oncam.me/151854/c4-bbnikki-mp4/
186.2.163.70301 Moved Permanently 568 B URL HTTP/1.1 oncam.me/151854/c4-bbnikki-mp4/
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /151854/c4-bbnikki-mp4/ HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sat, 04 Feb 2023 12:11:11 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oncam.me/151854/c4-bbnikki-mp4/
Content-Type: text/html; charset=utf8
Content-Length: 568
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15556
Expires: Sat, 04 Feb 2023 16:30:28 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18774
Expires: Sat, 04 Feb 2023 17:24:06 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 11:43:37 GMT
content-type: application/json
age: 1655
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6983
Expires: Sat, 04 Feb 2023 14:07:35 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: N0k39FnQrj4coGQGd/8W82vf4oXIi0gqLs9vue3R6/EzgdYMOf/GBL2sfvMtiMQoi2URYnU8nh0=
x-amz-request-id: 7S7BQAM4MHJXPW1Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 11:52:49 GMT
age: 1103
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c19b66526dabc8aa76b0c4b4e1c8d8b2
0170453af3abd9d02cb3dc4e2b9379e0ddede846
feee5b9aac451f6e9ffc0368a9977bc33a514eb47462c34f64ae7d3eea58a357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEEE5B9AAC451F6E9FFC0368A9977BC33A514EB47462C34F64AE7D3EEA58A357"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12068
Expires: Sat, 04 Feb 2023 15:32:20 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
oncam.me/templates/bootadult4/images/logo.png?t=1622664292
186.2.163.70200 OK 3.3 kB URL HTTP/2 oncam.me/templates/bootadult4/images/logo.png?t=1622664292
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type PNG image data, 156 x 106, 8-bit colormap, non-interlaced\012- data
Hash 931823124f38d29e27fcd3e4a754bb51
9a8db8f862a2686fff596b64ea348beefce7ebb7
506200f8abbdcc53b99af7c467c29da1edd19f69c89c4dc5d853f7c42eb48c10
GET /templates/bootadult4/images/logo.png?t=1622664292 HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 18 Jul 2022 19:43:03 GMT
content-type: image/png
content-length: 3281
last-modified: Wed, 02 Jun 2021 20:04:52 GMT
etag: "60b7e464-cd1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 17339289
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/misc/fluidplayer/fluidplayer.min.css
186.2.163.70200 OK 3.8 kB URL HTTP/2 oncam.me/misc/fluidplayer/fluidplayer.min.css
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (26988), with no line terminators
Hash 9384dc76e5be141863d267cdd81fcb6e
ccb48d60093d4ff231f21f7b9c27a94761741304
f483dbc633f8cb29b1e15201ae5557293f1ac7ee3a54b53ec8fe8bed71c555e4
GET /misc/fluidplayer/fluidplayer.min.css HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 13:38:57 GMT
content-type: text/css
last-modified: Thu, 13 Dec 2018 17:09:17 GMT
vary: Accept-Encoding
etag: W/"5c12923d-696c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 5610735
content-length: 3750
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/1.jpg
186.2.163.70200 OK 35 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/1.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash 5d6a2980cb62c24f04075ad6bacafe73
aa796e354343d3186bb47498fcfcd5c675b56d46
831c1c6a7ca8926c04d06766b4e7388420cfe6e51541b0ca456fe7a0bdcfae6e
GET /media/videos/tmb/000/151/854/1.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 15:02:14 GMT
content-type: image/jpeg
content-length: 34847
last-modified: Tue, 27 Dec 2022 06:12:02 GMT
etag: "63aa8cb2-881f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 248938
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/2.jpg
186.2.163.70200 OK 35 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/2.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash 4e08de4a9ffad3cdbf5182a3a1a1a5bb
0531c29040acb104948a884a9e6b873b15ad2cdd
1f47d0b48f7f68df87a774de0f8d25adff90aa88b2da181466a24ce3fd144b9f
GET /media/videos/tmb/000/151/854/2.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 08:32:19 GMT
content-type: image/jpeg
content-length: 34634
last-modified: Tue, 27 Dec 2022 06:12:03 GMT
etag: "63aa8cb3-874a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 13133
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/3.jpg
186.2.163.70200 OK 33 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/3.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash e7368bd6c8c976f40505081df039480e
52b03726e3c9bc32871c6e3c4e969709eccc38fe
d69617c4a6f35d44611177bbf3cb0067301c77fa5039d9e786aaab3ea6059db4
GET /media/videos/tmb/000/151/854/3.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 04:58:46 GMT
content-type: image/jpeg
content-length: 32623
last-modified: Tue, 27 Dec 2022 06:12:03 GMT
etag: "63aa8cb3-7f6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 198746
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/4.jpg
186.2.163.70200 OK 35 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/4.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash 8bcf280db6caf5ce242fe3a38aaf9330
05118ed2de41dc1c5639f3cdc28ccc96c3e986f6
2ef95b7703fafdb95cc9cc516a54ab92c1043318bdabbd2dded67b50537eb977
GET /media/videos/tmb/000/151/854/4.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 08:32:19 GMT
content-type: image/jpeg
content-length: 35390
last-modified: Tue, 27 Dec 2022 06:12:04 GMT
etag: "63aa8cb4-8a3e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 13133
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/5.jpg
186.2.163.70200 OK 39 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/5.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash ba6f9a0ff2bc21f1adc3cf59f6732a7a
c174278178082821ef878320b404f7abc60258e7
dbbdbb8cc96fa22a7f358f99cd06f4eaf4a06b6ebf29f75319a935a212019f28
