp.php?c=34a4z203x264u4q2w294z27494&u=https%3A%2F%2Fwww.liquidfire.mobi%2Fredirect%3Fsl%3D16%26t%3Ddr%26track%3D155685_280900%26siteid%3D280900
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20b4:d400:c:dd71:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ba98564a72c214676c22b506599d2b06ff16308d66c43d1426f88c6c6443b38c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: cache
date: Sat, 21 Oct 2023 16:57:06 GMT
via: 1.1 b6b3214c2f1500227643824508cb5d1c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: AMS58-P4
age: 354
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=900
x-amz-cf-id: 37IEMeqx6MUAyRH21KqlfH92_3VygSV770YRJhNGuLxVSz3ET-r4QQ==
expires: Sat, 21 Oct 2023 17:12:06 GMT

GET
H2 200 PD-head.886a05e5.svg
www.onscreens.me/_astro/ 20 KB
7 KB 36ms
35ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onscreens.me/_astro/PD-head.886a05e5.svg

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

886a05e55a7a865cdba97de94ba28d3922411bcbb543896412c4de4ceeef4967

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3941
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Sep 2023 12:45:35 GMT
server: cloudflare
etag: W/"4e0b-18a74d38d51"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rC4iOmPTwzYW2T0iQPje96kkTOSIYkfqpLtsYgKCITXDMGtgiO2bQccGIA4TM0ZeEnwHIGz7ISAoecpeiiZYaigB5vSpvuTGD64Lbg6agWIQApZMKvOnpizUWn%2F6g8Htnsz9buLm%2Fhs3g%2BIvKd8"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12497c456724-AMS
expires: Fri, 19 Jan 2024 14:38:37 GMT

GET
H2 200 bongacams.3ca8e7c2.svg
www.onscreens.me/_astro/ 1 KB
1 KB 37ms
36ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onscreens.me/_astro/bongacams.3ca8e7c2.svg

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca8e7c2187c7f9ba24c81efcf46e857f5947124a273bf63b60a5b76288fe5f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5882
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Sep 2023 12:45:35 GMT
server: cloudflare
etag: W/"5bf-18a74d38d51"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6%2B%2FVzmBiIk1Ian4bY%2FJ3pGMFqN6mP7v3N6LrlU2QJ3mRs1moiN0NE52a57jUIjySbVUpcx60m9hQKOu%2F5X1OAGUhaJRop9tEiEmvC1qnmzQ7ZW3%2FJXnpjDAEsK2qkDugQa55dCN%2BcFHMXzNb5to"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12497c4a6724-AMS
expires: Fri, 19 Jan 2024 14:12:35 GMT

GET
H2 200 onscreens.me.ff611eda.svg
www.onscreens.me/_astro/ 6 KB
3 KB 37ms
35ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onscreens.me/_astro/onscreens.me.ff611eda.svg

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff611edaa01dda0db86a5c9fd58932ce19a86b81c4d497c6a06e9c99c9323014

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5882
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Sep 2023 12:45:35 GMT
server: cloudflare
etag: W/"1938-18a74d38d51"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sa0jFMLN3Zo5QkCpICuyVM%2BiK2iZpO2P4wjx7ycsGORD4JHzn%2FhjFUMnHI7%2BiJVlMBqVSr64UHxrEx5of6R%2BSyHZJaBm%2FEeuRVqwL%2BKydrIy72EJAVb0hJqEos5I6qWaJs0SKSj%2FDpmfmUV%2FjjSb"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12499c756724-AMS
expires: Fri, 19 Jan 2024 14:03:50 GMT

GET
H2 200 onscreens.me-dark.dcbf5dfb.svg
www.onscreens.me/_astro/ 6 KB
3 KB 37ms
36ms Image
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onscreens.me/_astro/onscreens.me-dark.dcbf5dfb.svg

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcbf5dfb00d36ef58a8a55590c47336218a98b18afaa8644c52cb4b2803eb6ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2165
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Sep 2023 12:45:35 GMT
server: cloudflare
etag: W/"1938-18a74d38d51"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0YmfN%2Fg9NKlZn2KJL4Ot3vwOYhGwa4sw7qKIp5rDfjad5w7KjClLEWcjBB5cM4dLZco%2BFW9N8UqhTSSRwhUJUIoLo6o20nugjHPYB6AWsRtcV%2FP%2ButVY5pEPMInk49vKKpph4WNPaIVXI191NyL"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12499c776724-AMS
expires: Fri, 19 Jan 2024 15:42:32 GMT

GET
H/1.1

200
OK

jads2.js Show response
poweredby.jads.co/js/
Redirect Chain

https://poweredby.jads.co/js/jads.js
https://poweredby.jads.co/js/jads2.js

4 KB
2 KB

75ms
25ms

Script
application/x-javascript

185.94.237.73
MOJHOST-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://poweredby.jads.co/js/jads2.js
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: HTTP/1.1
Server: 185.94.237.73 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 20 Sep 2023 21:26:09 GMT
Server: nginx
ETag: W/"650b6371-eae"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Connection: close

Redirect headers

Location: jads2.js
Date: Sat, 21 Oct 2023 17:03:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H2 200 statistics.js Show response
www.onscreens.me/js/ 368 B
611 B 35ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/js/statistics.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08eb57c6f0f295475b2e10544d8cfc9bc69a5d354d3e59f7a15b838536c92125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1220398
cf-polished: origSize=519
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Tue, 08 Aug 2023 20:41:19 GMT
server: cloudflare
etag: W/"207-189d6e1f569"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zvu3mvC9%2BuqkXQ%2FWWffIRGgsrT2sgw3sNF0Cme2NA3uGZu%2F0dofypah9r14%2BFeMBOGubaQOIaWMLdxNUMzD4H6xNLSZFjQLcqicjgMwnEozj5W6lNT6UyxcXJeC6YZBoapZly8Pg4UodHiM5NMc3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12499c796724-AMS
expires: Thu, 16 Nov 2023 19:05:20 GMT

GET
H2 200 st2.js Show response
www.onscreens.me/js/ 337 B
590 B 38ms
36ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/js/st2.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff548f546eb7b4719d103206b80b1ddfcf0dacdf8a97c81b00c147ecd0ec2d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1190873
cf-polished: origSize=409
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Tue, 08 Aug 2023 20:41:19 GMT
server: cloudflare
etag: W/"199-189d6e1f569"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FOvsS9TWRef1mOgymk6RLLwwUuLkQAwv4lMz9XmrjOgL2IeU24GjVqD2Pjt6sFjmwEMayQQIxqnul2WvJr4aMu9DvmHrur0Yts%2BxC8LkuzJRezB8e2ZkwV70CaXk9ey410rgkgynGBheFA%2FO1R0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b12499c7a6724-AMS
expires: Thu, 09 Nov 2023 09:58:16 GMT

GET
H2 200 dY5uaQ5.js Show response
blow.week1time.com/ 214 KB
67 KB 244ms
138ms Script
application/javascript 2a01:4f8:161:6222::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blow.week1time.com/dY5uaQ5.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4f8:161:6222::2 Berlin, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

3ee6f2be8010f039a09e2a91ec6505c08deb2284c3c7056318ebf05161b56640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 273
content-length: 67935
last-modified: Wed, 06 Sep 2023 11:56:24 GMT
server: nginx
etag: "64f868e8-1095f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 802691980fbebbb6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 4aJcfA0.js Show response
blow.week1time.com/ 122 KB
38 KB 152ms
46ms Script
application/javascript 2a01:4f8:161:6222::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blow.week1time.com/4aJcfA0.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a01:4f8:161:6222::2 Berlin, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

70ec15772848f7f7e583b72cc7ef14556887851ddaf76d6ed3b7bc7228235f11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 83
content-length: 38407
last-modified: Wed, 06 Sep 2023 11:56:24 GMT
server: nginx
etag: "64f868e8-9607"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 80268d01089f69a3-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 13 KB
1 KB 130ms
55ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+Mono&family=Noto+Sans:wght@300;400;500;700&display=swap

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/_astro/2257.43eefc83.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00f7435a8720af9bcd4a05598ee3393543655992ab98c98cdf8e1029520b3fc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 21 Oct 2023 17:03:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 21 Oct 2023 17:03:00 GMT

POST
H2 200 solid.gif
pasbstbovc.com/ 43 B
654 B 28ms
28ms Ping
image/gif 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://pasbstbovc.com/solid.gif?z=1949468&nojs=0&abvar=0&febuild=1.0.165&t=0&wcks=1&wgl=1&cnvs=1&os=-120&ss=1&ls=1&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&ix=0&x=1600&y=1200&md=0&cid=6022248595242496&eclog=0&sp=1&im=1
Requested by: Host: pasbstbovc.com
URL: https://pasbstbovc.com/t/9/fret/meow4/1949468/9bebb836.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
x-route-id: stats.tag.loaded
server: nginx
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
H2 200 azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09 Show response
video.q34r.org/e/ Frame 032F 53 KB
15 KB 139ms
57ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4187a399501e7b0a7d42e5400231c7f676605a9cb566a3447e98a97a1639a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 819b124b5a900c38-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 21 Oct 2023 17:03:00 GMT
link: <//video.q34r.org>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//wss.commentsmodule.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//a.labadena.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLEJ2BsD0ke5EgUOgGH%2BD8ZwT6hRMIzmfM8jIFbDiUTixlsUtv2TH1cJVjV7jJK5QAU4Vxs0ZjfJa8aVYIsp8TCX8IcgS5PkQm016tckFo4Q40LVts2VpNmxMUqqWb4BlTv9a2D9QmpNzvu%2F6A%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache-status-inferno: MISS
x-content-type-options: nosniff
x-inferno-limit-req: PASSED
x-inferno-location: player
x-origin-location: player
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-xss-protection: 1; mode=block;

GET
H2 200 matomo.js Show response
statistic.satiq.net/ 64 KB
22 KB 112ms
39ms Script
application/javascript 2606:4700:3038::6815:ea82
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://statistic.satiq.net/matomo.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/js/statistics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3038::6815:ea82 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78c25da6082dd620e0fe7f12d7ef6e3c6015304575d9ced465b4e84e15a7d82a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 916
cf-polished: origSize=65842
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 12 Jun 2023 09:55:19 GMT
server: cloudflare
etag: W/"6486eb87-10132"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgE326JFhi8vEJWgdFokX5PW%2FSiO7gAFYD8rE4Tt7arhMFnWvteR%2BCixRMYCe0a71rSYSsKy%2BHdeG3Krs4OTNzSDzKYSMugcqVapVwqqulDwis1WziCsyeCD3kGKschGEjH0I7jSBsbb7xjvD7rrbfAD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 819b124b4997660c-AMS

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
65 KB 204ms
76ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NX9QCCZ

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/js/st2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca4242c1d40c29fce3614de0e47f1fc54fc4a37fc81fe2b8d14ce44d07e2f6d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65797
x-xss-protection: 0
last-modified: Sat, 21 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 21 Oct 2023 17:03:00 GMT

GET
H2 200 1949468 Show response
pasbstbovc.com/get/ 37 B
697 B 27ms
27ms Script
text/javascript 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://pasbstbovc.com/get/1949468?zoneid=1949468&jp=_cll369t7aqowdlt50xymjo&nojs=0&abvar=0&febuild=1.0.165&t=0&wcks=1&wgl=1&cnvs=1&os=-120&ss=1&ls=1&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&ix=0&x=1600&y=1200&md=0&cid=6022248595242496&eclog=0&sp=1&im=1
Requested by: Host: pasbstbovc.com
URL: https://pasbstbovc.com/t/9/fret/meow4/1949468/9bebb836.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: c94588c2c490281057748a6bc21191dae810fb22ce8cc638b5e3fc7d390eb165

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
server: nginx
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
vary: Accept-Encoding
content-type: text/javascript
x-route-id: config
timing-allow-origin: *

GET
H2 200 o-0NIpQlx3QUlC5A4PNjFhdVZNyB.woff2
fonts.gstatic.com/s/notosans/v32/ 14 KB
15 KB 183ms
58ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v32/o-0NIpQlx3QUlC5A4PNjFhdVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+Mono&family=Noto+Sans:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72b7b42dc1fe022438e97d26a6e9e979ba233d5c6760f54843d666392a73d05b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 21:41:40 GMT
x-content-type-options: nosniff
age: 156080
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14472
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 20:55:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 21:41:40 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v32/ 14 KB
14 KB 196ms
73ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v32/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+Mono&family=Noto+Sans:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 21:05:27 GMT
x-content-type-options: nosniff
age: 158253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14256
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 20:55:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 21:05:27 GMT

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v32/ 14 KB
14 KB 244ms
121ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v32/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+Mono&family=Noto+Sans:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 21:05:27 GMT
x-content-type-options: nosniff
age: 158253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14100
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 20:55:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 21:05:27 GMT

GET
H2 200 BngrUXNETWXI6LwhGYvaxZikqZqK6fBq6kPvUce2oAZcdthSBUsYck4-_FNJ093dVQ.woff2
fonts.gstatic.com/s/notosansmono/v29/ 11 KB
11 KB 262ms
139ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansmono/v29/BngrUXNETWXI6LwhGYvaxZikqZqK6fBq6kPvUce2oAZcdthSBUsYck4-_FNJ093dVQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+Mono&family=Noto+Sans:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90d2dbafea80be38fb370ea9fd7f808e0f6d7ffabfe52ccd8832d8a693d8f077

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 20:58:58 GMT
x-content-type-options: nosniff
age: 158642
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11044
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:26:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 20:58:58 GMT

GET adshow.php
poweredby.jads.co/ Frame C9A5 0
0

GET
H/1.1 200
OK adshow.php Show response
poweredby.jads.co/ Frame 8F85 4 KB
3 KB 1276ms
1225ms Document
text/html 185.94.237.73
MOJHOST-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://poweredby.jads.co/adshow.php?adzone=1000494
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.94.237.73 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software: nginx / PHP/5.6.40
Resource Hash: 77d5d8f9e2e98948910b42cfff6db2091dc2a449747f882e8fc7169add6a30c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Oct 2023 17:03:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

GET adshow.php
poweredby.jads.co/ Frame 1AD1 0
0

GET
H/1.1 200
OK adshow.php Show response
poweredby.jads.co/ Frame 3B95 5 KB
3 KB 1349ms
1299ms Document
text/html 185.94.237.73
MOJHOST-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://poweredby.jads.co/adshow.php?adzone=1005493
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.94.237.73 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software: nginx / PHP/5.6.40
Resource Hash: bc0b356fa010a7d5a85e9b2145a06aec803ece1ecadaf04bf8d4c9a7c5df32c6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Oct 2023 17:03:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

GET adshow.php
poweredby.jads.co/ Frame 6E57 0
0

GET
H/1.1 200
OK adshow.php Show response
poweredby.jads.co/ Frame 71A8 4 KB
2 KB 656ms
609ms Document
text/html 185.94.237.73
MOJHOST-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://poweredby.jads.co/adshow.php?adzone=1000493
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.94.237.73 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software: nginx / PHP/5.6.40
Resource Hash: 4e349f220da64c8a38290c30a8c8522c62dfacee604fb74f9fe1e93fbca1965b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Oct 2023 17:03:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

GET adshow.php
poweredby.jads.co/ Frame 8C7B 0
0

GET
H/1.1 200
OK adshow.php Show response
poweredby.jads.co/ Frame E7B2 4 KB
3 KB 1046ms
1001ms Document
text/html 185.94.237.73
MOJHOST-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://poweredby.jads.co/adshow.php?adzone=1000049
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.94.237.73 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software: nginx / PHP/5.6.40
Resource Hash: 3e3613bb05365d85c84573745f11c8f089bdfc4c05e39ef8cd3f7869ca897a31

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 21 Oct 2023 17:03:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

GET
H3 200 _image
www.onscreens.me/ 34 KB
34 KB 34ms
34ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onscreens.me/_image?f=png&w=728&h=90&href=%2F_astro%2Fdd_728-90.d9b8cbcb.png

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19a8fd22e72dbac7ced6d9f448c8948ac8a4b57f8c3d7b25cc2fc635a5b8bd4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4336
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: "rtdbd9kbwp6n"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PT3kKcOWpc8r%2FUw%2Fe3s3deUk%2FJlXTZh6gSYL%2FaPoCMRNynlkyEU0vTgdh%2B4X%2FLAgAlDS8DOnHJ8Irk%2Bn0eX8oXXfONd4rzYcLabs7sLxxOJNNTykp0tSnKjPEXPzsspdQclBqBp6chgfHbPptgbS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124b0d6d06de-AMS
expires: Fri, 19 Jan 2024 15:45:05 GMT

GET
H3 200 SideNav.99a43f27.js Show response
www.onscreens.me/_astro/ 2 KB
2 KB 76ms
75ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/SideNav.99a43f27.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

815f8c4dddb2982aacba1ae02e2a1a6996f9ee725576726f76fb31c884913161

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3743124
cf-polished: origSize=2492
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"9bc-18a74044435"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFXyZB4zspsn98WpZWl69ISs1xO1Gh08doe%2BWyWyHn%2BoklXfRfPWqpODAm8Iogjtz4GigUW8k8j07qxqi4OhDIOYEcVUfQnGa%2BU5vhjPCYB028iaKNfZjQQpSO%2FHVw7vfsqS5PpnMrQRb0gOtyps"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124b1d7b06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 client.8fabec1d.js Show response
www.onscreens.me/_astro/ 131 KB
44 KB 76ms
75ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/client.8fabec1d.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

355c9fd38e576a44e1c1daa77282798e9666491b13db20c7710e68e5a3f635c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3743124
cf-polished: origSize=134749
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"20e5d-18a74044435"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6q9qIQUQtfxcwOj2gUSswR9pFHz%2Bo49FfGmt%2FmwYZ9WHce42HKVExXjCgGtfe5JRs%2FbZNkwp4%2BvnG0oZ%2ByR8j%2BgDVCOXFfk%2FNMSzkXWyx7Of%2BQaP1HtFPUyDY3ygt%2FgNnpBtesKAT1YzQUinb5wH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124b1d7d06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 SearchMenu.491a00fb.js Show response
www.onscreens.me/_astro/ 47 KB
16 KB 101ms
100ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/SearchMenu.491a00fb.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d56b44fa60c6d62f3bb170fb7c12120242c60c3fef165a48ef56e92fb6d93c9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1669460
cf-polished: origSize=47774
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"ba9e-18a74044435"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91WEEhmw%2F9AZMcp2WRpPgvF8o%2F0UE1Om1Bo3buUlAFXs9upBqLh%2B6fjmdQHoAuMF3D2R%2BNZkvBHD4jIJ2oqNkf5ADErPe1WG%2FXXF0KuKKXFAbqMsua1Geg9FLNoF77Bzv5dHCY2Zu9EdLo9uvMoB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124b1d7e06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 ThemeToggleButton.a092c3b5.js Show response
www.onscreens.me/_astro/ 1 KB
1 KB 101ms
101ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/ThemeToggleButton.a092c3b5.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

016bf7afa7b45740d3cd25ade334276169d8dd2d459afb8a1a67d4d771d307ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1671453
cf-polished: origSize=1072
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"430-18a74044431"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6k4Gy8uV67g3NZyDoRhx9T%2Fo2Sie2d1B8eSdkFM9ELWnyWjxGLSYW8j1DtrqRWAbEr5sNAidZjuGu7%2BjWKMo8ek7leelz5aVySYKZKHGRuzx9begfaDeuadM5fguf75pQdQjLMOcb7FDfkf8fj3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124b1d7f06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H2 200 adgpt.js Show response
cdn.tapioni.com/ 2 KB
1 KB 113ms
36ms Script
application/javascript 2606:4700:10::6816:2747
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tapioni.com/adgpt.js
Requested by: Host: blow.week1time.com
URL: https://blow.week1time.com/dY5uaQ5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2747 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f593c7c1aa7170f83a3c07bf697c32101ae890535628f3ff0698ad7d1e0202f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 06 Sep 2023 11:56:24 GMT
server: cloudflare
age: 1228487
etag: "64f868e8-32b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 819b124bfb056718-AMS
content-length: 811
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 412125 Show response
blow.week1time.com/api/settings/ 33 B
211 B 138ms
45ms Fetch
application/json 2a01:4f8:161:6222::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://blow.week1time.com/api/settings/412125
Requested by: Host: blow.week1time.com
URL: https://blow.week1time.com/dY5uaQ5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a01:4f8:161:6222::2 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 72d79d0ad9a70ef53c1bab65c588d44bffb1a1b5aba0eb2f9f6a886c4c3aec4f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: private
x-robots-tag: noindex, nofollow

GET
H2 200 419320 Show response
blow.week1time.com/api/spots/ 2 KB
1 KB 49ms
49ms Script
text/javascript 2a01:4f8:161:6222::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://blow.week1time.com/api/spots/419320?s1=%25subid1%25
Requested by: Host: blow.week1time.com
URL: https://blow.week1time.com/4aJcfA0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a01:4f8:161:6222::2 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 3d599136c14c20ba202ccab6ae3e283af8ce4460437f1123012139d7f4f839e5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
cache-control: private
content-encoding: gzip
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H3 200 index.98a5280d.js Show response
www.onscreens.me/_astro/ 7 KB
4 KB 35ms
35ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/index.98a5280d.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9dee2c201bbdca906df7b78f5a751226a214b320c7abc2cea98c75438d1ca1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/_astro/SideNav.99a43f27.js
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3743123
cf-polished: origSize=7673
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"1df9-18a74044435"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dzQbdPDAY9vK78yrIJd677zkqbTZt7S1dehB5p9NOgrHiJzq6wVZJc2Use9DkNiiChIDkYMwq5w1pS1FihtwYmfNPTH2zDaAGex3iNREcqOB310ovfcdcNncS%2FfQPBq1h%2Fncv3dKS3wGqa7hpanQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124bbe3d06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 index.92deaa45.js Show response
www.onscreens.me/_astro/ 6 KB
3 KB 37ms
37ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/index.92deaa45.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbe25559d199e42b282f71901fc6bc50f332c100a69ca73bc7ebb23b9a435887

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/_astro/SideNav.99a43f27.js
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1667161
cf-polished: origSize=6168
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"1818-18a74044431"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQDph52u4o6kM5PP4D0IAXEGXJjVn%2FRyhduPfVF%2BSlLG1WZdpVgQlHF8XFt4ljpyI6i3iI75BMLycHpVL0Yh4waogh7i%2BoUn0ZSHoCWwQ4kwYsCo4l30IHQWg1GhLkTJK73tIpN1De09l24ld57J"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124bbe4006de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 jsx-runtime.5d92eaf2.js Show response
www.onscreens.me/_astro/ 669 B
1 KB 36ms
35ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/jsx-runtime.5d92eaf2.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

609b1c7f21ddfdec0c7a96665df51237e8725f1374bbe440edb39a96c0a6c7f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/_astro/SideNav.99a43f27.js
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1671453
cf-polished: origSize=918
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"396-18a74044435"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJODOT%2Fwzn5gCKv0y0H3VgwePikuK94T4XHux94s2F2V75dTZBF9ZQhgddvwTITuN4n0ox0dNY7yC7TOLG%2BhG09MRHhwG%2BPEsLLSIYWVKsGb%2BhLWQiLYVoqDAfwwUM%2Bq7igZOgBp7RzPRfpA97Ld"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124bbe4606de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 index.c0181419.js Show response
www.onscreens.me/_astro/ 6 KB
2 KB 51ms
50ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/index.c0181419.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76dd38660db62e5420ed80d199ae6483edf4fa505c5420ae7303f657f09e591b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/_astro/SideNav.99a43f27.js
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3743123
cf-polished: origSize=6630
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"19e6-18a74044431"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlCxHRcIGl9Eaht5QCfXyvfesBARTn49KcTvF9g0RuWkGSeNxasHt8NAKbpm%2FmTLDiC4dnlAu%2Bgqj3Y1IZL2OluCe%2BuAh2Me6aNY4MwhQ44R32xNKFoSC2B00FXFW4Vhbzvb0WiEfY0WuXeWckc4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124bbe4906de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

POST
H2 204 matomo.php
statistic.satiq.net/ 0
0 72ms
71ms Ping
text/html 2606:4700:3038::6815:ea82
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://statistic.satiq.net/matomo.php?action_name=_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&idsite=8&rec=1&r=240332&h=19&m=3&s=0&url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&_id=25c19485a162b3aa&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=I2tXH1&pf_net=78&pf_srv=63&pf_tfr=2&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by: Host: statistic.satiq.net
URL: https://statistic.satiq.net/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:ea82 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

GET
H2 200 websocket_ip.min.js Show response
video.q34r.org/js/ Frame 032F 5 KB
2 KB 35ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/websocket_ip.min.js
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 419b600e2a3d2523ed458633a946a9a07fcf046077f0ea79f3e435f154f04ee7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 3514687
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Fri, 20 Jan 2023 13:44:36 GMT
server: cloudflare
etag: W/"63ca9ac4-121c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8mfHz%2BPPTMUUtnK1Rsa1Eg8Z2M2xBAQgYZ%2FM3Mk2e8Zu0s2WuowXcsmzliXzIfApYyuFvs12mfK3Uys9i%2Bo5Aul82X1UQPsIiXpZWKq9%2BQ2Y801vlEqhsPuWzvCn4vGimtzWMMmUwdIh2u3hA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b124bdafc0c38-AMS

GET
H3 200 index.bed0fc7e.js Show response
www.onscreens.me/_astro/ 2 KB
1 KB 36ms
36ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onscreens.me/_astro/index.bed0fc7e.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc7801416721837530e3c244fea19d26ccce918bac6c22842515ff8f72849533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onscreens.me/_astro/ThemeToggleButton.a092c3b5.js
Origin: https://www.onscreens.me
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3743123
cf-polished: origSize=1622
x-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 08:59:11 GMT
server: cloudflare
etag: W/"656-18a74044431"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uEF150vX6ivqd%2BJ7%2FAVoAo%2FAJLmT2yPx8CCX37EgGSfUg5cuIH6UR2h%2FEIL70PZe4GGMeIBA1YcN095GtclKyZAXejHDOXxvJnnemTwzPr5NS0Uc2vXGXt4f3H1VL%2BbsO4cmNyjDClSg9MhxshTj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
x-frame-options: SAMEORIGIN
cache-control: max-age=7776000, public
cf-ray: 819b124bde7a06de-AMS
expires: Thu, 07 Dec 2023 09:00:30 GMT

GET
H3 200 email-decode.min.js Show response
video.q34r.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ Frame 032F 1 KB
1 KB 28ms
28ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://video.q34r.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2023 11:32:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"652d1f47-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EmnIBfieiOmsOSNxXJ%2FY2LRfgeakQLb%2BOdFaJHe%2Fs4m5xSb12Es%2Fr%2F3VFH9b0ggytc%2FAFcun6wBwm0V54Ai1QCjwnrS9g%2Fhoft4CqdXO4InWx41vU8EyDozdoy3lOMGWrdsFbeOjruVGzqvU9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 819b124c5b430b85-AMS
expires: Mon, 23 Oct 2023 17:03:00 GMT

GET
H2 200 postscribe.min.js Show response
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/ 17 KB
6 KB 87ms
32ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js

Requested by

Host: blow.week1time.com
URL: https://blow.week1time.com/4aJcfA0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1205477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5117
last-modified: Mon, 04 May 2020 16:15:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03faa-45f4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRMECS%2BjZRs9dGVtvbgt8nKz9gSHIaEOcQGGRLt97qFJEenJv5sVjsLaLblfFli8bhMBTzdX6BYnHUvZ3B53V9j9DiW9xpDVbXvcT0c1bGy6cjUlfNqaoZltBKfL%2BOE4CjLoZzfRiQN9atxNXM6QOcHt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 819b124cbfe70b60-AMS
expires: Thu, 10 Oct 2024 17:03:00 GMT

GET
H2 200 jquery.min.js Show response
unpkg.com/jquery@2.2.4/dist/ Frame 032F 84 KB
31 KB 95ms
39ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/jquery@2.2.4/dist/jquery.min.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1230589
last-modified: Fri, 20 May 2016 17:24:42 GMT
fly-request-id: 01HC4XEQYDSB16TVMNJM5WPYR0-ams
server: cloudflare
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 819b124cea270b70-AMS

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 199 KB
69 KB 315ms
175ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

7a900ef99c0d027e9586048adc3e61588a1bbc73a946a8e32b6dc77c209e7526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 20 Oct 2023 11:55:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65326ac9-1117c"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 70012
expires: Sat, 21 Oct 2023 18:03:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 239 KB
83 KB 70ms
69ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LCHG5KSTPG&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NX9QCCZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79f018851896dc4c668eb8ec7cf285efe4c02a5b298d6a41999fb86806e1584a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85282
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 21 Oct 2023 17:03:00 GMT

GET
H2 200 adManager.js Show response
js.wpadmngr.com/static/ 1 KB
967 B 93ms
26ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/static/adManager.js
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b237083e67179afdc93e88f8031ab4b71d265053137aca578b2344508f9d2f7d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 17:08:00 GMT
date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
last-modified: Thu, 14 Sep 2023 10:06:58 GMT
server: nginx/1.18.0
etag: W/"6502db42-598"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 jquery.cookie.js Show response
unpkg.com/jquery.cookie@1.4.1/ Frame 032F 3 KB
1 KB 39ms
38ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 17730825
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
fly-request-id: 01GWS5KG571E6PT921EMP2VYPD-ams
server: cloudflare
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 819b124d4aaa0b70-AMS