GET /media/videos/tmb/000/151/854/5.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 08:32:19 GMT
content-type: image/jpeg
content-length: 38911
last-modified: Tue, 27 Dec 2022 06:12:05 GMT
etag: "63aa8cb5-97ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 13133
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/6.jpg
186.2.163.70200 OK 38 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/6.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash a9ffbd1db47962eb0612c9c69a231777
eb998927c295a3ff6afd1d5cc3d479bb6e821600
bae4e229b2442509318b53d44d51342c749dddb4a8208c5cee9dda4b3682063e
GET /media/videos/tmb/000/151/854/6.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 08:32:19 GMT
content-type: image/jpeg
content-length: 37962
last-modified: Tue, 27 Dec 2022 06:12:05 GMT
etag: "63aa8cb5-944a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 13133
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/7.jpg
186.2.163.70200 OK 36 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/7.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash bddff88333b2cddcb91ab23f5e6fb20d
57e7296153cd25ef24ac39ca829d7d72a1a6d8fd
076d0eb0a3fdf56fcddadd6d0beeea0ed53fbe6699eaac9a44404571c23d68d7
GET /media/videos/tmb/000/151/854/7.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 04:58:46 GMT
content-type: image/jpeg
content-length: 36031
last-modified: Tue, 27 Dec 2022 06:12:06 GMT
etag: "63aa8cb6-8cbf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 198746
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/player.jpg
186.2.163.70200 OK 70 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/player.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 1286x722, components 3\012- data
Hash 5cf20b0d99f4c289545c3be405fb860a
87d56658fb17f429a429fc8166a138ba5e938691
cb696667899d4a091584b3d3c7b0926980279f10a7278afd192f845e3d41525c
GET /media/videos/tmb/000/151/854/player.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: image/jpeg
content-length: 69711
last-modified: Tue, 27 Dec 2022 06:12:08 GMT
etag: "63aa8cb8-1104f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/8.jpg
186.2.163.70200 OK 36 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/8.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash 27987b3bb24b13a312640e4b1395f814
73950b491e3d92aee02e53237e0ff3acad38c5e1
1c2f9297f109bc60798cab1e17e4feaa26b38e3e8307e90cc55cf01cc6fd3f94
GET /media/videos/tmb/000/151/854/8.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 08:32:19 GMT
content-type: image/jpeg
content-length: 36466
last-modified: Tue, 27 Dec 2022 06:12:06 GMT
etag: "63aa8cb6-8e72"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 13133
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/9.jpg
186.2.163.70200 OK 34 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/9.jpg
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 300x226, components 3\012- data
Hash 7574f38272ce884a778df96aec235ce6
92e6d2bc306f18143bd9589ee3c096b4a0344368
ca808ec135b491a601a4c8b3e02b7a66c6db4d4a976332fffc9d56133179afba
GET /media/videos/tmb/000/151/854/9.jpg HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 07:37:27 GMT
content-type: image/jpeg
content-length: 34049
last-modified: Tue, 27 Dec 2022 06:12:07 GMT
etag: "63aa8cb7-8501"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 16425
ddg-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oncam.me/templates/bootadult4/js/all.min.js?t=1674418730
186.2.163.70200 OK 33 kB URL HTTP/2 oncam.me/templates/bootadult4/js/all.min.js?t=1674418730
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (41849)
Hash 1e94c5ac5050492d387852975cb887ca
fb0768a62b6cf39eefb40eb15ce4dcbb623fb29c
1e7a4279d2e8624273a5f18bdd44d44590b0d7869e1bb9e01acb2fd060b22f6e
GET /templates/bootadult4/js/all.min.js?t=1674418730 HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 20:18:50 GMT
content-type: application/javascript
last-modified: Sun, 22 Jan 2023 20:18:50 GMT
vary: Accept-Encoding
etag: W/"63cd9a2a-17a5a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1093942
content-length: 32904
ddg-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7d482750bf7fdfcaa38c0efd583ef4dc
a4f68a124e4be130bc838e70f23fd4c6d2f4ef2d
5e6f1cadf4bc425664bb26fa2b384cf13900461b689c77d0916b1d2edd41337c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oncam.me/misc/jquery3/jquery.min.js
186.2.163.70200 OK 31 kB URL HTTP/2 oncam.me/misc/jquery3/jquery.min.js
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (65451)
Hash 47b12b811b01fd5badcda20286743284
711ff45559e1ca0f7b5003b5dbd6b31330c3029c
9bdd59163297549d3c6499ddbb46cbd5ed52bce5e989494005b971494c18b0a8
GET /misc/jquery3/jquery.min.js HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 15:42:19 GMT
content-type: application/javascript
last-modified: Wed, 01 May 2019 21:14:27 GMT
vary: Accept-Encoding
etag: W/"5cca0c33-15851"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 5603333
content-length: 30919
ddg-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 766a6fdd090edee8009b0bff43218a59
65db763709927f3736ef92b5873e8c8b601e8a16
413bb29ba3d71743bb625efd445aa2fdb45249e2b0e52211ecb6c1b38f4c9549
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "413BB29BA3D71743BB625EFD445AA2FDB45249E2B0E52211ECB6C1B38F4C9549"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5949
Expires: Sat, 04 Feb 2023 13:50:21 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
oncam.me/misc/popper/umd/popper.min.js
186.2.163.70200 OK 7.5 kB URL HTTP/2 oncam.me/misc/popper/umd/popper.min.js
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (20989)
Hash cce0f819119a48c89ca9e5dbe325a343
b7da90ad1613001a05377c578dd7ac8e3a9e2605
37a9f2867c2f79eaf6c5a1a11c809581e38ece0d1f5288e868040468f4f2a814
GET /misc/popper/umd/popper.min.js HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 01 Dec 2022 15:42:19 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2019 13:25:58 GMT
vary: Accept-Encoding
etag: W/"5ca605e6-52aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 5603334
content-length: 7541
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/misc/bootstrap4/js/bootstrap.min.js
186.2.163.70200 OK 15 kB URL HTTP/2 oncam.me/misc/bootstrap4/js/bootstrap.min.js
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (57791)
Hash 17b10a7fc31d7627e474173d8c005a80
526c78ccdf292af35ad78bf2de94304134208e3b
8d2582b152867612d7818f02007c63c9b33bd1e69f9e2809359204b59f3dfa60
GET /misc/bootstrap4/js/bootstrap.min.js HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 08 Dec 2022 06:27:21 GMT
content-type: application/javascript
last-modified: Wed, 13 Feb 2019 14:47:50 GMT
vary: Accept-Encoding
etag: W/"5c642e16-e2d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 5031832
content-length: 15309
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/misc/fluidplayer/fluidplayer.min.js
186.2.163.70200 OK 19 kB URL HTTP/2 oncam.me/misc/fluidplayer/fluidplayer.min.js
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 76d3c97927dfe82131eb7340ee38e19f
e7a7ebcf157c3ea43a0348497174e50c087269b2
9f4eeb335cbcaec7b9cbc82cf9f0f42765aaf4f26434bc0b1cc558d498f3f540
GET /misc/fluidplayer/fluidplayer.min.js HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 08 Dec 2022 06:27:19 GMT
content-type: application/javascript
last-modified: Thu, 13 Dec 2018 17:09:17 GMT
vary: Accept-Encoding
etag: W/"5c12923d-159a7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 5031834
content-length: 19092
ddg-cache-status: HIT
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-132886189-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-132886189-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash ea3ad8f390ac03073fa06b38a603dcd9
0e12f48213a11dc022a595f8f172bdf6a24683c2
78b2fe20942e60d5560261a951caeac61b9e2da144b7465224fdb8d46f352c27
GET /gtag/js?id=UA-132886189-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 Feb 2023 12:11:12 GMT
expires: Sat, 04 Feb 2023 12:11:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43922
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
iogjhbnoypg.com/t/9/fret/meow4/1906939/d83a5727.js
62.122.171.6200 OK 29 kB URL HTTP/2 iogjhbnoypg.com/t/9/fret/meow4/1906939/d83a5727.js
IP 62.122.171.6:0
Hash 704bc1369d83f265c170cc31dd337e53
a9f419616ffd29922cccfa73158a8e99fdbcddd1
1ce3f901d9685d2c7df49e19673a4c3020f71e35c585e61e276869734b314c20
Analyzer Verdict Alert quad9 Sinkholed
GET /t/9/fret/meow4/1906939/d83a5727.js HTTP/1.1
Host: iogjhbnoypg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: application/javascript
last-modified: Tue, 31 Jan 2023 12:39:48 GMT
vary: Accept-Encoding
etag: W/"63d90c14-120a1"
x-js-ab1: var3
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 1.1 kB IP 216.58.211.3:0
File type gzip compressed data, max compression\012- data
Hash 3d4e323b90916702a6ac1e74c1f4df7e
26d526f25d55ae601ed3647512a4ee0725eef909
49498d87b411b91c267af256b559e016a1be2ed802fc594629cda6a8d0cbc00d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d3e57a5d22e381083fdd2435c4cff5e3
25fb0e27c01dc01b8e80a5f5cc14d5751ff04b04
b3cb6e61a8420a064492df1def7083e4b44ae9bc2b95d35f762410dfa0ebabe8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:12 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 00:13:57 GMT
Expires: Fri, 10 Feb 2023 00:13:56 GMT
Etag: "25fb0e27c01dc01b8e80a5f5cc14d5751ff04b04"
Cache-Control: max-age=474763,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79434ebb7a96b4ff-OSL
js.wpadmngr.com/static/adManager.js
45.133.44.24200 OK 942 B URL HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 52bf26d5bfddc32b7ebd2e32517b1ea7
66b163bcca761a9b06939d77249ebc132046e3b0
6368bf85af46e29e229ca9489c0b91ebb32646215373e5603b4c78e74f19ae30
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Sat, 04 Feb 2023 12:16:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
iogjhbnoypg.com/solid.gif?z=1906939&abvar=3
62.122.171.6200 OK 43 B URL HTTP/2 iogjhbnoypg.com/solid.gif?z=1906939&abvar=3
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1906939&abvar=3 HTTP/1.1
Host: iogjhbnoypg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9220
Expires: Sat, 04 Feb 2023 14:44:52 GMT
Date: Sat, 04 Feb 2023 12:11:12 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d3e57a5d22e381083fdd2435c4cff5e3
25fb0e27c01dc01b8e80a5f5cc14d5751ff04b04
b3cb6e61a8420a064492df1def7083e4b44ae9bc2b95d35f762410dfa0ebabe8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 00:13:57 GMT
Expires: Fri, 10 Feb 2023 00:13:56 GMT
Etag: "25fb0e27c01dc01b8e80a5f5cc14d5751ff04b04"
Cache-Control: max-age=474763,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79434ebe0e55b4ff-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 05713cb6ce653c4668edbc049283a25b
f9a8eda042db3c5a4cc43328d9baf93d4905f516
7e5236cc298e60f0359724835ba5c456bda891ceb2b24d6654cfd02b9b3d1074
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:56:05 GMT
Expires: Thu, 09 Feb 2023 20:56:04 GMT
Etag: "f9a8eda042db3c5a4cc43328d9baf93d4905f516"
Cache-Control: max-age=601660,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1098
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ebeebd80b69-OSL
oncam.me/favicon.ico
186.2.163.70200 OK 1.1 kB IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel\012- data
Hash c589289c329d486e2bf215b999df3013
85e44ad570ded09c2135430720f601a2b45541df
c94ca1a051c94fa83055d83e26b426c3a71be09006e78b4d6208f87f9ea9d9b6
GET /favicon.ico HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 08 Dec 2022 06:27:21 GMT
content-type: image/x-icon
last-modified: Thu, 26 Nov 2020 19:00:06 GMT
etag: W/"5fbffb36-28de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 5031832