GET
H3 200 d_check.js Show response
video.q34r.org/js/ Frame 032F 3 KB
2 KB 43ms
42ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/d_check.js?35
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88e33d38aa577708d4cb0230edfddbbc348ed7dd6af3224797bee28eae0f2c7a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1200875
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Sun, 01 Oct 2023 06:10:30 GMT
server: cloudflare
etag: W/"65190d56-d80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zAhcblF4V%2FfGfEHcFrhKJ7qE7BJpm18gchliMTUTG6q28A5PIvkjOECQB9cY5yw17Fm%2BxQJqgvaebA%2F04zMKWjdnwbaA1KVvWMJKBDmHbcsYNNa0loRQUDdYdCdiRGYkSgK3KtmjhgWODqVnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b124d8cae0b85-AMS

GET
H2 200 adManager.m.js Show response
js.wpadmngr.com/static/ 158 KB
49 KB 35ms
35ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/static/adManager.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: dd9b0ebe20068962ae3e34820ae54ec25d48ac54e31114865d02ea8df342b365

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 17:08:00 GMT
date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
last-modified: Tue, 17 Oct 2023 13:51:31 GMT
server: nginx/1.18.0
etag: W/"652e9163-27726"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 94ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-LCHG5KSTPG&gtm=45je3ai0&_p=1244058812&cid=1214627659.1697907781&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697907780&sct=1&seg=0&dl=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&dt=_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LCHG5KSTPG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.onscreens.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 js.load.1.js
commentsmodule.com/js/ Frame 032F 5 KB
0 111ms
35ms Fetch
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://commentsmodule.com/js/js.load.1.js?1050631816413516

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
referrer-policy: same-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgZLja4fz9opLTXfSU5KOM0wwq6IvBN4Hko%2FODxDbq0erknXNPTmelXPsu6C%2Fo5HZ4BZ3NMmb5wjAuElrap%2BnycPJyB4Jpqm0rn5nTHS%2Fwwxh%2FjfVGZHH%2FULbcFq5S3ymzth%2Fabc%2F2Rez4NV7EzLKsE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 819b124e4bc40b46-AMS
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 embed.229.js Show response
video.q34r.org/js/ Frame 032F 168 KB
41 KB 37ms
36ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/embed.229.js?736
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcc8ce9811f88009783b34ee73ff5314ce760e0c611c2aaf5c4ef65961b0813e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: br
x-cache-status-inferno-s: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 794847
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Thu, 12 Oct 2023 12:13:26 GMT
server: cloudflare
etag: W/"6527e2e6-2a0e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8nsWWrlOc6MA5Y2CGG6zpphwa27PEg%2Fv5PBY8ZTlrEvB%2FnVABethx3aKr2HqTTT%2F47QAumeeKJa6EAjtjlM%2B9CxRVYHF4xRriVIAl%2BTfNa98WT8U0tpvSZClRh0GyXPJ%2FubYn6u%2Ff1NRSqUIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b124ddd190b85-AMS

GET
H2 200 59917 Show response
na.nawpush.com/tags/ 2 KB
2 KB 118ms
58ms XHR
application/json 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://na.nawpush.com/tags/59917?version_name=d
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 8253842a9198fae5e595ebd897f2341d67806760426ae9549632d3772b75886c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 21 Oct 2023 17:03:00 GMT
cache-control: max-age=300, public
content-type: application/json
server: nginx/1.18.0
x-proxy-cache: EXPIRED

GET
H2 200 advertising.js Show response
js.capndr.com/ 0
238 B 85ms
27ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.capndr.com/advertising.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 17:08:00 GMT
date: Sat, 21 Oct 2023 17:03:00 GMT
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
server: nginx/1.18.0
etag: "64b105fd-0"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 0
x-proxy-cache: HIT

GET popunder.js
video.q34r.org/ad/top/ Frame 032F 0
0

GET embed_player.php
video.q34r.org/player/ Frame 032F 0
0

GET
H3 200 embed_player.php Show response
video.q34r.org/player/ Frame 032F 49 KB
15 KB 352ms
351ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa8f18e359ca1be76e4574189e0a4c515660854f4acdeb99fbc905058d779e04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

Referer: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 819b124e8e150b85-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 21 Oct 2023 17:03:01 GMT
link: <//video.q34r.org>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//wss.commentsmodule.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//a.labadena.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2B96lPo3eEY%2B6aWvbQHMvMSB8ruxfRsqoOSUGkhNg7ClH5PtO1uAQQpSR3MPyjhSycf4wbQx9AsA2YOgtYOoUJUL0UlRK4ok6T9QvgGutFcWh4dEcEy9LcSW2Gzo%2F%2B%2BLlBf9N6sWXLIcbmMShg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache-status-inferno: MISS
x-content-type-options: nosniff
x-inferno-limit-req: DELAYED
x-inferno-location: player
x-origin-location: player
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-xss-protection: 1; mode=block;

GET
H2 200 count.html Show response
storage.multstorage.com/log/ Frame 112C 882 B
905 B 108ms
34ms Document
text/html 2606:4700:3031::6815:ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.multstorage.com/log/count.html
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 819b124f7b876674-AMS
content-encoding: br
content-type: text/html
date: Sat, 21 Oct 2023 17:03:01 GMT
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRySfGrpjMX4l3fIr1wMUBfuMQCqq%2FoU3X6zRno8w2YTGIqW7pWhm%2BQAaG8BHljCEWAtasYpLKGB6Ad4tDkJ%2F9t2zkDmqSEAiT46RRQPR4NdF3e%2F661DYdeaFxOEJNDyHrhoYRjKLj2MHodGabFev7z4OePLVg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-request-id: d66e5eb7af0e40a556699d6cf1dba9a3

GET
H2 200 track Show response
0348649925.e36e2058e8.com/in/ 0
207 B 146ms
77ms XHR
text/plain 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://0348649925.e36e2058e8.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTk4MDk3NzAwODkwNjcxNTAwMCIsInRpbWV6b25lIjoyLCJ2ZXIiOiIzLjg0LjEiLCJ0YWdfaWQiOjU5OTE3LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjE2MDB4MTIwMCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiRXVyb3BlL0Ftc3RlcmRhbSIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJfeXVraSUyQyVFNiU5NiVCMCVFNCVCQSVCQSVFRiVCQyU5RiVFMyU4MSVCQiVFMyU4MiU5MyVFMyU4MSVBOCVFMyU4MSVBQiVFRiVCQyU5Rnd3dyUyQyVFMyU4MyU4MSVFMyU4MiVCMSVFMyU4MyU4MyVFMyU4MyU4OCVFMyU4MiVCNyVFMyU4MyVBNyVFMyU4MyVCQyVFMyU4MSVBRiVFNiVCMCU5NyVFMyU4MSVCRSVFMyU4MSU5MCVFMyU4MiU4QyVFOSU5NiU4QiVFNSU4MiVBQyVFMiU5OSVBQyUyQzA5JTJGMjclMkYyMDIzJTJDMTUlM0E1NiUzQTA0JTJDc3RyaXBjaGF0JTJDT05TY3JlZW5zLm1lJTJDV2F0Y2glMkNvbmxpbmUlMkNvciUyQ2Rvd25sb2FkJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDJTJDX195dWtpJTJDYWRkaXRpb25hbCUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQ3ZpZGVvcyUyQ290aGVyJTJDdGhhbiUyQyUyMiVFNiU5NiVCMCVFNCVCQSVCQSVFRiVCQyU5RiVFMyU4MSVCQiVFMyU4MiU5MyVFMyU4MSVBOCVFMyU4MSVBQiVFRiVCQyU5Rnd3dyUyQyVFMyU4MyU4MSVFMyU4MiVCMSVFMyU4MyU4MyVFMyU4MyU4OCVFMyU4MiVCNyVFMyU4MyVBNyVFMyU4MyVCQyVFMyU4MSVBRiVFNiVCMCU5NyVFMyU4MSVCRSVFMyU4MSU5MCVFMyU4MiU4QyVFOSU5NiU4QiVFNSU4MiVBQyVFMiU5OSVBQyUyMiUyQ3JlY29yZGVkJTJDb24lMkMwOSUyRjI3JTJGMjAyMyUyQzE1JTNBNTYlM0EwNCUyQ2Jyb2FkY2FzdGluZyUyQ3dhbmtpbmclMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkMlMkNzZXh5JTJDd2ViY2FtJTJDb24lMkNzdHJpcGNoYXQlMkNmdWNraW5nJTJDc3F1aXJ0aW5nJTJDYW5kJTJDZmluZ2VyaW5nJTJDbGl2ZSUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQyUyQ29ubHklMkNvbiUyQ29uc2NyZWVucy5tZSJ9
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:01 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 build.m.js Show response
js.capndr.com/popunder-admanager/ 84 KB
24 KB 35ms
35ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.capndr.com/popunder-admanager/build.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: f8558d66b06920086101af9cd668583799844d74a2c7552da9d2d984a6e890b4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 17:08:00 GMT
date: Sat, 21 Oct 2023 17:03:00 GMT
content-encoding: gzip
last-modified: Fri, 20 Oct 2023 15:11:23 GMT
server: nginx/1.18.0
etag: W/"6532989b-14eea"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 npush.m.js Show response
js.wpushsdk.com/npc/sdk/wpu/ 511 KB
128 KB 112ms
49ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: be14aa895e5fef6b240ad7bd81a624b522f8cf7b971125896da0bc86dfc81fb9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 17:08:01 GMT
date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: gzip
last-modified: Thu, 19 Oct 2023 12:32:08 GMT
server: nginx/1.18.0
etag: W/"653121c8-7fcb7"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

OPTIONS
H/1.1 204
No Content fp
fp.metricswpsh.com/ Frame 0
0 155ms
46ms Preflight 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=59917
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.onscreens.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.onscreens.me
Connection: keep-alive
Date: Sat, 21 Oct 2023 17:03:01 GMT
Server: nginx/1.20.1
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H/1.1 200
OK fp Show response
fp.metricswpsh.com/ 58 B
435 B 229ms
134ms XHR
application/json 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=59917
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: ae68a5f388382cffaf3dd88f9ce6df05cd065703af5070c562c49315db212d1f

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Server: nginx/1.20.1
Vary: Origin
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://www.onscreens.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 58

GET
H/1.1 200
OK ad1490192-1530569409.gif
ads.juicyads.me/ads/user57648/ Frame 71A8 284 KB
284 KB 133ms
27ms Image
image/gif 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.juicyads.me/ads/user57648/ad1490192-1530569409.gif
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000493
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 005839f2a9f773c412f6910ff21281f934d1d9c9509cd9c170f72f2bee5f43ef

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Mon, 02 Jul 2018 22:10:09 GMT
ETag: "1530569409"
X-HW: 1697907781.dop240.am5.t,1697907781.cds235.am5.shn,1697907781.dop240.am5.t,1697907781.cds308.am5.c
Content-Type: image/gif
Cache-Control: max-age=31291328
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 290776

GET
H2

200

/ Show response
chaturbate.com/tours/3/ Frame 3F9A
Redirect Chain

https://chaturbate.com/in/?track=lstlbmescreeons&tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1
https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

60 KB
25 KB

207ms
207ms

Document
text/html

2606:4700::6812:6528
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Requested by

Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000493

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6528 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a6b32d018ecfb1ce1dcf97a6bdefe64b3bfc801023f0fb004d0a4caf639ae68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.mmcdn.com https://.static.mmcdn.com https://.highwebmedia.com https://.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://.mmcdn.com https://.highwebmedia.com https://.stream.highwebmedia.com https://.chaturbate.com https://chaturbate.com https://.google-analytics.com https://.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://.mmcdn.com https://.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://.mmcdn.com wss://.mmcdn.com wss://.mmcdn.com:8443 https://.highwebmedia.com wss://.highwebmedia.com wss://.highwebmedia.com:8443 https://.nr-data.net https://.chaturbate.com https://chaturbate.com https://.google-analytics.com https://analytics.google.com https://.analytics.google.com https://.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com ; media-src 'self' https://.mmcdn.com https://.highwebmedia.com https://.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://.mmcdn.com https://.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://.mmcdn.com https://.chaturbate.com https://chaturbate.com https://.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://.web.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://.chaturbate.com https://chaturbate.com https://.stream.highwebmedia.com https://.wnu.com https://wnu.com https://devportal.cb.dev https://.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce

Request headers

Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 819b125098e35c4d-AMS
content-encoding: br
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.static.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://*.web.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:01 GMT
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Language, Cookie
via: 1.1 google
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 819b124f9faa5c4d-AMS
content-language: en
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.static.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://*.web.cb.dev ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:01 GMT
location: /tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0
nel: {"report_to":"default","max_age":2592000,"include_subdomains":true}
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Language, Cookie
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10163.JXd52u012a7sWWAJUsn16hIShYfk9t4HM07OexjIee4Kwk_zGTWPqrRfFX9WRUux.PLZn8YbGfC4imr3idBZhbuINiDU%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10163.2CFR4t05jHCKqaL4-k46Y1f9PjRrmcRjDY2sWzSn4lERbIae6VlDG7HnmsUAfAQCN2-XcH2bJyEwJ1dlzQHQ-yM9f-34p_CqIs9spavYzKpVfeOZSNEOc8FcbXjv_HI-DC-I1FbZaK...

43 B
673 B

71ms
70ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10163.2CFR4t05jHCKqaL4-k46Y1f9PjRrmcRjDY2sWzSn4lERbIae6VlDG7HnmsUAfAQCN2-XcH2bJyEwJ1dlzQHQ-yM9f-34p_CqIs9spavYzKpVfeOZSNEOc8FcbXjv_HI-DC-I1FbZaKIj-rISILDtFy5Cdqhx26hq5knvw5Dood49kt9IPZhtDnoDXrKCHZHOxCGoRgt51MrCPiAE3FeVR_7sXHUqB1w3efRsvHDMxos%2C.K0wsxcujlZO2zRh_FSzzaQCG1IE%2C

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10163.2CFR4t05jHCKqaL4-k46Y1f9PjRrmcRjDY2sWzSn4lERbIae6VlDG7HnmsUAfAQCN2-XcH2bJyEwJ1dlzQHQ-yM9f-34p_CqIs9spavYzKpVfeOZSNEOc8FcbXjv_HI-DC-I1FbZaKIj-rISILDtFy5Cdqhx26hq5knvw5Dood49kt9IPZhtDnoDXrKCHZHOxCGoRgt51MrCPiAE3FeVR_7sXHUqB1w3efRsvHDMxos%2C.K0wsxcujlZO2zRh_FSzzaQCG1IE%2C
date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
496 B 86ms
85ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 20 Oct 2023 11:55:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65326ac9-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 21 Oct 2023 18:03:01 GMT

GET
H2 200 resolve Show response
dns.google/ Frame 032F 226 B
457 B 110ms
31ms Fetch
application/json 2001:4860:4860::8844
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dns.google/resolve?name=140.150.204.31.in-addr.arpa&type=PTR&cd=true

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4860::8844 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

85bb62d7584c39e71e42e5ebeeb58926e01124f4b8b8a9c877642fe831e289c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 21 Oct 2023 17:03:01 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
expires: Sat, 21 Oct 2023 17:03:01 GMT

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxFeQsnGG3PwHkPry_PS9zRam5Isy3bsM8aOV3048ZIj7Vg04lItadFf...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw12wGEr3osqRSki80_zMtJ4Cwf2nmHEO_vizZYCCw0fRxGmlX-x90IGx1NWFHRuyrdSsM_pg&passive...