content-length: 1122
ddg-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 05713cb6ce653c4668edbc049283a25b
f9a8eda042db3c5a4cc43328d9baf93d4905f516
7e5236cc298e60f0359724835ba5c456bda891ceb2b24d6654cfd02b9b3d1074
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:56:05 GMT
Expires: Thu, 09 Feb 2023 20:56:04 GMT
Etag: "f9a8eda042db3c5a4cc43328d9baf93d4905f516"
Cache-Control: max-age=601660,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1098
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ebeef651bfa-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 05713cb6ce653c4668edbc049283a25b
f9a8eda042db3c5a4cc43328d9baf93d4905f516
7e5236cc298e60f0359724835ba5c456bda891ceb2b24d6654cfd02b9b3d1074
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:56:05 GMT
Expires: Thu, 09 Feb 2023 20:56:04 GMT
Etag: "f9a8eda042db3c5a4cc43328d9baf93d4905f516"
Cache-Control: max-age=601660,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1098
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ebefbe20b69-OSL
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 04 Feb 2023 12:11:13 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 05713cb6ce653c4668edbc049283a25b
f9a8eda042db3c5a4cc43328d9baf93d4905f516
7e5236cc298e60f0359724835ba5c456bda891ceb2b24d6654cfd02b9b3d1074
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:56:05 GMT
Expires: Thu, 09 Feb 2023 20:56:04 GMT
Etag: "f9a8eda042db3c5a4cc43328d9baf93d4905f516"
Cache-Control: max-age=601660,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1098
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ebef8d40afe-OSL
iogjhbnoypg.com/get/1906939?zoneid=1906939&jp=_clo1dw82lbic5bfprh7zgv&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2924556167988805
62.122.171.6200 OK 2.6 kB URL HTTP/2 iogjhbnoypg.com/get/1906939?zoneid=1906939&jp=_clo1dw82lbic5bfprh7zgv&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2924556167988805
IP 62.122.171.6:0
File type ASCII text, with very long lines (3964)
Hash f0b71c4534e7ef7446417cfb23c86846
fdd77a6c23203f76bab6e8a389c8e93917c6b227
324090e379c93487355b029d7c79540ed8e0cff287fec1394d52d1058b8aabb5
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1906939?zoneid=1906939&jp=_clo1dw82lbic5bfprh7zgv&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2924556167988805 HTTP/1.1
Host: iogjhbnoypg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=23020407118202da7d37b04871947668f315; Path=/; Expires=Sun, 04 Feb 2024 12:11:13 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9509a8b9d94a0f0d5b1a93046705434b
33b9b4338dd331b1388cacb2c1abcfab6b4a4990
533dd947d8e64ca2fc18c0c5e8f1301ffca07edc431d6ec84ad946f0987e2e1d
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 06:25:38 GMT
Expires: Fri, 10 Feb 2023 06:25:37 GMT
Etag: "33b9b4338dd331b1388cacb2c1abcfab6b4a4990"
Cache-Control: max-age=601193,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 172
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ebef81fb50c-OSL
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 04 Feb 2023 12:16:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4817080&cookieconsent=true&tags=null
95.211.229.245200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4817080&cookieconsent=true&tags=null
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1514)
Hash b55b680f3354b31fd5a78d4143c71c85
be51c2a3618da6c722cf07d47b179322e04a9feb
96c6cee122e287d210cbbe659fb59bc86c2aefd080447ec0c96cc01d5570adb2
GET /splash.php?idzone=4817080&cookieconsent=true&tags=null HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263de4b6139e776.30076574586595284%22%3B%7D; expires=Mon, 03 Feb 2025 12:11:13 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4817080%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Concam.me%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 12:11:13 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://oncam.me
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?idzone=4817076&cookieconsent=true&tags=null
95.211.229.245200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4817076&cookieconsent=true&tags=null
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1510)
Hash 67982278ef7abd597cc60e5c86df0f7f
e25f2119ba2358dfb61be9c8cc4d3a4713425b5b
2f6e7ce8fbc04b27ae7cf389b209fa36fb0fe9c52617b3fd6998fed7a0655ae6
GET /splash.php?idzone=4817076&cookieconsent=true&tags=null HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de4b6137ce42.540080391546641134%22%3B%7D; expires=Mon, 03 Feb 2025 12:11:13 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4817076%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Concam.me%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 12:11:13 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://oncam.me
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/splash.php?idzone=4817078&cookieconsent=true&tags=null
95.211.229.245200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4817078&cookieconsent=true&tags=null
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1510)
Hash 6119daa9f4ab4afa1ae025e19e0a32fe
9c519e0e2cb830d7246d82e3fadfc57958634fb8
ce4b572fb7906a895272af8303a7be4d09c558cfccfd9ca645786232b789d4b0
GET /splash.php?idzone=4817078&cookieconsent=true&tags=null HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263de4b6139cc54.910600981763617602%22%3B%7D; expires=Mon, 03 Feb 2025 12:11:13 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4817078%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Concam.me%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 05 Feb 2023 12:11:13 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://oncam.me
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
oncam.me/misc/bootstrap4/css/bootstrap-extra.min.css