0
0

59ms
58ms

Image
text/html

2a00:1450:4001:813::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw12wGEr3osqRSki80_zMtJ4Cwf2nmHEO_vizZYCCw0fRxGmlX-x90IGx1NWFHRuyrdSsM_pg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S571321991%3A1697907781298392&theme=glif
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Server: 2a00:1450:4001:813::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Redirect headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-51G_Jon5HZCbqXDc9hbSlA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 404
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw12wGEr3osqRSki80_zMtJ4Cwf2nmHEO_vizZYCCw0fRxGmlX-x90IGx1NWFHRuyrdSsM_pg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S571321991%3A1697907781298392&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 multy
cc363782e3.03a17e7986.com/in/ Frame 0
0 187ms
50ms Preflight 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cc363782e3.03a17e7986.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.onscreens.me
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Sat, 21 Oct 2023 17:03:01 GMT
pragma: no-cache
server: nginx/1.18.0
vary: Origin

GET
H2 200 dip Show response
nereserv.com/in/ 0
201 B 904ms
698ms XHR
text/plain 168.119.25.102
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?site=native-push&wl=1&event_id=540d4546-601b-4c9d-a570-2eb34c99c10f&subid=483020946&sid=1323989015&spot_id=293804&created_at=2023-10-21&timezone=2&ver=8.108.0&is_native=1
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 168.119.25.102 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.102.25.119.168.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

POST
H2 200 multy Show response
cc363782e3.03a17e7986.com/in/ 27 KB
3 KB 1015ms
1014ms XHR
application/json 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cc363782e3.03a17e7986.com/in/multy
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 02db30904abc09aeb7ba2a0fa29f91a43bbfdbde2e7e9141cf3163b6fa11f5ca

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
content-encoding: gzip
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 2536

GET
H3 200 websocket_ip.min.js Show response
video.q34r.org/js/ Frame 032F 5 KB
2 KB 37ms
37ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/websocket_ip.min.js
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 419b600e2a3d2523ed458633a946a9a07fcf046077f0ea79f3e435f154f04ee7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1230726
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Fri, 20 Jan 2023 13:44:36 GMT
server: cloudflare
etag: W/"63ca9ac4-121c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNIUHuIDvy2wM6zz%2BqKqdQ92GMdt3rUKSTWov6FIpLVC%2FPFHxErc0r5Bgg6UOJ8eEFGStr30Xaat64jPTJl4Si1LC8AeALDJqM07N1gQgC6qCyng4U4QBvQqy9gXuN2QjKGR1Rmd%2FUHeT0Mukw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1250d8ec0b85-AMS

GET
H2

200

1 Show response
mc.yandex.com/watch/86516845/
Redirect Chain

https://mc.yandex.com/watch/86516845?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&br...
https://mc.yandex.com/watch/86516845/1?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&...

427 B
546 B

70ms
70ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/86516845/1?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhayg6jvevqcsa7rv%3Afp%3A414%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A1041052663306%3Ahid%3A829532024%3Az%3A120%3Ai%3A20231021190301%3Aet%3A1697907781%3Ac%3A1%3Arn%3A1057243103%3Arqn%3A1%3Au%3A1697907781509982295%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C57%2C64%2C1%2C%2C0%2C%2C363%2C2%2C%2C%2C%2C506%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907779910%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697907781%3At%3A_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Requested by

Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat

Protocol

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

06dd81b34d8c1c9fb977a5a0779f1330e8e85019103c3ba9ae425be57ce38286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 21-Oct-2023 17:03:01 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.onscreens.me
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 427
x-xss-protection: 1; mode=block
expires: Sat, 21-Oct-2023 17:03:01 GMT

Redirect headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 21-Oct-2023 17:03:01 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/86516845/1?wmode=7&page-url=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhayg6jvevqcsa7rv%3Afp%3A414%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A1041052663306%3Ahid%3A829532024%3Az%3A120%3Ai%3A20231021190301%3Aet%3A1697907781%3Ac%3A1%3Arn%3A1057243103%3Arqn%3A1%3Au%3A1697907781509982295%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C57%2C64%2C1%2C%2C0%2C%2C363%2C2%2C%2C%2C%2C506%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907779910%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697907781%3At%3A_yuki%3A%20%E6%96%B0%E4%BA%BA%EF%BC%9F%E3%81%BB%E3%82%93%E3%81%A8%E3%81%AB%EF%BC%9Fwww%20%E3%83%81%E3%82%B1%E3%83%83%E3%83%88%E3%82%B7%E3%83%A7%E3%83%BC%E3%81%AF%E6%B0%97%E3%81%BE%E3%81%90%E3%82%8C%E9%96%8B%E5%82%AC%E2%99%AC%20%2F%2009%2F27%2F2023%2C%2015%3A56%3A04%20-%20stripchat%20-%20ONScreens.me&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29
access-control-allow-origin: https://www.onscreens.me
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 21-Oct-2023 17:03:01 GMT

GET
H2 200 jquery.min.js Show response
unpkg.com/jquery@2.2.4/dist/ Frame 032F 84 KB
30 KB 39ms
38ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/jquery@2.2.4/dist/jquery.min.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1230590
last-modified: Fri, 20 May 2016 17:24:42 GMT
fly-request-id: 01HC4XEQYDSB16TVMNJM5WPYR0-ams
server: cloudflare
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 819b12511f7c0b70-AMS

GET
H2 200 jquery.cookie.js Show response
unpkg.com/jquery.cookie@1.4.1/ Frame 032F 3 KB
1 KB 37ms
37ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 17730826
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
fly-request-id: 01GWS5KG571E6PT921EMP2VYPD-ams
server: cloudflare
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 819b12516fdf0b70-AMS

GET
H/1.1 200
OK juicyads_black.gif
i.jads.co/ads/ Frame E7B2 2 KB
2 KB 118ms
25ms Image
image/gif 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.jads.co/ads/juicyads_black.gif
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: b1e12c59a9b1d3e8447d6a7aeb584101c71751561b98f3f0162f58f1e617c7fb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Wed, 02 Mar 2016 17:54:59 GMT
ETag: "1456941299"
X-HW: 1697907781.dop247.am5.t,1697907781.cds140.am5.shn,1697907781.cds140.am5.c
Content-Type: image/gif
Cache-Control: max-age=30976560
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2193

GET
H/1.1 200
OK 8605-1583019924-0037742001583019924.gif
i.jads.co/network/user47819/ Frame E7B2 711 KB
712 KB 118ms
27ms Image
image/gif 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.jads.co/network/user47819/8605-1583019924-0037742001583019924.gif
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000049
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 5e44b5f4ead12255265a568a7b22b7ca134dee1124d654d1750d96457cd480c3

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Sat, 29 Feb 2020 23:45:24 GMT
ETag: "1583019924"
X-HW: 1697907781.dop257.am5.t,1697907781.cds240.am5.shn,1697907781.dop257.am5.t,1697907781.cds303.am5.c
Content-Type: image/gif
Cache-Control: max-age=31345163
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 728392

GET
H3 200 d_check.js Show response
video.q34r.org/js/ Frame 032F 3 KB
2 KB 36ms
35ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/d_check.js?35
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88e33d38aa577708d4cb0230edfddbbc348ed7dd6af3224797bee28eae0f2c7a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1200876
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Sun, 01 Oct 2023 06:10:30 GMT
server: cloudflare
etag: W/"65190d56-d80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8l9M%2FnMdf8QZNBSQs6jYYBkKgEWHhe7WQaRmRVFLddS34o1fLIqlymyQsiaa5%2Bh2183H9QsvtJy%2By0vp24nS2juFWAOTMetUYaZKo2NW5mAIrd%2BRaDUZnYx8FR83QgXtP3vSJg%2FPB8v7VagGDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1251aa050b85-AMS

GET
H3 200 embed.229.js Show response
video.q34r.org/js/ Frame 032F 168 KB
41 KB 52ms
52ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/embed.229.js?736
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcc8ce9811f88009783b34ee73ff5314ce760e0c611c2aaf5c4ef65961b0813e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 794848
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Thu, 12 Oct 2023 12:13:26 GMT
server: cloudflare
etag: W/"6527e2e6-2a0e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHeEQUYFH%2F7nGDi9IvP63v4eqyY13WzPFjjMeh%2FXP1dV1NdymAg8OdlaqevsEYimN3kezj0gOUohlNOjzIneOFVXmQ9CUeZPQ13QN7hvHxlOOqi5hkcfn782V4X%2FrbcqnV%2BZl1tDu%2FrVkuzzDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1251da460b85-AMS

GET
H2 200 output.fe3e9fec3a8e.css
static-assets.highwebmedia.com/CACHE/css/ Frame 3F9A 22 KB
6 KB 115ms
42ms Stylesheet
text/css 2606:4700::6810:5d2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Requested by: Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5d2a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4dac3accf8ef08f2b8de9cb80a86dfc4fcbc718545dcb8bd3d0e4e8362c3079

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://chaturbate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: HFKJK4KZD95CKY5W
age: 432103
cf-polished: origSize=26903
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8JmnwF/MqfOZ8dM6YTU7wZTiUCFgqdA00GANJLnF1EGWo81KsR4A1IEu5TSrRe41/sRNZyzkO3Y=
cf-bgj: minify
last-modified: Mon, 16 Oct 2023 16:59:17 GMT
x-amz-meta-s3cmd-attrs: md5:45ecf3091aa86ce3d3732164aafcc3d8
server: cloudflare
etag: W/"45ecf3091aa86ce3d3732164aafcc3d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nl8pO9mm8cWkapRnMZeHCaiXj3ahJY%2FIWBzoBotdFC64ApCDWBrNPK9v3s8%2BnKcsvCxHfFYQsGwvZt8UCUalULKOAaPyXaQXuVff99m4CBHG0Vq5QZrN0aDHbM%2F1LSuTfhNWyC8N%2FcTzhCUJNxF4kamAXlNchy5PIqM5aA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 819b12526cf0671b-AMS
expires: Mon, 20 Nov 2023 17:03:01 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3F9A 222 KB
79 KB 69ms
68ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GX0FLQH21P

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3afb02aa8b0b68c7d351e6cc2feeccad7ac7b3f62423c4d646b17575476de62a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://chaturbate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80808
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 21 Oct 2023 17:03:01 GMT

GET
H2 200 412125 Show response
blow.week1time.com/api/users/ 552 B
537 B 47ms
47ms Script
text/javascript 2a01:4f8:161:6222::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://blow.week1time.com/api/users/412125?host=www.onscreens.me&ev=210&wh=1200&ww=1600&uuid=&s1=%25subid1%25
Requested by: Host: blow.week1time.com
URL: https://blow.week1time.com/dY5uaQ5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a01:4f8:161:6222::2 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 55613f3e515aadb8a74cf8b75861b53f9db36d38a1ee6d6f75547140cd7b3902

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
cache-control: private
content-encoding: gzip
server: nginx
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H3 200 popunder.js Show response
video.q34r.org/ad/top/ Frame 032F 21 B
631 B 34ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/ad/top/popunder.js
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
x-cache-status-inferno-s: HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1214605
alt-svc: h3=":443"; ma=86400
content-length: 21
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
server: cloudflare
etag: "6141fdde-15"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZFLbB7Haj8WwSkxwt4gZW0PINuFlvmwQ5ooUwu123ulg%2BpO9GmfJcpNgrkEqBd4Xz%2Btliy0PjyD%2BkuqJ5THxK590xjAha3MofhSw0NNgWSf0upTIMbBkLnoVrRP1xepvEo7yvqpCei8ITnvHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 819b12527add0b85-AMS

GET
H2 200 ico-female.svg
static-assets.highwebmedia.com/images/ Frame 3F9A 7 KB
3 KB 39ms
37ms Image
image/svg+xml 2606:4700::6810:5d2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
Requested by: Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5d2a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 818c9c4c368ff40bbc414f8bb3a80990c7208bcf0b45f9d9aa947f1ea2e1eb93

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: J9SR46QSXFETW0NE
age: 2330522
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BPIGSYPJSNb+Wx+fG74D1uKwpbe2oGmkp6rvxpYKXnElPkz7cLX7rE8eYkOQjj2HarwKuV4WM/s=
last-modified: Tue, 09 Mar 2021 22:37:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:304b64c8f4b6c7e0c36c86b419151c45
etag: W/"304b64c8f4b6c7e0c36c86b419151c45"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoXFwwWCN%2FP%2BlxIY2nJZ7MzQXdXQToooSl7CUsd4AbUyseiOQZH33dUYeMbOa8oFN4PDvrnwQDVx32LSz2KTUN2r1lncBVoC0GcdueaS%2BfVbqvMWaQuiSoIABR%2FGwH2gg0MySrlPbjMFobca8RKiOUfJ5AzgMPJj%2BPK%2Bqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=2592000
cf-ray: 819b1252bd6e671b-AMS
expires: Mon, 20 Nov 2023 17:03:01 GMT

GET
H3 200 ubuntur-webfont.woff
static-assets.highwebmedia.com/fonts/ Frame 3F9A 32 KB
33 KB 120ms
87ms Font
application/font-woff 2606:4700::6810:5d2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
Requested by: Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:5d2a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d

Request headers

Referer: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Origin: https://chaturbate.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: H4ZSP8TFBR1Z378F
age: 1737955
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7ZQ/I+SMgxehv87Nhb3ZBwriE1FLGIZQCpRGaB7Mneh7aHdStEpWDu008Zb5nJTaOxOY/MdBLcY=
last-modified: Tue, 19 Jan 2021 22:07:55 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:30556905d926944a6ada140546bcf5ce
etag: W/"30556905d926944a6ada140546bcf5ce"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=33lhTbFaatyu%2FGisT3vgd09dZfEJyex346g4stEAGtrBfrdpOqPMJTZXgNn%2Bj40dOJ3JRul8Rad7LeD4IWJQxH%2BVNeKZUyc8ZJd81INYf852XLkRvpUVHOuER3zQaEDritrazdBY%2FejHSkqMfq6TSEA5M2FopGqRCLllNA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2592000
cf-ray: 819b1252e882b79d-AMS
expires: Mon, 20 Nov 2023 17:03:01 GMT