186.2.163.70200 OK 11 kB URL HTTP/2 oncam.me/misc/bootstrap4/css/bootstrap-extra.min.css
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (65324)
Hash 0f020aa812d1aed90568fb9cdbe1ee20
90f3208abf64859a0105de771db5721075d00048
d34003eece021bb7df3d74161d18306640ea95d845e3c098ca28f1bed807d587
GET /misc/bootstrap4/css/bootstrap-extra.min.css HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 15 Jan 2023 02:09:10 GMT
content-type: text/css
last-modified: Tue, 19 Nov 2019 20:36:18 GMT
vary: Accept-Encoding
etag: W/"5dd45242-1028e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 1764123
content-length: 10579
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/misc/font-awesome/css/font-awesome.min.css
186.2.163.70200 OK 6.7 kB URL HTTP/2 oncam.me/misc/font-awesome/css/font-awesome.min.css
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (30837)
Hash 08db2b29b53595300dc9c723d5b44803
5483ecb58e59824b7230acd885fb0087700de98e
8e47dec439aa489418f7464d57fa78cd94de12ad06f76244a1f6affbeaa90dc1
GET /misc/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 26 Nov 2022 15:21:47 GMT
content-type: text/css
last-modified: Thu, 22 Dec 2016 20:50:34 GMT
vary: Accept-Encoding
etag: W/"585c3c9a-7918"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 6036566
content-length: 6687
ddg-cache-status: HIT
X-Firefox-Spdy: h2
oncam.me/templates/bootadult4/css/all-dark.min.css?t=1674418730
186.2.163.70200 OK 9.5 kB URL HTTP/2 oncam.me/templates/bootadult4/css/all-dark.min.css?t=1674418730
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (48489), with no line terminators
Hash f44d52487082ceef75ec3483acdf8884
a9a3e37fdacc9f5829f02609b011c90a24f51026
41f5f30f9ef33d360881cd7eb60967fa6f22f1572c5ae7f5a2f93b0d60474312
GET /templates/bootadult4/css/all-dark.min.css?t=1674418730 HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 20:18:51 GMT
content-type: text/css
last-modified: Sun, 22 Jan 2023 20:18:50 GMT
vary: Accept-Encoding
etag: W/"63cd9a2a-bd69"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1093942
content-length: 9494
ddg-cache-status: HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.216.49.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.49.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bILQL5ugt1UvtUfJ6z0P9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WlBoQm7zQlfrj836hNtYZb0UWlY=
oncam.me/misc/fluidplayer//scripts/webvtt.min.js
186.2.163.70200 OK 3.1 kB URL HTTP/2 oncam.me/misc/fluidplayer//scripts/webvtt.min.js
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type Unicode text, UTF-8 text, with very long lines (8851), with no line terminators
Hash ff586b8dbc29e5d28ea2f73a336e3bfb
36cb92df7574b8d238d8de505385ccbfff67bf32
b83409762f7673c5b0b4b58ba53a7b4f99976702cb2ec8ee9ccd29631ea6d2d8
GET /misc/fluidplayer//scripts/webvtt.min.js HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 17 Oct 2022 09:01:36 GMT
content-type: application/javascript
last-modified: Thu, 13 Dec 2018 17:09:17 GMT
vary: Accept-Encoding
etag: W/"5c12923d-2298"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 9515377
content-length: 3088
ddg-cache-status: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 24c57dcd76408263eed9d9fee3319f2e
7300f10c9091c9e2af64675cf3e07d1386beb899
40965e7af8f031891978635869744848aa149954d839ab69579a87832822e12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40965E7AF8F031891978635869744848AA149954D839AB69579A87832822E12B"
Last-Modified: Thu, 02 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7128
Expires: Sat, 04 Feb 2023 14:10:01 GMT
Date: Sat, 04 Feb 2023 12:11:13 GMT
Connection: keep-alive
a.realsrv.com/video-outstream.js
185.76.9.23200 OK 12 kB URL HTTP/2 a.realsrv.com/video-outstream.js
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (52950), with no line terminators
Hash 8394ae1b872989a52ef059e247f6c061
2a8c34b6fe6c6eeb2d8353d8486bb94a79df259a
526066b7d513c72a640cd8987fc7baacfed66e5a5f12d7e5c35a2703a3041a4a
GET /video-outstream.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: application/javascript
etag: W/"0340be1298a1ece8c30f851e732"
expires: Thu, 02 Feb 2023 18:45:40 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675514819
server: CDN77-Turbo
x-77-nzt: AblMCRRg5Oz/zSEAAA
x-77-nzt-ray: af585630dcb63d9e604bde6347233522
x-cache: HIT
x-age: 8653
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
bngprm.com/promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
185.75.254.28200 OK 2.4 kB URL HTTP/2 bngprm.com/promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
IP 185.75.254.28:0
ASN #48684 Viking Host B.V.
Hash 77a86b4f4767a774e42742aea7309352
4b3ae8bcbfbbc7669ba2beeeb234ab23451943e0
838c0addc890be32b11beacb76b95d6ad8b437c11c1656a9bf8059bcd4e5f198
GET /promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy HTTP/1.1
Host: bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Sat, 04 Feb 2023 12:11:12 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 105
X-Firefox-Spdy: h2
na.nawpush.com/tags/67005?version_name=a
45.133.44.24200 OK 1.0 kB URL HTTP/2 na.nawpush.com/tags/67005?version_name=a
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (1035), with no line terminators
Hash fa530b996d6d0b2b064f225a3a9fdbde
497b2abe9049aecef0e97dabcfa6049162a33178
ffbf8ec945d18cb56e31cfd73a742493a2d77bc09271e27bef1e7022b7fc56b6
GET /tags/67005?version_name=a HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: application/json
content-length: 1035
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
oncam.me/misc/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
186.2.163.70200 OK 77 kB URL HTTP/2 oncam.me/misc/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /misc/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oncam.me/misc/font-awesome/css/font-awesome.min.css
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 22:33:01 GMT
content-type: font/woff2
content-length: 77160
last-modified: Thu, 22 Dec 2016 20:50:33 GMT
accept-ranges: bytes
etag: "585c3c99-12d68"
age: 394692
ddg-cache-status: HIT
X-Firefox-Spdy: h2
limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2302040711fb3de514663341dd9555f74809; Path=/; Expires=Sun, 04 Feb 2024 12:11:13 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
oncam.me/media/videos/tmb/000/151/854/sprite.vtt
186.2.163.70200 OK 21 kB URL HTTP/2 oncam.me/media/videos/tmb/000/151/854/sprite.vtt
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
Hash 1a45bada904df04c37fb85091d232488
2f9557d7ba3f5da91fb729066614c1ec5d982d29
d2294bc94fc64ddf897a83722d83b705f65dad8c5e28b54a9e26468844c5b877
GET /media/videos/tmb/000/151/854/sprite.vtt HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/151854/c4-bbnikki-mp4/
Cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; __atuvc=1%7C5; __atuvs=63de4b8419f11e86000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: application/octet-stream
content-length: 21090
last-modified: Tue, 27 Dec 2022 06:13:16 GMT
etag: "63aa8cfc-5262"
accept-ranges: bytes
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Sat, 04 Feb 2023 12:11:13 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
s7.addthis.com/static/counter.d27508c102582d608697.js
23.38.200.123200 OK 8.3 kB URL HTTP/2 s7.addthis.com/static/counter.d27508c102582d608697.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (24530), with no line terminators
Hash 47fcfb824ad738c29e3195451d5c755e
8a955f27a30f4a8c9cde94567c041040e3c60d61
1508b4ae159e51231031ce58f3a5c31aca11a438f4ea3c12ea3581bbc97f4305
GET /static/counter.d27508c102582d608697.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5fd2"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 8265
date: Sat, 04 Feb 2023 12:11:13 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.78200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 04 Feb 2023 11:45:20 GMT
expires: Sat, 04 Feb 2023 13:45:20 GMT
cache-control: public, max-age=7200
age: 1553
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Cookie: UID=2302040711fb3de514663341dd9555f74809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6524e19e56d6c9cd259c0492547c83ed
d00007d4795151d9fc96f2aecf66c87b1908ba8a
5f4aa0db389f0001cddc1abbf1ba79253892fd9ec25b9bef0a1bd9e1921ba782
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3934
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Last-Modified: Sat, 04 Feb 2023 11:05:39 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1p5/-zTW94IuC1o
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-zTW94IuC1o
IP 216.58.211.3:0
Hash 5fba9617ae39eaf3e54641fde5eda851
b38c2e0ab6736b29bb08b1191cd9f22f729a543a
4b0528f3e2e04d56e2fe41afeae441d238ad1c923a7fbc720aff552497155712
POST /s/gts1p5/-zTW94IuC1o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6524e19e56d6c9cd259c0492547c83ed
d00007d4795151d9fc96f2aecf66c87b1908ba8a
5f4aa0db389f0001cddc1abbf1ba79253892fd9ec25b9bef0a1bd9e1921ba782
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3934
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Last-Modified: Sat, 04 Feb 2023 11:05:39 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3244
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Last-Modified: Sat, 04 Feb 2023 11:17:09 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3244
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Last-Modified: Sat, 04 Feb 2023 11:17:09 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2893
Cache-Control: max-age=104164
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Etag: "63dd33f8-117"
Expires: Sun, 05 Feb 2023 17:07:17 GMT
Last-Modified: Fri, 03 Feb 2023 16:19:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817078&p1=4581850&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817078&p1=4581850&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817078&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 12:11:13 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817078&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLECaqYHxHT48F6; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 11:11:13 GMT; HttpOnly
server: cloudflare
cf-ray: 79434ec35e0fb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817080&p1=4581850&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817080&p1=4581850&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817080&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 12:11:13 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817080&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFnZ88FKQBAxsE; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 11:11:13 GMT; HttpOnly
server: cloudflare
cf-ray: 79434ec38e43b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2dbbadd0fd61e5de103cd6759256b612
52a91eeb99cba9b4d23d32d07cdc0331b9df03d4
26ccac2a0656a00f827eaf042e05d400cd285eefe27ba6031a5009e7e6bc2368
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:38:45 GMT
Expires: Fri, 10 Feb 2023 02:38:44 GMT
Etag: "52a91eeb99cba9b4d23d32d07cdc0331b9df03d4"
Cache-Control: max-age=602812,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 987
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ec3bcc21bfa-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2dbbadd0fd61e5de103cd6759256b612
52a91eeb99cba9b4d23d32d07cdc0331b9df03d4
26ccac2a0656a00f827eaf042e05d400cd285eefe27ba6031a5009e7e6bc2368
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:38:45 GMT
Expires: Fri, 10 Feb 2023 02:38:44 GMT
Etag: "52a91eeb99cba9b4d23d32d07cdc0331b9df03d4"
Cache-Control: max-age=602812,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 987