GET
H2 200 ico-cams.png
static-assets.highwebmedia.com/images/ Frame 3F9A 549 B
1 KB 39ms
38ms Image
image/png 2606:4700::6810:5d2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
Requested by: Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5d2a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ED3PFQ7AXA7K5XHQ
age: 2487116
cf-polished: origSize=1457
alt-svc: h3=":443"; ma=86400
content-length: 549
x-amz-id-2: LgNgWF7T+3DLlXhDy0qHdF31sFyUC2onQ8rEe1kSMC0lQWs2kqEQvXxpaB/meM7ksgo9LSEtK9I=
cf-bgj: imgq:100,h2pri
last-modified: Tue, 19 Jan 2021 22:03:22 GMT
x-amz-meta-s3cmd-attrs: md5:58ecd9d7af4908cce84eccd4cbd6f0d0
server: cloudflare
etag: "58ecd9d7af4908cce84eccd4cbd6f0d0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0qwUkuzmG9UojtUlQCrKIsj5J1PmjT3CDb99SgoaMX0M9g5YJH2XGTtmQd4rUl8loItSDT1F%2BuG7V6MbPhOqfh0C0Nc3YXTfIxF76mPjOSs0ckm7fYO6SSpYZqFTELvSNSpAXCgDGd%2Fhqb481bQGnpm8ku8Kust6LMxsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 819b1252bd70671b-AMS
expires: Mon, 20 Nov 2023 17:03:01 GMT

GET
H3 200 ubuntum-webfont.woff
static-assets.highwebmedia.com/fonts/ Frame 3F9A 31 KB
32 KB 69ms
37ms Font
application/font-woff 2606:4700::6810:5d2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
Requested by: Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:5d2a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e

Request headers

Referer: https://static-assets.highwebmedia.com/CACHE/css/output.fe3e9fec3a8e.css
Origin: https://chaturbate.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: H4ZX2TRG5STMTA46
age: 1737955
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1qRAoYZioN4dFr+3EzNG6Zn2yOk8YGm7+wvFB6gYH0lUwYQLri+lvWa6MO0j4AeFtjViSimUXAk=
last-modified: Tue, 19 Jan 2021 22:07:54 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:9968f3d2a16c9ae20a54d0e44ee83d3a
etag: W/"9968f3d2a16c9ae20a54d0e44ee83d3a"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e5wdp4wpJTYb9uK5fYzKzp9zaLYi715zXp4cb%2BLFeJ1Ss%2Bq8LDD%2BhsDOqpdscWalbmQytCzgn%2BK7jJ0rw32%2FqTd2pjIA9A4MGZUQpTgigWV53RQ1E064HUa%2B83wi0wrYdzSdXg9RlVrQfWJJxwZg2qXYKH5WcKexQIoDw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2592000
cf-ray: 819b1252e880b79d-AMS
expires: Mon, 20 Nov 2023 17:03:01 GMT

GET
H3

200

main.js Show response
chaturbate.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/ Frame FDAE
Redirect Chain

https://chaturbate.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://chaturbate.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js

7 KB
4 KB

41ms
40ms

Script
application/javascript

2606:4700::6812:6528
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chaturbate.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Protocol

Server

2606:4700::6812:6528 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b7a38c0a51c7ef68b5ac0a2b0476601b19ff68df4a8438a54a3f63ff778862c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FbBJLH9FBajGcFmbY0tafL%2FIAorgsRvrcKbgla82mlI0Gs%2F38fzlVTwfI1tRwyJ8Oe5GncIT%2Fhen7f8T1h7td6OGw9mWmwcnk68t9dbz8Vu3LDqcOikAvKArrRw%2BftzsGi%2Bmt6NnARQhEb2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 819b12531f7c66f9-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LreR7x2KKzGTKDGk3pfbwszJaYCtGEdI1Vdq%2FyWyI4BIYyrAb7upz0oyEJwpqhGT%2F39rTXWx8%2FGyT59yGsc3%2F8HRulg14whja5FkOREpeQ1h0WKPO8LYmY6aaPchujpJzMeRlK58Hu%2FvV3lo"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js
cache-control: max-age=300, public
cf-ray: 819b1252cf2d66f9-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 032F 144 KB
50 KB 188ms
116ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27dc92858f649d86d922527ded7eebd3f6e775c3b56a25a71a90d56dba259864

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51070
x-xss-protection: 0
server: cafe
etag: 15098413702113513695
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 21 Oct 2023 17:03:01 GMT

GET
H/1.1 200
OK 12957-1568843906-0467906001568843906.jpg
i.jads.co/network/user47819/ Frame 8F85 94 KB
94 KB 28ms
28ms Image
image/jpeg 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.jads.co/network/user47819/12957-1568843906-0467906001568843906.jpg
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000494
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: ec16b38c82e8e4ea2e8acb7be2da472d7f8d2eaae8089abbceec71c601a5b58f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Wed, 18 Sep 2019 21:58:26 GMT
ETag: "1568843906"
X-HW: 1697907781.dop247.am5.t,1697907781.cds140.am5.shn,1697907781.dop247.am5.t,1697907781.cds279.am5.c
Content-Type: image/jpeg
Cache-Control: max-age=8763609
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 96226

POST
H3 200 819b125098e35c4d Show response
chaturbate.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame FDAE 0
595 B 50ms
49ms XHR
text/plain 2606:4700::6812:6528
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chaturbate.com/cdn-cgi/challenge-platform/h/b/jsd/r/819b125098e35c4d

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:6528 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=okVe4vHQhCPhsQ%2BkL8r7WDu2oFlDg3r%2BxwNZQ5P8D%2B3dzJ%2F4D%2BLEKhltwA4LOSP6mojnZyLSffye3ZGFJQ8c%2B1kK1CFcQCrseOINK8v8ZFR%2BFnPbkMonbctx0Dgwsun6B1WWhH9ghtalyx%2FX"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 819b1253e84e66f9-AMS
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK 33261-1617884182-0301469001617884182.png
i.jads.co/network/user500/ Frame 3B95 1 KB
2 KB 28ms
27ms Image
image/png 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.jads.co/network/user500/33261-1617884182-0301469001617884182.png
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1005493
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: f9e5e435e5aa5877bbe306abb79af87ebbabf89e2eb52dd4b3122c2af281c9d5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Thu, 08 Apr 2021 12:16:22 GMT
ETag: "1617884182"
X-HW: 1697907781.dop247.am5.t,1697907781.cds140.am5.shn,1697907781.dop247.am5.t,1697907781.cds209.am5.c
Content-Type: image/png
Cache-Control: max-age=20411484
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1470

GET
H/1.1 200
OK 1x1.gif
i.jads.co/ Frame 3B95 27 KB
27 KB 26ms
25ms Image
image/jpeg 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.jads.co/1x1.gif
Requested by: Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1005493
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://poweredby.jads.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Sat, 21 Oct 2023 17:03:01 GMT
Last-Modified: Thu, 03 Nov 2016 21:36:07 GMT
ETag: "1478208967"
X-HW: 1697907781.dop257.am5.t,1697907781.cds240.am5.shn,1697907781.dop257.am5.t,1697907781.cds303.am5.c
Content-Type: image/jpeg
Cache-Control: max-age=22369915
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 27460

GET
H2 200 nr-spa-1.245.0.min.js Show response
nr.static.mmcdn.com/ Frame 3F9A 85 KB
30 KB 119ms
44ms Script
application/javascript 2606:4700::6812:ca04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nr.static.mmcdn.com/nr-spa-1.245.0.min.js

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ca04 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed3078ee7555bdf0c923cb06e15be64dbf86c8a3d697269101989107e0111358

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://chaturbate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
x-amz-version-id: gNCpD9l3ywVwc2iS1nCWwmej4p3p9B_B
age: 162779
x-amz-request-id: 2K2A1PZB8EA2S5CK
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xe3CujKV+W+O4HR7LqSbXIPo4mh2TdnGF7uIcjRxqGq17CcDSg94P5rhChhN5QtO1ksiFdKIrqs=
x-served-by: cache-jnb7027-JNB
last-modified: Wed, 18 Oct 2023 17:46:32 GMT
server: cloudflare
x-timer: S1697744974.427571,VS0,VE1
etag: W/"c37aaf53afc6bddb1c2aa56098803d08"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
cf-ray: 819b12546f2f0ae1-AMS
x-cache-hits: 1

GET
H2 200 resolve Show response
dns.google/ Frame 032F 226 B
245 B 31ms
30ms Fetch
application/json 2001:4860:4860::8844
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dns.google/resolve?name=140.150.204.31.in-addr.arpa&type=PTR&cd=true

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4860::8844 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0f8a6a06f1ee1a20f072a07b54bfba0584d821dd9d6a9bb6adfdec0cdab07c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 21 Oct 2023 17:03:01 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 160
x-xss-protection: 0
expires: Sat, 21 Oct 2023 17:03:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231017/r20190131/ Frame FCC5 10 KB
5 KB 182ms
58ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231017/r20190131/zrt_lookup.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://video.q34r.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 56762
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 21 Oct 2023 01:16:59 GMT
etag: 4569948109300706969
expires: Sat, 04 Nov 2023 01:16:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 embed_player.3.css
video.q34r.org/styles/global/ Frame 032F 6 KB
2 KB 34ms
34ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/styles/global/embed_player.3.css?130
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2f1967bd0ff37182a4c0d4af0ae9cb04cdcbd189cec906bc2e2d9e0a36209e7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1219496
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
server: cloudflare
etag: W/"5fd14cc5-1701"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSiUuHf2Ppta7DPu%2BmtX9TxAEpmXDJkBdqSA2mH%2B2G6aSU%2FhcZSTYTplMpAfA%2Foyf3WxdylXu8iTWkFYdO0Rpio2cvdDC1ZKOsGGGr9sATKfns5twQDrxchEky%2BmwS%2Fn3oZBllJyZ0BlsAAgrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b12546d6a0b85-AMS

GET
H3 200 script_33.10.js Show response
video.q34r.org/js/ Frame 032F 7 KB
3 KB 36ms
35ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/script_33.10.js?16
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/js/embed.229.js?736
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df358ee6ecd6cbb7466f6e31f9529bed03ff78ac08830b35796092ce23d18e9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1202913
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Sat, 07 Oct 2023 10:41:14 GMT
server: cloudflare
etag: W/"652135ca-1b3c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fW9K4ankrNA%2BIKQrwIimr%2B%2BYSEA1xmm6pksfdfEalcYtm9kWKriP33oa%2F%2FGb0autk%2FFp6yc29kJgcIZ5tqzwLy8tZadMiikIeevXadFvNMfYUNYGT%2F9CSF1Cu4ujz1aOFUGqEN64ssGcPmRWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1254adb60b85-AMS

GET
H3 200 trace Show response
video.q34r.org/cdn-cgi/ Frame 032F 313 B
380 B 27ms
26ms XHR
text/plain 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://video.q34r.org/cdn-cgi/trace

Requested by

Host: unpkg.com
URL: https://unpkg.com/jquery@2.2.4/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39a5ba2492e960fd9548fc47d2f229ab901ca520e0c88dabf25f69f5d41e4c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 819b1254adb90b85-AMS
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 segment.css
video.q34r.org/styles/global/ Frame 032F 616 B
858 B 36ms
35ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/styles/global/segment.css?11
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 889727ca9e58ccddfc9c0df7031ea9b5fd19b42a15286cc5c380eef5bea350ab

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1202914
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Sun, 17 Mar 2019 16:12:54 GMT
server: cloudflare
etag: W/"5c8e7206-268"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JZ9AdCBPWf9D05usxhBuA6q2ZgObPhC3is6cYLa0Hn377kQtfTnXz0j66xVooEStAvse0yI1Ev6eOtSosWpINXCT8tkPUnXxGxAlm%2BQ%2BRx%2BaMshR%2FEiNQzbiMvTrFztdOnOGie%2FiSGUcxlUmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1254adba0b85-AMS

POST
H2 200 6f524845d1 Show response
nr.mmcdn.com/1/ Frame 3F9A 40 B
233 B 189ms
173ms XHR
text/plain 2606:4700::6812:ca04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nr.mmcdn.com/1/6f524845d1?a=24279235&v=1.245.0&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=908&ck=0&s=3495acc927cbd8c9&ref=https://chaturbate.com/tours/3/&af=err,xhr,stn,ins,spa&ap=22&be=441&fe=326&dc=143&at=H0ETGw9CExRCXBM9CgBBXAkZG1QPVUwSBxFKCgIbDwkdQ0RKBBANBQ4DGw8bbj5QVw4MPDtBShtGUFYPREk%2BBgIQBkQDBRUTIndmMwMaRllEAQQAU1ADDFFbWwFQU1oBXRwgfGpDTkEnJTl7Wk0TWwIKTUAgIjwkVkFzYkMLXwAOEAFPRHpzZnMORXwZFhEFQVwbU1hdElQVBwMPFwZEFRdLVABdZggSQV5BVFgFCQtQBwpRWFFeUgUJBgMLWBMVQwMNCw05X1lYVhITA0MjLSstSnF6amVDHRsDBxAQPAFMUEpCPlhJQ1hBVgJWCQ8IB1IBA1NYUgdTVQMPABNNE1sEERc7BBNcRkpuBlRWQ1hBKi9EFRdQQT5SVhQMFxYaRAMXd31DHRsIEjwHDBNXQUtIPlJWDwQKAAYIWlAbC0MICUNOQQ0TOVdQTUYOQ1JDWEFGT0RQRWZeE1ZYDwsZBRcPVlsbC0NYCiVMDQEXRnsbbxNNE1ARPQoXE0QDF1ACJR9XBBZDJk0wGxkbWBFuWBIMQV5XXwwBDR1DWEk%2BAxAKPAlLUhsLQ1gKJUwNARdGextvE00TUBE9AAsNCFxWTVgOX2YVGxMBQVwbdlZDEV5LABYGRk9EUEVmRBJUSz4WGhQGRAMXUV4SRVAPBUFIQRRcRExUEkVmEQMXDEFcGxpNXhRDSk5RTEZPRE5ZZlkOQk1DWEEHCwdNQEtTAEVcTwEMCUFKG0ZQRQRuUAVAWVVPREpcTVQ%2BVVYMAwoKQVwbVlFQFURLAwMXAU0FVlgbHUNDXBAXBhcXOVFaSkVDCxsCCgIQFhRbVE1UT1JWDEBPRgEUVkJKVBNuUAVAWUZaBQ4ECFQHCRRYBFFWTlIPAQAcWQBfB09SAFsED1NaB1BQAVJAT0YRA19QS1QTEwNDChcQExUDGhZBDkZcEwcHBhpIU1RdQk9SVk5AT0YRA0hAXEIVblQEFgsLB0QDF350NRMVQxIaEAsJV2pPVBNCUA4MQV5BVRcECRNNE10LAw0DDDlPUEtCCF5XQ1hBV01UFwcLE00TTAA9BwEVD1pQZlcAXFANG0FeQSlNXVxDQx0bFAM8AAYQUFZcbhVISQRAWUYHA0peTV4RExVDFwI7DBVmU1hcCF1AQ1hBMwoIXVpOQkMdGxQDPAsQOU9QS0IIXldDWEFVU0QVF0xQPlNLDhUQARE5X1RUWA1IG1tAIAwRCVRQGx1DRFg%2BABELFBVcR2ZHBENKCA0NRllECAQBH1EfDFhbUEZPRExUZkIVQ1APBUFeQStWT1BdDVAWVExTREsxUFtdXhZCGS82Q1VTSAkOGWYIXw9VWUMcVVIQFXhBEV1cNgcBLwoSFgAKBk8CD0FKKCw3K3UZGV0IWlxBJQYHCAkQFXpZE15UBE1SVVtICRsMCFgCF1laQzcCAFhHUB5UAg5PUVVGT0ReXE1uAl5UDAsXRllEC1YKVFVVDFBTAlQABVgCDwMFAFsDVAFQWl9fAwgEAldaAFsCVgVSARcVEwZYTT4WAgNBXBtDCwJPAAlPU1tKU0QVF0tUF1hKCA0NRllEC1YKVFVVDFBTAlQABVgCDwMFAFsDVAFQWl9fAwgEAldaAFsCVgVSARcVExFQSwAPEEZZREJpG0UOREs9QFlEP0RBBGtVPRMVQT5BBwILSVRQVg9tG1tCP0YkIlNQaG1DHRk9QAA4QVwZaRsDPRMVQT5BFD9EAxVlE1FtG01CP0YJCVBbZl4XVEsNAxo4QVwZaRsAPRMVQT5BAAoVWFdVVD5CVhQMBzhBXBlpGwE9E0RDTkEHAgtJVFBWD25QBUBZXVNQDQABCE0TWgAPEwUKAVdqSl0UVhtbQCQgCQNoFxUTFV5MEz0KAEFcAQcVExVeTBM9EAgWARsPG0lQY11DTkEUEQleR1hcPlhdQ1hRVU9ESlxeXxRBZgkWFxQ8FFxTXEMEQxtbQAsQFxZKDxYeEV5OBBAGAAEfF19YVRIfWg5NQRke&perf=%7B%22timing%22:%7B%22of%22:1697907780966,%22n%22:0,%22r%22:0,%22re%22:234,%22f%22:234,%22dn%22:234,%22dne%22:234,%22c%22:234,%22s%22:234,%22ce%22:234,%22rq%22:235,%22rp%22:442,%22rpe%22:446,%22di%22:577,%22ds%22:577,%22de%22:584,%22dc%22:765,%22l%22:765,%22le%22:767%7D,%22navigation%22:%7B%22rc%22:1%7D%7D

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ca04 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://chaturbate.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://chaturbate.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
cf-ray: 819b1254ffe40ae1-AMS
alt-svc: h3=":443"; ma=86400
content-length: 40

GET
H3 200 embed_menu.css
video.q34r.org/styles/cbv2new/theme/ Frame 032F 10 KB
3 KB 33ms
33ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/styles/cbv2new/theme/embed_menu.css?21
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45bc2ebb82341b0beb20bf20f0318c5f520e782e2c23da5280d26ab94e046013

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 6228189
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Wed, 02 Dec 2020 01:21:09 GMT
server: cloudflare
etag: W/"5fc6ec05-26c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LARoGnKBtPaKiV189LBTut61ByEHzcrjyasL36pRTJZRs7Gfffzl3Qg98tvb%2Ba82V5QBDv18iAcnIe0Be2U9q%2BGlmGr2ZlejWJpqBk1PcSo9Ep4ETklrv%2FUzzn8%2BoOwEYYaVrOdXm69NEwpo6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1254edf90b85-AMS

GET
H2 200 css
fonts.googleapis.com/ Frame 032F 5 KB
797 B 44ms
44ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,300&subset=latin,cyrillic

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/styles/cbv2new/theme/embed_menu.css?21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c62a7a718744861f913b590ec5dbaa4101a1ccdbe54dc9ecd48c6659eccc812c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 21 Oct 2023 16:41:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 21 Oct 2023 17:03:01 GMT

GET
H3 200 segment.7.js Show response
video.q34r.org/js/ Frame 032F 7 KB
3 KB 34ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/segment.7.js?157
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b9882b1d4950f6e9ec65efbef9636a76a43b423302695035cf88b8c44474acd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:01 GMT
content-encoding: br
x-cache-status-inferno-s: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 19692553
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Fri, 10 Dec 2021 17:25:16 GMT
server: cloudflare
etag: W/"61b38d7c-1c01"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAVL%2FSXG1LcvVwcAAs2G86Y0ZYMYAe4K%2Fy7DuJqUF2lXkIs02GS1sXSFhtE8yB0Dn3Pf6IPFuZzcj%2BgWiJ2rDwRXq24Mw9jEQdZwjCQLguvyVCYyxsWvcyCCt16TqZUIqi1IfH5qKVWhDBWHGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b12556e9d0b85-AMS

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ Frame 032F 47 KB
47 KB 58ms
58ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300&subset=latin,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://video.q34r.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 18:16:19 GMT
x-content-type-options: nosniff
age: 168402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 18:16:19 GMT

GET
H3 200 video.counters.2.js Show response
video.q34r.org/js/ Frame 032F 696 B
1016 B 33ms
32ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://video.q34r.org/js/video.counters.2.js?117
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34310731b79445f958ec982df1cb3793cea4f125f0a192a110d08203f4015c10

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
content-encoding: br
x-cache-status-inferno-s: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 1193280
alt-svc: h3=":443"; ma=86400
x-inferno-location: static
accessing-static: 1
pragma: cache
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
server: cloudflare
etag: W/"6200231c-2b8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ar75Rwwp9Ti5DcpGqoRn8QjrC1TXZyjSdIfKQVuyCL11ChYTSAt5%2FkovYh4vYvsTrjn3rqI9dLe%2B3NlMeN540PQJHiZNIWSk%2FZViQHt3NWl%2F5ZpUnOHu0aco84ClvuKzrmbuBZdTG0i5hPSLlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
access-control-allow-credentials: true
cf-ray: 819b1255aee50b85-AMS

GET
H2 200 netu.php Show response
sadjklq.com/ Frame 032F 1 KB
1 KB 205ms
127ms Script
application/javascript 2606:4700:3036::6815:b61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sadjklq.com/netu.php
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:b61 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash: f140ccf5cbd8bee72a1ccff6b05759fde131c9005e38169132fd1beb24aa3c00

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZpCRhHyQoXgzzrdoDWtwyATBJq5Nrykzd0qA5tXEgKCe1y0s%2BpIxLAypLsx1%2B1teXJnZg%2FKtWYVkQ92%2B3%2FXoiO6AevloSA6%2Fxtn4I%2F5sVdwItu%2BjHyHWDajkXikpVqDsfcEDcr36Yg8C%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 819b12562ce46639-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ Frame 032F 199 KB
69 KB 79ms
79ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/js/video.counters.2.js?117

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

7a900ef99c0d027e9586048adc3e61588a1bbc73a946a8e32b6dc77c209e7526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 20 Oct 2023 11:55:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65326ac9-1117c"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 70012
expires: Sat, 21 Oct 2023 18:03:02 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/ Frame 032F
Redirect Chain

https://counter.yadro.ru/hit?rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI...
https://counter.yadro.ru/hit?q;rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwO...

43 B
528 B

78ms
77ms

Image
image/gif

88.212.202.52
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI6MWMwMzo6OQ%3D%3D;0.45281294859222987

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

HTTP/1.1

Server

88.212.202.52 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host152.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 21 Oct 2023 17:03:02 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 20 Oct 2022 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 21 Oct 2023 17:03:02 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;rhttps%3A//video.q34r.org/e/azI3NHVubFpzcCt1VWkxaHgzbU5Vdz09;s1600*1200*24;uhttps%3A//video.q34r.org/player/embed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI6MWMwMzo6OQ%3D%3D;0.45281294859222987
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Thu, 20 Oct 2022 21:00:00 GMT

POST
H2 200 6f524845d1 Show response
nr.mmcdn.com/events/1/ Frame 3F9A 24 B
93 B 170ms
169ms XHR
image/gif 2606:4700::6812:ca04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nr.mmcdn.com/events/1/6f524845d1?a=24279235&v=1.245.0&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=1111&ck=0&s=3495acc927cbd8c9&ref=https://chaturbate.com/tours/3/

Requested by

Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?tour=x1Rd&campaign=GDjeQ&c=2&p=0&join_overlay=1&disable_sound=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ca04 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://chaturbate.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://chaturbate.com
access-control-allow-credentials: true
cf-ray: 819b125619490ae1-AMS
alt-svc: h3=":443"; ma=86400
content-length: 24

GET
H2 200 f.php Show response
videocdnmetrika.com/ Frame 7421 3 KB
2 KB 206ms
126ms Document
text/html 2606:4700:3034::ac43:aba9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://videocdnmetrika.com/f.php?sid=212040
Requested by: Host: sadjklq.com
URL: https://sadjklq.com/netu.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:aba9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash: d96660ffdd36585461fd74d7199e83fb0b02fa5ffa09e61ef6c9a1822ba88e0d

Request headers

Referer: https://video.q34r.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 819b12577dc6b75b-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 21 Oct 2023 17:03:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pglJQQe3iR8iT%2F5NXzMipz6AgPra5DQuI8aTl68fgDeVi%2BF48zJXC%2F1N15%2F%2BUVWzjH1QmzERlGAC8GA7rRbiYuGXN7EcQ%2FM%2BoquwUefVnIqROeV03Lyrz6LI1iFC%2Brsq6OJLlKzI9V8QEFCJBrz0Hy7%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33
x-robots-tag: noindex

GET
H2 200 advert.gif
mc.yandex.com/metrika/ Frame 032F 43 B
228 B 112ms
111ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 20 Oct 2023 11:55:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65326ac9-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 21 Oct 2023 18:03:02 GMT

GET
H2 200 54046198 Show response
mc.yandex.com/watch/ Frame 032F 439 B
541 B 67ms
67ms XHR
application/json 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/54046198?wmode=7&page-url=https%3A%2F%2Fvideo.q34r.org%2Fplayer%2Fembed_player.php%3Fvpn%3D1%26vid%3D1%23iss%3DMmEwMDoxNjMwOjI6MWMwMzo6OQ%3D%3D&page-ref=https%3A%2F%2Fvideo.q34r.org%2Fe%2FazI3NHVubFpzcCt1VWkxaHgzbU5Vdz09&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhayg6jvevqcsa7rv%3Afp%3A417%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A1213845806867%3Ahid%3A289586483%3Az%3A120%3Ai%3A20231021190302%3Aet%3A1697907782%3Ac%3A1%3Arn%3A912110322%3Arqn%3A1%3Au%3A169790778273344780%3Aw%3A835x500%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C351%2C3%2C1%2C0%2C%2C783%2C1%2C%2C%2C%2C1139%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907780866%3Arqnl%3A1%3Ast%3A1697907782%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

31faf194ec0d79384136f86f0552d5793ba55cefc6d5d241a86860d81a59ea7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://video.q34r.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 21-Oct-2023 17:03:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://video.q34r.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 439
x-xss-protection: 1; mode=block
expires: Sat, 21-Oct-2023 17:03:02 GMT