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ec3b8480b69-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2dbbadd0fd61e5de103cd6759256b612
52a91eeb99cba9b4d23d32d07cdc0331b9df03d4
26ccac2a0656a00f827eaf042e05d400cd285eefe27ba6031a5009e7e6bc2368
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:38:45 GMT
Expires: Fri, 10 Feb 2023 02:38:44 GMT
Etag: "52a91eeb99cba9b4d23d32d07cdc0331b9df03d4"
Cache-Control: max-age=602812,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 987
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ec3bc460afe-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2dbbadd0fd61e5de103cd6759256b612
52a91eeb99cba9b4d23d32d07cdc0331b9df03d4
26ccac2a0656a00f827eaf042e05d400cd285eefe27ba6031a5009e7e6bc2368
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 12:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:38:45 GMT
Expires: Fri, 10 Feb 2023 02:38:44 GMT
Etag: "52a91eeb99cba9b4d23d32d07cdc0331b9df03d4"
Cache-Control: max-age=602812,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 987
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79434ec3be8db50c-OSL
go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817076&p1=4581850&skipOffset=00:00:05
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817076&p1=4581850&skipOffset=00:00:05
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&sourceId=4817076&p1=4581850&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 12:11:13 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817076&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs2GUnUC48LyjS; SameSite=None; Secure; path=/; expires=Sun, 05-Feb-23 11:11:13 GMT; HttpOnly
server: cloudflare
cf-ray: 79434ec38e41b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eventucker.com/script/i.php?t=1&stamat=m%257C%252C%252CgifX43KqoGU3BZ9GH0dEdHP3xP.8b4%252CbS86eC3lLdOy8aGkFcSrJdHAruDxyBOofNyy1vvdoEsywtEnHEa2jTs9uP0KZL4kIpjyKawzzIYX_e-b9CvGreoEGrZbsRjtbG4Po4RLr-3A2lyeii14C-uSg-O7yvUlw0zOGIWn2xH2DutNQPLTTTBhaggoZ7Of1sCoBd7-edTc8PQ2F70UKZfks5-gr3a2mvWL2fdwI-NzFZaEjEr0Fg1eATb8PmCTTzlJNvJel0yW8OEbc8P4s5ulUdq-81KjlLorKVhUOJ0KhEmbUznz1UzBbxpHf9i0zoE8fKcK-ZDVBv8hfNImXQv9H6p1KQBb1pbTwi9sZ9dGrsM6a_T9JF4mi34ilu9y0YmsKmPkN1uci1HJUuSPmUrawT3VaIuXV33TBv8N7haLfeQmfRBt-PLaDb2R0hrDBfBGihstq96mlLCJpz43Y_T92MOML2MV-Qkj9RmUN3am7_-crt6l6Q%252C%252C&cbpage=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&cbref=
104.21.72.77204 No Content 0 B URL HTTP/2 eventucker.com/script/i.php?t=1&stamat=m%257C%252C%252CgifX43KqoGU3BZ9GH0dEdHP3xP.8b4%252CbS86eC3lLdOy8aGkFcSrJdHAruDxyBOofNyy1vvdoEsywtEnHEa2jTs9uP0KZL4kIpjyKawzzIYX_e-b9CvGreoEGrZbsRjtbG4Po4RLr-3A2lyeii14C-uSg-O7yvUlw0zOGIWn2xH2DutNQPLTTTBhaggoZ7Of1sCoBd7-edTc8PQ2F70UKZfks5-gr3a2mvWL2fdwI-NzFZaEjEr0Fg1eATb8PmCTTzlJNvJel0yW8OEbc8P4s5ulUdq-81KjlLorKVhUOJ0KhEmbUznz1UzBbxpHf9i0zoE8fKcK-ZDVBv8hfNImXQv9H6p1KQBb1pbTwi9sZ9dGrsM6a_T9JF4mi34ilu9y0YmsKmPkN1uci1HJUuSPmUrawT3VaIuXV33TBv8N7haLfeQmfRBt-PLaDb2R0hrDBfBGihstq96mlLCJpz43Y_T92MOML2MV-Qkj9RmUN3am7_-crt6l6Q%252C%252C&cbpage=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&cbref=
IP 104.21.72.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script/i.php?t=1&stamat=m%257C%252C%252CgifX43KqoGU3BZ9GH0dEdHP3xP.8b4%252CbS86eC3lLdOy8aGkFcSrJdHAruDxyBOofNyy1vvdoEsywtEnHEa2jTs9uP0KZL4kIpjyKawzzIYX_e-b9CvGreoEGrZbsRjtbG4Po4RLr-3A2lyeii14C-uSg-O7yvUlw0zOGIWn2xH2DutNQPLTTTBhaggoZ7Of1sCoBd7-edTc8PQ2F70UKZfks5-gr3a2mvWL2fdwI-NzFZaEjEr0Fg1eATb8PmCTTzlJNvJel0yW8OEbc8P4s5ulUdq-81KjlLorKVhUOJ0KhEmbUznz1UzBbxpHf9i0zoE8fKcK-ZDVBv8hfNImXQv9H6p1KQBb1pbTwi9sZ9dGrsM6a_T9JF4mi34ilu9y0YmsKmPkN1uci1HJUuSPmUrawT3VaIuXV33TBv8N7haLfeQmfRBt-PLaDb2R0hrDBfBGihstq96mlLCJpz43Y_T92MOML2MV-Qkj9RmUN3am7_-crt6l6Q%252C%252C&cbpage=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&cbref= HTTP/1.1
Host: eventucker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 04 Feb 2023 12:11:13 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mdwpssOxe%2B%2B6FIZh2X7SiWLSwvTZcBAkJ2ZqaIXoCqcDvWDeA552ebLjdjOBGOZNfiSLYCBAOvpPM%2FZ4mPxG1IDBLFG%2BFXeTudKusbYc0hi1F8tD7XgQ8JeK8e4en7To7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79434ec2d8d5b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e69146b2b3cc4fedc68b10de5fa1c071
90d9d81bb5513e701edac6b93fea10d0d536e2f1
f3706f157fe37709ef692f56e8bbd7763e372b0a02926ce27892769860f7e9f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3244
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:13 GMT
Last-Modified: Sat, 04 Feb 2023 11:17:09 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 392d335763ea7ec90e41ff32848b84e3
5114cbba389abe1b3d9f76d17f3214b727ea7bca
f261ba3b696322e231bd694e0a70e52dd5501cd06d3207ed6936be84822c2ab8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F261BA3B696322E231BD694E0A70E52DD5501CD06D3207ED6936BE84822C2AB8"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17787
Expires: Sat, 04 Feb 2023 17:07:40 GMT
Date: Sat, 04 Feb 2023 12:11:13 GMT
Connection: keep-alive
i.bngprm.com/banners/300x250/ST-SQUIRT/no.gif
64.210.135.145200 OK 205 kB URL HTTP/2 i.bngprm.com/banners/300x250/ST-SQUIRT/no.gif
IP 64.210.135.145:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 205 kB (204884 bytes)
Hash 25d3842e0c7ff62ddfd5c17c43e2d65f
9020d77b0ac9d680d9b97d3a78021c401740700c
e6adffb053cf217fddedc527dc1f2f8754a7f8601ee5125dcbcc4ddd566c4c3d
GET /banners/300x250/ST-SQUIRT/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bcprm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: image/gif
content-length: 204884
last-modified: Wed, 27 Nov 2019 10:19:23 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Fri, 27 May 2022 15:06:23 GMT
x-o1-bcs-ban: MISS
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7740-1-26961-h-0-0---;7736-30-30927----0-0-1
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.24200 OK 36 kB URL HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 0d85399accf2ff2fb0b8c59ef4168eef