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
947 B 152ms
48ms Image
image/webp 78.47.199.210
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=38&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&mlc=1&cpa=b973b1ac-0688-401a-881b-b2141636c550
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.210 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.210.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
947 B 151ms
47ms Image
image/webp 78.47.199.210
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.210 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.210.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 /
cc363782e3.03a17e7986.com/in/show/ 0
200 B 136ms
46ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc363782e3.03a17e7986.com/in/show/?tag_ab=d&site_id=31293804&adblock=0&testab=1&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip&ssp=3964&page=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&refdom=www.onscreens.me&auction_time=1697907781&subid=483020946&sid=1323989015&tcid=0&ver=8.108.0&ver_c=&spot_id=293804&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-10-21&iabcat=IAB25-3&keywords=squirting,adult&user_fp=5093418656179705351&score=76.65520692050688&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D483020946%26spot_id%3D293804%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.onscreens.me%252Fe92b4120-5d50-11ee-af82-ca29b77277e2%252F_yuki-www-09-27-2023-15-56-04-stripchat%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D483020946%26spot_id%3D293804%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.onscreens.me%252Fe92b4120-5d50-11ee-af82-ca29b77277e2%252F_yuki-www-09-27-2023-15-56-04-stripchat%26idzone%3D0%26sid%3D1886&icons=Wvo_qF4FvZazInOm8G6LgCjK3m93cPok3pVERrnJAuNe7qlnvhwkFtp9jytSX123axC3vnflVl4ZzWacIJcPenJlcjRFhwY88RK9EasQgM3Qj7AtXdKLRt2OU5MYZLLKBmxNcSh_t09_nUnGUawzWkQehkOOev7Xw28GhM9JC3vXBOIaNg&ext_cid=0&px_id=293804&min_cpm=0.02111400068292017&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=4141888061908291925&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.010802482318962256&cpm=0&verify_hash=2a7cb24ce6462205d34a4fdb6317ce01&is_native=4&real_bid=0.00033092206819364923&original_bid_usd=0.0006468040000000001&original_bid=0.0006468040000000001&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F118.0.5993.88%20Safari%2F537.36&ip_mismatch=2a00:1630:2:1c03::9&geo=NL&carrier=-&label_ids=114,108,0&need_redirect_show=0&applied_features=feed_timeout_350,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.0006468040000000001&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Amsterdam&topics=&historical_keywords=&pop_cpc=0.0006468040000000001&pattern1=38&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&mlc=1&cpa=cf89cdcd-137a-4889-90c8-d23f3d15eed0
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ Frame 5BBF 790 B
948 B 140ms
47ms Image
image/webp 78.47.199.210
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=38&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&cpa=1c9ef2c0-3850-4f46-8869-8de50e0c83a2
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.210 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.210.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ Frame 5BBF 790 B
947 B 141ms
47ms Image
image/webp 78.47.199.210
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.210 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.210.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 /
cc363782e3.03a17e7986.com/in/show/ 0
201 B 120ms
45ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc363782e3.03a17e7986.com/in/show/?tag_ab=d&site_id=31293804&adblock=0&testab=1&auction_host=&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip&ssp=3964&page=https%3A%2F%2Fwww.onscreens.me%2Fe92b4120-5d50-11ee-af82-ca29b77277e2%2F_yuki-www-09-27-2023-15-56-04-stripchat&refdom=www.onscreens.me&auction_time=1697907781&subid=483020946&sid=1323989015&tcid=0&ver=8.108.0&ver_c=&spot_id=293804&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-10-21&iabcat=IAB25-3&keywords=squirting,adult&user_fp=5093418656179705351&score=76.65520692050688&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D483020946%26spot_id%3D293804%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.onscreens.me%252Fe92b4120-5d50-11ee-af82-ca29b77277e2%252F_yuki-www-09-27-2023-15-56-04-stripchat%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D483020946%26spot_id%3D293804%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwww.onscreens.me%252Fe92b4120-5d50-11ee-af82-ca29b77277e2%252F_yuki-www-09-27-2023-15-56-04-stripchat%26idzone%3D0%26sid%3D1886&icons=lTJlecvaea0p0J5rPk9mCwQvd5oCU9modqMegUM5Sr-MiKnebh8t_bAznYHiIedpChKNtIwCqmwa1ugaYVtOYyBstvsAb_HqGjlHvOnucCWFeDgA_QEJpilEUuU3H46ec1gEe1BfQfTgvc35aQ9cdJl2yC3gn9a0Rm7R47944HI2Mmtx8Q&ext_cid=0&px_id=293804&min_cpm=0.015427624325271644&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=4141888061908291925&skin_id=82&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.007893181472337129&cpm=0&verify_hash=9c821df36ce67aeacff2be381f5163f1&is_native=4&real_bid=0.00033092206819364923&original_bid_usd=0.0006468040000000001&original_bid=0.0006468040000000001&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F118.0.5993.88%20Safari%2F537.36&ip_mismatch=2a00:1630:2:1c03::9&geo=NL&carrier=-&label_ids=114,108,0&need_redirect_show=0&applied_features=feed_timeout_350,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.0006468040000000001&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Amsterdam&topics=&historical_keywords=&pop_cpc=0.0006468040000000001&pattern1=38&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=multiOS-view-t_r-body&mlf=1&cpa=ed944a3f-bae7-4f68-9c91-442b9e44118d
Requested by: Host: www.onscreens.me
URL: https://www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2/_yuki-www-09-27-2023-15-56-04-stripchat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 banner.gif
videocdnmetrika.com/ads/ Frame 7421 42 B
412 B 33ms
31ms Image
image/gif 2606:4700:3034::ac43:aba9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://videocdnmetrika.com/ads/banner.gif
Requested by: Host: videocdnmetrika.com
URL: https://videocdnmetrika.com/f.php?sid=212040
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:aba9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://videocdnmetrika.com/f.php?sid=212040
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
cf-cache-status: HIT
last-modified: Tue, 05 Jul 2022 17:05:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3346
etag: "62c46f48-2a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gk8%2FCjFbo8V9WCQhp5Q14WKRdHmw9vbANZ3fKSLFIcLuINeXdFH9EEkTA9hapvkAj4RqhPwpYn92BQztWrApOLrtIJRVxlXjTXiHa8mZkBZv1mrJM2nqhGZBt%2BaF%2B%2BmuDJSzuQQhAq0WNKqs0u0Eoso"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 819b12587e77b75b-AMS
alt-svc: h3=":443"; ma=86400
content-length: 42

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ Frame 7421 213 KB
86 KB 98ms
42ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Host: videocdnmetrika.com
URL: https://videocdnmetrika.com/f.php?sid=212040

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6155b51ad29bb8956453039041242c07dd623b69bbce302f78205875c708a4f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://videocdnmetrika.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 30922
x-jsd-version: 1.297.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230100-FRA, cache-ams21046-AMS
x-jsd-version-type: version
server: cloudflare
etag: W/"35583-H/w6ccmT3Pu8Fd7Oq0d/+szoDaY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JQcb748ZCO96zUeuaznZQ51MrJiP67w606v%2BaxaBZ57IrrmkSBiXGCgSHg3ALzycRbS58F3Q4teS9ypov%2B2dATc%2BwUCKBZ3MnFyEujok1Tvd4xDJd5MgS%2Babo93f44ftMMODEqVWS2h9dRPDLeo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 819b1258cc1f66af-AMS

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ Frame 7421 43 B
187 B 78ms
78ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: videocdnmetrika.com
URL: https://videocdnmetrika.com/f.php?sid=212040

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://videocdnmetrika.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 20 Oct 2023 11:55:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65326ac9-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 21 Oct 2023 18:03:02 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/90175160/ Frame 7421
Redirect Chain

https://mc.yandex.ru/watch/90175160?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3...
https://mc.yandex.ru/watch/90175160/1?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv...

427 B
816 B

69ms
68ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/90175160/1?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhchtfcedhsff42qn%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A474108378081%3Ahid%3A666199240%3Az%3A120%3Ai%3A20231021190302%3Aet%3A1697907783%3Ac%3A1%3Arn%3A112455856%3Arqn%3A1%3Au%3A1697907783644683904%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C56%2C126%2C1%2C0%2C0%2C%2C33%2C0%2C%2C%2C%2C240%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907782214%3Arqnl%3A1%3Ast%3A1697907783%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Requested by

Host: videocdnmetrika.com
URL: https://videocdnmetrika.com/f.php?sid=212040

Protocol

Server

2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

30a7fa2eb86106bee7b5f4ff8558118ff005c1494eeee62bb86236bd97ec697f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://videocdnmetrika.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 21-Oct-2023 17:03:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://videocdnmetrika.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 427
x-xss-protection: 1; mode=block
expires: Sat, 21-Oct-2023 17:03:02 GMT

Redirect headers

pragma: no-cache
date: Sat, 21 Oct 2023 17:03:02 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 21-Oct-2023 17:03:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/90175160/1?wmode=7&page-url=https%3A%2F%2Fvideocdnmetrika.com%2Ff.php%3Fsid%3D212040&page-ref=https%3A%2F%2Fvideo.q34r.org%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aetku62lhchtfcedhsff42qn%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1141%3Acn%3A1%3Adp%3A0%3Als%3A474108378081%3Ahid%3A666199240%3Az%3A120%3Ai%3A20231021190302%3Aet%3A1697907783%3Ac%3A1%3Arn%3A112455856%3Arqn%3A1%3Au%3A1697907783644683904%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C56%2C126%2C1%2C0%2C0%2C%2C33%2C0%2C%2C%2C%2C240%3Aco%3A0%3Acpf%3A1%3Ans%3A1697907782214%3Arqnl%3A1%3Ast%3A1697907783%3At%3A&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29
access-control-allow-origin: https://videocdnmetrika.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 21-Oct-2023 17:03:02 GMT

GET
H2 200 zxwk7krOl5 Show response
marazma.com/sub/ Frame B8F2 233 B
586 B 174ms
97ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marazma.com/sub/zxwk7krOl5
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02c5f57a077940444e91a2e72b8cdeefb95ae3e30822371c8161be3f04d2bda4

Request headers

Referer: https://video.q34r.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 819b125c689db950-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6GICsGzAMEzs8nUgq7BsOrd%2BUYcjTURsLqzLCmHeHGiUB6KqtjgX9wSRyG%2BicpJSdPMwz3s70X17uoFxNnveW0Z7ybb5uI1p6DuYKVu5AzbbF27Xw%2BZIzwvEucpBlvpJLXIS2CLzO8EaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 ED05GzY Show response
xml.popmansion.com/sub/ Frame 2426 233 B
596 B 160ms
91ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.popmansion.com/sub/ED05GzY
Requested by: Host: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e92c85ca0c0ac78a1428bfaf1420a7eb42ae95004ea9566a7061380934e20faa

Request headers

Referer: https://video.q34r.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 819b125c5a0fb8ca-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71pbVWSJzXwo1lgUfPCuhrgIanM6vNzNHWUfiyUxY92a27gGZSBIllBWw6a43XdQ3wW6Ir%2B%2BQRYab84aW5J67L6abYO%2FjQ2FwziaSWP4DrbHGU71RaikycuvDvV7ORaigh6eoNSwpVRCBCA22qbum2E%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1

200
OK

redirect Show response
xml.xmlwiz.com/ Frame 2426
Redirect Chain

https://xml.popmansion.com/load
https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092

0
165 B

413ms
199ms

Document
text/plain

174.137.133.17
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.17 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://xml.popmansion.com
Referer: https://xml.popmansion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: keep-alive
Content-Length: 0
Date: Sat, 21 Oct 2023 17:03:03 GMT
Pragma: no-cache
Server: nginx

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 819b125d0ab8b8ca-AMS
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:03 GMT
location: https://xml.xmlwiz.com/redirect?feed=598894&auth=FqgVMV&pubid=196092
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDB77lZ56IeKLRC6bELpcfRf1lAYptMJ4atxThU4IKxBL%2BhNWhVmzC1PdddkMz9zXfsmTzBMVhobKdldnlqH%2BhI9qmkMvQUrdPCl4YgAVhCx4faPgCFJjDaY0mpxJA3rH0Eo6%2Fezrw8VTc8ZBU%2FOLO0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1

200
OK

redirect Show response
xml.poprtb.com/ Frame B8F2
Redirect Chain

https://marazma.com/load
https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420

0
165 B

330ms
108ms

Document
text/plain

174.137.133.17
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.17 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://marazma.com
Referer: https://marazma.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: keep-alive
Content-Length: 0
Date: Sat, 21 Oct 2023 17:03:03 GMT
Pragma: no-cache
Server: nginx

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 819b125d094db950-AMS
content-type: text/html; charset=utf-8
date: Sat, 21 Oct 2023 17:03:03 GMT
location: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9uK%2BHMCImyBddgtAIUYaLWBcekTbJKeGoG%2Bet1hEg7jHJd68avhSNJOfyNCth73pL8uNrcNFBxsvJ7a0VQTCMMIX%2FqXVy4yGsdzaUaJRAXDa%2B4a9T1vNp8E0zn41Z9bdns2V4JQlWw4Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000494

Domain: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1005493

Domain: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000493

Domain: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=1000049

Domain: video.q34r.org
URL: https://video.q34r.org/ad/top/popunder.js

Domain: video.q34r.org
URL: https://video.q34r.org/player/embed_player.php?vpn=1&vid=1

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.onscreens.me/e92b4120-5d50-11ee-af82-ca29b77277e2	1969-12-31 23:59:59	Name: asgfp Value: 078d5f5fd34fcc8ca2626115fbd4c3ca
pasbstbovc.com/	1970-01-21 01:13:01	Name: CHCK Value: 1
pasbstbovc.com/	1970-01-21 01:13:01	Name: UID Value: 2310211203d26b0e76da0546ee8f48e64166
www.onscreens.me/	1970-01-21 01:04:22	Name: _pk_id.8.07bd Value: 25c19485a162b3aa.1697907780.
www.onscreens.me/	1970-01-20 15:38:29	Name: _pk_ses.8.07bd Value: 1
blow.week1time.com/	1970-01-21 01:14:27	Name: nauid Value: gw3IGv030bWcMKgD9ZN7
.onscreens.me/	1970-01-21 01:14:27	Name: _ga_LCHG5KSTPG Value: GS1.1.1697907780.1.0.1697907780.0.0.0
.onscreens.me/	1970-01-21 01:14:27	Name: _ga Value: GA1.1.1214627659.1697907781
video.q34r.org/	1970-01-21 01:14:27	Name: uid Value: xejqdoCHYqLNAxzm3uxAe3ucdzSOipGv
.yandex.ru/	1970-01-21 01:14:27	Name: i Value: Fn7aCtmXYldvbNk1/ZkE3zNCsjQVXt+ZfGuBaWqOHL0AzMKevNa0AXNqeuF1cA+wWjctmWGkHjIRJhzoQuUWk+3cqRc=
.yandex.ru/	1970-01-21 00:24:03	Name: yandexuid Value: 8998188931697907780
.jads.co/	1970-01-21 00:24:03	Name: surferid Value: bf61d9500635c3a8f8e1de84dbe416b1
.jads.co/	1970-01-20 15:42:46	Name: juicy_data Value: YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
.onscreens.me/	1970-01-21 00:24:03	Name: _ym_uid Value: 1697907781509982295
.onscreens.me/	1970-01-21 00:24:03	Name: _ym_d Value: 1697907781
.mc.yandex.com/	1970-01-20 15:38:28	Name: sync_cookie_csrf Value: 397961606fake
.onscreens.me/	1970-01-20 15:39:39	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 15:38:28	Name: sync_cookie_csrf Value: 3251617897fake
chaturbate.com/	1970-01-20 15:45:39	Name: u_x1Rd Value: 1
chaturbate.com/	1969-12-31 23:59:59	Name: us_x1Rd Value: 1
.chaturbate.com/	1970-01-20 16:21:39	Name: affkey Value: "eJwdjDsKgDAQRK8iW4tBS2vBWm+gyYr/hOyKinh3Gbt5M495SKlM6MpbR2lCdgvAupq5AWtcwKvo2m8sNjL7XbBE9KNqkNKY4E+O7Po7mzsnmfUGSjcMkIrRqx4o/u8iR5TJAej9AJcFJQY="
.chaturbate.com/	1969-12-31 23:59:59	Name: fromaffiliate Value: 1
chaturbate.com/	1970-01-20 15:38:49	Name: noads Value: 1
.chaturbate.com/	1970-01-21 01:14:27	Name: sbr Value: sec:sbr9c711ef8-9f22-4649-81ff-1d8b6fc61a83:1quFNN:9YmqH79HuHWx4WS1-CFBwx__A98
.chaturbate.com/	1970-01-20 15:38:29	Name: __cf_bm Value: raXZyULkHJtsPh0lM3Iy5f9lQtydlt1yZnyTMDhTHN8-1697907781-0-ATxSZRdNUCkGwTEPL2xVIjZAN8X0egmLPeAw/IGvkmdneUIH60Uh3EPLxtt4QHMkZBABG19YrAFjqdg19zqRj6Q=
.yandex.com/	1970-01-21 00:24:03	Name: yandexuid Value: 8998188931697907780
.yandex.com/	1970-01-21 00:24:03	Name: yuidss Value: 8998188931697907780
.yandex.com/	1970-01-21 01:14:27	Name: i Value: Fn7aCtmXYldvbNk1/ZkE3zNCsjQVXt+ZfGuBaWqOHL0AzMKevNa0AXNqeuF1cA+wWjctmWGkHjIRJhzoQuUWk+3cqRc=
.yandex.com/	1970-01-21 01:14:27	Name: yp Value: 1697994181.yu.2783620511697907781
.mc.yandex.com/	1970-01-20 15:39:54	Name: sync_cookie_ok Value: synced
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 824348611697907781
.yandex.com/	1970-01-21 00:24:03	Name: ymex Value: 1700499781.oyu.2783620511697907781#1729443781.yrts.1697907781
.yandex.com/	1970-01-21 00:24:03	Name: bh Value: KgI/MA==
fp.metricswpsh.com/	1970-01-21 00:24:03	Name: id Value: 17963221461898416895
.jads.co/	1970-01-20 15:39:54	Name: imps8605 Value: 1
.onscreens.me/	1970-01-20 15:38:29	Name: _ym_visorc Value: b
.highwebmedia.com/	1969-12-31 23:59:59	Name: _cfuvid Value: M478oGGAjEUP5MP1Y3vK8fYLmImf_pj8BFZJTOvYRzU-1697907781522-0-604800000
.jads.co/	1970-01-20 15:39:54	Name: imps12957 Value: 1
.jads.co/	1970-01-20 15:39:54	Name: imps42805 Value: 1
.jads.co/	1970-01-20 15:42:46	Name: juicy_data_1 Value: YToxOntpOjExODA0MDY7aToxNjk4MTY2OTgwO30%3D
.chaturbate.com/	1970-01-21 00:24:03	Name: cf_clearance Value: jMrCjqPl6_N4VKdWJDRG1quFlxz5kYQfODMh2sJYN6c-1697907781-0-1-a826793e.dac7f4d9.4513e7e0-0.2.1697907781
.q34r.org/	1970-01-21 00:24:03	Name: _ym_uid Value: 169790778273344780
.q34r.org/	1970-01-21 00:24:03	Name: _ym_d Value: 1697907782
.q34r.org/	1970-01-20 15:39:39	Name: _ym_isad Value: 2
.yadro.ru/	1970-01-21 00:22:51	Name: FTID Value: 1bD0H62L0Euf1bD0H60039EG
.videocdnmetrika.com/	1970-01-21 00:24:03	Name: _ym_uid Value: 1697907783644683904
.videocdnmetrika.com/	1970-01-21 00:24:03	Name: _ym_d Value: 1697907783
.yadro.ru/	1970-01-21 00:22:51	Name: VID Value: 0wpKJU2WJ6ef1bD0H60039FA
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 123232421697907782
.yandex.ru/	1970-01-21 00:24:03	Name: yuidss Value: 8998188931697907780
.yandex.ru/	1970-01-21 00:24:03	Name: ymex Value: 1729443782.yrts.1697907782
.yandex.ru/	1970-01-21 00:24:03	Name: bh Value: KgI/MA==
.videocdnmetrika.com/	1970-01-20 15:39:39	Name: _ym_isad Value: 2

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://commentsmodule.com/js/js.load.1.js?1050631816413516 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyw12wGEr3osqRSki80_zMtJ4Cwf2nmHEO_vizZYCCw0fRxGmlX-x90IGx1NWFHRuyrdSsM_pg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S571321991%3A1697907781298392&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://sadjklq.com/netu.php(Line 3) Message: Unrecognized feature: 'bluetooth'.
other	warning	URL: https://sadjklq.com/netu.php(Line 3) Message: Unrecognized feature: 'document-domain'.
other	warning	URL: https://sadjklq.com/netu.php(Line 3) Message: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0348649925.e36e2058e8.com
accounts.google.com
ads.juicyads.me
blow.week1time.com
cc363782e3.03a17e7986.com
cdn.jsdelivr.net
cdn.tapioni.com
cdnjs.cloudflare.com
chaturbate.com
commentsmodule.com
counter.yadro.ru
dns.google
fonts.googleapis.com
fonts.gstatic.com
fp.metricswpsh.com
googleads.g.doubleclick.net
i.jads.co
js.capndr.com
js.juicyads.com
js.wpadmngr.com
js.wpushsdk.com
marazma.com
mc.yandex.com
mc.yandex.ru
na.nawpush.com
nereserv.com
nr.mmcdn.com
nr.static.mmcdn.com
pagead2.googlesyndication.com
pasbstbovc.com
poweredby.jads.co
region1.google-analytics.com
sadjklq.com
static-assets.highwebmedia.com
static.bookmsg.com
statistic.satiq.net
storage.multstorage.com
unpkg.com
video.q34r.org
videocdnmetrika.com
www.googletagmanager.com
www.onscreens.me
xml.popmansion.com
xml.poprtb.com
xml.xmlwiz.com
poweredby.jads.co
video.q34r.org
157.90.84.242
168.119.25.102
174.137.133.17
185.94.237.73
2001:4860:4802:32::36
2001:4860:4860::8844
205.185.216.10
205.185.216.42
212.117.190.201
2600:9000:20b4:d400:c:dd71:23c0:93a1
2606:4700:10::6816:2747
2606:4700:3031::6815:ae
2606:4700:3034::ac43:aba9
2606:4700:3036::6815:b61
2606:4700:3038::6815:ea82
2606:4700::6810:5814
2606:4700::6810:5d2a
2606:4700::6810:7aaf
2606:4700::6811:190e
2606:4700::6812:6528
2606:4700::6812:ca04
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2008
2a00:1450:4001:813::200d
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2003
2a01:4f8:161:6222::2
2a01:4f8:e0:19cb::1
2a02:6b8::1:119
2a06:98c1:3120::3
2a06:98c1:3121::3
45.133.44.25
45.133.44.52
45.133.44.53
78.47.199.210
88.212.202.52
005839f2a9f773c412f6910ff21281f934d1d9c9509cd9c170f72f2bee5f43ef
00f7435a8720af9bcd4a05598ee3393543655992ab98c98cdf8e1029520b3fc1
016bf7afa7b45740d3cd25ade334276169d8dd2d459afb8a1a67d4d771d307ec
02c5f57a077940444e91a2e72b8cdeefb95ae3e30822371c8161be3f04d2bda4
02db30904abc09aeb7ba2a0fa29f91a43bbfdbde2e7e9141cf3163b6fa11f5ca
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
06dd81b34d8c1c9fb977a5a0779f1330e8e85019103c3ba9ae425be57ce38286
08eb57c6f0f295475b2e10544d8cfc9bc69a5d354d3e59f7a15b838536c92125
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0f8a6a06f1ee1a20f072a07b54bfba0584d821dd9d6a9bb6adfdec0cdab07c59
19a8fd22e72dbac7ced6d9f448c8948ac8a4b57f8c3d7b25cc2fc635a5b8bd4a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27dc92858f649d86d922527ded7eebd3f6e775c3b56a25a71a90d56dba259864
2b9882b1d4950f6e9ec65efbef9636a76a43b423302695035cf88b8c44474acd
2d3a96f72fc5651a73af0b87aad70c2cab19fd08b8654f7a59b8f6d410fbd323
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30a7fa2eb86106bee7b5f4ff8558118ff005c1494eeee62bb86236bd97ec697f
31faf194ec0d79384136f86f0552d5793ba55cefc6d5d241a86860d81a59ea7e
34310731b79445f958ec982df1cb3793cea4f125f0a192a110d08203f4015c10
355c9fd38e576a44e1c1daa77282798e9666491b13db20c7710e68e5a3f635c0
39a5ba2492e960fd9548fc47d2f229ab901ca520e0c88dabf25f69f5d41e4c89
3afb02aa8b0b68c7d351e6cc2feeccad7ac7b3f62423c4d646b17575476de62a
3ca8e7c2187c7f9ba24c81efcf46e857f5947124a273bf63b60a5b76288fe5f5
3d4610a2ab69d08e54685d0d3cfcf03ec663bacff8cc89a1e0a2904a7769e641
3d599136c14c20ba202ccab6ae3e283af8ce4460437f1123012139d7f4f839e5
3e3613bb05365d85c84573745f11c8f089bdfc4c05e39ef8cd3f7869ca897a31
3ee6f2be8010f039a09e2a91ec6505c08deb2284c3c7056318ebf05161b56640
419b600e2a3d2523ed458633a946a9a07fcf046077f0ea79f3e435f154f04ee7
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
45bc2ebb82341b0beb20bf20f0318c5f520e782e2c23da5280d26ab94e046013
4a6b32d018ecfb1ce1dcf97a6bdefe64b3bfc801023f0fb004d0a4caf639ae68
4e349f220da64c8a38290c30a8c8522c62dfacee604fb74f9fe1e93fbca1965b
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55613f3e515aadb8a74cf8b75861b53f9db36d38a1ee6d6f75547140cd7b3902
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
5e44b5f4ead12255265a568a7b22b7ca134dee1124d654d1750d96457cd480c3
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
609b1c7f21ddfdec0c7a96665df51237e8725f1374bbe440edb39a96c0a6c7f9
6155b51ad29bb8956453039041242c07dd623b69bbce302f78205875c708a4f9
6b7a38c0a51c7ef68b5ac0a2b0476601b19ff68df4a8438a54a3f63ff778862c
70ec15772848f7f7e583b72cc7ef14556887851ddaf76d6ed3b7bc7228235f11
72b7b42dc1fe022438e97d26a6e9e979ba233d5c6760f54843d666392a73d05b
72d79d0ad9a70ef53c1bab65c588d44bffb1a1b5aba0eb2f9f6a886c4c3aec4f
76dd38660db62e5420ed80d199ae6483edf4fa505c5420ae7303f657f09e591b
77d5d8f9e2e98948910b42cfff6db2091dc2a449747f882e8fc7169add6a30c9
78c25da6082dd620e0fe7f12d7ef6e3c6015304575d9ced465b4e84e15a7d82a
79f018851896dc4c668eb8ec7cf285efe4c02a5b298d6a41999fb86806e1584a
7a900ef99c0d027e9586048adc3e61588a1bbc73a946a8e32b6dc77c209e7526
7f593c7c1aa7170f83a3c07bf697c32101ae890535628f3ff0698ad7d1e0202f
815f8c4dddb2982aacba1ae02e2a1a6996f9ee725576726f76fb31c884913161
818c9c4c368ff40bbc414f8bb3a80990c7208bcf0b45f9d9aa947f1ea2e1eb93
8253842a9198fae5e595ebd897f2341d67806760426ae9549632d3772b75886c
85bb62d7584c39e71e42e5ebeeb58926e01124f4b8b8a9c877642fe831e289c1
886a05e55a7a865cdba97de94ba28d3922411bcbb543896412c4de4ceeef4967
889727ca9e58ccddfc9c0df7031ea9b5fd19b42a15286cc5c380eef5bea350ab
88e33d38aa577708d4cb0230edfddbbc348ed7dd6af3224797bee28eae0f2c7a
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7
8df358ee6ecd6cbb7466f6e31f9529bed03ff78ac08830b35796092ce23d18e9
90d2dbafea80be38fb370ea9fd7f808e0f6d7ffabfe52ccd8832d8a693d8f077
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f
a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e
aa8f18e359ca1be76e4574189e0a4c515660854f4acdeb99fbc905058d779e04
ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001
ae68a5f388382cffaf3dd88f9ce6df05cd065703af5070c562c49315db212d1f
b1e12c59a9b1d3e8447d6a7aeb584101c71751561b98f3f0162f58f1e617c7fb
b237083e67179afdc93e88f8031ab4b71d265053137aca578b2344508f9d2f7d
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
ba98564a72c214676c22b506599d2b06ff16308d66c43d1426f88c6c6443b38c
bc0b356fa010a7d5a85e9b2145a06aec803ece1ecadaf04bf8d4c9a7c5df32c6
be14aa895e5fef6b240ad7bd81a624b522f8cf7b971125896da0bc86dfc81fb9
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
c62a7a718744861f913b590ec5dbaa4101a1ccdbe54dc9ecd48c6659eccc812c
c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f
c94588c2c490281057748a6bc21191dae810fb22ce8cc638b5e3fc7d390eb165
ca4242c1d40c29fce3614de0e47f1fc54fc4a37fc81fe2b8d14ce44d07e2f6d7
d4187a399501e7b0a7d42e5400231c7f676605a9cb566a3447e98a97a1639a51
d4dac3accf8ef08f2b8de9cb80a86dfc4fcbc718545dcb8bd3d0e4e8362c3079
d56b44fa60c6d62f3bb170fb7c12120242c60c3fef165a48ef56e92fb6d93c9d
d96660ffdd36585461fd74d7199e83fb0b02fa5ffa09e61ef6c9a1822ba88e0d
d9dee2c201bbdca906df7b78f5a751226a214b320c7abc2cea98c75438d1ca1b
dbe25559d199e42b282f71901fc6bc50f332c100a69ca73bc7ebb23b9a435887
dc7801416721837530e3c244fea19d26ccce918bac6c22842515ff8f72849533
dcbf5dfb00d36ef58a8a55590c47336218a98b18afaa8644c52cb4b2803eb6ef
dd9b0ebe20068962ae3e34820ae54ec25d48ac54e31114865d02ea8df342b365
e2f1967bd0ff37182a4c0d4af0ae9cb04cdcbd189cec906bc2e2d9e0a36209e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
e92c85ca0c0ac78a1428bfaf1420a7eb42ae95004ea9566a7061380934e20faa
e957ad826b3692f0701ee735e55e436839885f1b0f577e8a8dd6d3c34837eb22
ec16b38c82e8e4ea2e8acb7be2da472d7f8d2eaae8089abbceec71c601a5b58f
ed3078ee7555bdf0c923cb06e15be64dbf86c8a3d697269101989107e0111358
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f140ccf5cbd8bee72a1ccff6b05759fde131c9005e38169132fd1beb24aa3c00
f8558d66b06920086101af9cd668583799844d74a2c7552da9d2d984a6e890b4
f9e5e435e5aa5877bbe306abb79af87ebbabf89e2eb52dd4b3122c2af281c9d5
fcc8ce9811f88009783b34ee73ff5314ce760e0c611c2aaf5c4ef65961b0813e
fe96f13702d4d2a958955b174dc5655f7dcecbae9107dd0d7e9ea4c2a698c494
ff548f546eb7b4719d103206b80b1ddfcf0dacdf8a97c81b00c147ecd0ec2d2e
ff611edaa01dda0db86a5c9fd58932ce19a86b81c4d497c6a06e9c99c9323014

www.onscreens.me Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

134 Requests

90 %HTTPS

68 %IPv6

43 Domains

45 Subdomains

38 IPs

5 Countries

2704 kBTransfer

5315 kBSize

53 Cookies

6 Outgoing links

Redirected requests

134 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.onscreens.me Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

134
Requests

90 %
HTTPS

68 %
IPv6

43
Domains

45
Subdomains

38
IPs

5
Countries

2704 kB
Transfer

5315 kB
Size

53
Cookies

134 HTTP transactions
0 data transactions