977b2d3946b37e60d03bee41aaeea253cf0c23d5
69c7e9ec88a11e6ff0d3b728c840461be54bf137d9afc93c6b94cb878e7860da
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Sat, 04 Feb 2023 12:16:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
notification.tubecup.net/tags?tag_id=67005&timezone_olson=UTC&version_name=a
88.198.200.36204 No Content 0 B URL HTTP/2 notification.tubecup.net/tags?tag_id=67005&timezone_olson=UTC&version_name=a
IP 88.198.200.36:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=67005&timezone_olson=UTC&version_name=a HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:13 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
i.bngprm.com/banners/728x90/ST_random_all/no.gif
64.210.135.145200 OK 90 kB URL HTTP/2 i.bngprm.com/banners/728x90/ST_random_all/no.gif
IP 64.210.135.145:0
File type GIF image data, version 89a, 728 x 90\012- data
Hash f4f716cd64d1e190d5d134173d03332b
92c90b490141ef052b809ad8957efd3b8df9b6cf
27aae082a34e3e4e4259fa331a91cfe8416aa8f7c9e6b0ff81efc3ea6ff34390
GET /banners/728x90/ST_random_all/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bcprm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: image/gif
content-length: 89864
last-modified: Wed, 20 May 2020 10:39:49 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Sat, 11 Dec 2021 13:39:39 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7735-7-36361-h-0-0---;7736-30-30927----0-0-3
X-Firefox-Spdy: h2
i.bngprm.com/banners/300x250/st_molly/no.gif
64.210.135.145200 OK 138 kB URL HTTP/2 i.bngprm.com/banners/300x250/st_molly/no.gif
IP 64.210.135.145:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 138 kB (138085 bytes)
Hash 90963537e243146ac813609090b17169
88305079e08fac8fa94e737c41e3b6fea18defc7
8869a6f29b388cd6625fb6eb0197aaf0c471ee01edfac0b51a02e0f0b8c2dafc
GET /banners/300x250/st_molly/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bcprm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: image/gif
content-length: 138085
last-modified: Wed, 20 May 2020 07:26:31 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Tue, 10 May 2022 12:37:44 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7735-5-36101-h-0-0---;7736-30-30927----0-0-1
X-Firefox-Spdy: h2
i.bngprm.com/banners/300x250/barbie/no.gif
64.210.135.145200 OK 96 kB URL HTTP/2 i.bngprm.com/banners/300x250/barbie/no.gif
IP 64.210.135.145:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 9417d48c98f90b6b8e664b97628abfaa
982e71923f2733b7d0d43becca61930d00f920e1
744a945cb9d63f387c34246041f4e2abc66790b31c684da83fac394fd898ce9b
GET /banners/300x250/barbie/no.gif HTTP/1.1
Host: i.bngprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bcprm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: image/gif
content-length: 95927
last-modified: Wed, 27 Nov 2019 10:19:24 GMT
cache-control: max-age=2592000
x-bcs-o: 1
expires: Mon, 14 Nov 2022 14:33:28 GMT
x-o1-bcs-ban: HIT
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
x-cdn-diag: ams5-7737-1-38188-h-0-0---;7736-30-30927----0-1-7
X-Firefox-Spdy: h2
limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/1906939/?pb=005dae89b2fc226f4b46b6f7141e17f91675519873&psp=vRC0VmTKuJcRZQQONFIyTnQI4LMoaqX7ZePCM70A4jZIOjtieR7goQ_4ffxaMjg1lJaSD6DYbGvp4wO7tzYyN9ZA8qBPfw5dajfnb1P9wg9m-xJZVWufJ2pn7E0kVQAuaOiBcO_7405NqTTm5PDqg3uVSnn3O6gR7u-ff0mBTyrMRe0L96rHvnMt7oXG-NCDmzczCIOWk1eOx9EjmvBe517ghwg1jh7gayx0tt1BVbLzyWNTD09hWo5ea_Km5ftcf6CD8uA01eua3C0SGy23O3Z1wBo-eJpB6yp1OiNraW1Pn6avqYcAM_DtUR5P7YOfKwoC1ip23xA4kRPj83wx23xqc-2p4FZQsFaEnFRn93DjNnme-3ZSCphSuTIIxEYEyVhs3NYfg12xer7kceionGFQdi9nuk9QF2WgCYKe13yzRraff6LFAgQK-6hbEILbzwOiyU2mgBj0XeAMPl5YmVrRooNQxThbWkhaucS7rtrokik43f2qSprsAjZz9jDou5fNJrlSUIRVWy0kA2WE2X5Qe33g7MzSrzkoiLxIfpH0nuXKtgDJI7r1bgKIPQlTHegx1rGaSNaF8bsZDiNncPwb2wQ48gXKmF771vc1lBnL0Wk7-NEyUMRY2YYJdKg4xkzqQjSFBybdqijwE_KgYp2LNMVqYS3x7ZmimoBEER0Bdzz330pm_roJ9r_c4XCrdXScO9_C0jvtCT-24RDisyQFlhc2KOLmEJVtqWsPkSbaV0lVgS9qBYBsihYWtUC2chRuaFt-QzCKcYcD6w5-5_CRMVcs3jQs8h3hOYWAW0XaYzZxYKdzfPw3kdsY_7L7u0fvwEsyFzL39I86sdXpg_ZWyopHtj6VgxT4&cb=_cl980oyvjjc52gutjv1oen&nojs=0&ix=0&abvar=3&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Cookie: UID=2302040711fb3de514663341dd9555f74809
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:14 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-zTW94IuC1o
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-zTW94IuC1o
IP 216.58.211.3:0
Hash 5fba9617ae39eaf3e54641fde5eda851
b38c2e0ab6736b29bb08b1191cd9f22f729a543a
4b0528f3e2e04d56e2fe41afeae441d238ad1c923a7fbc720aff552497155712
POST /s/gts1p5/-zTW94IuC1o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fp.metricswpsh.com/fp?tag_id=67005
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67005
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=67005 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oncam.me/
Origin: https://oncam.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://oncam.me
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ca06843895744c102d075d461d4fbc4d
06f9b4a67e5404b84e115c56258b1025b2c3bcbf
dd2f6b004ba9206be9e59249f7c8053a0cc3dd4ffe454bf29b5c0b6833d25634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD2F6B004BA9206BE9E59249F7C8053A0CC3DD4FFE454BF29B5C0B6833D25634"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10163
Expires: Sat, 04 Feb 2023 15:00:37 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=67005
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=67005
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=67005 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22285
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 12:11:14 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oncam.me
Set-Cookie: id=17069758645192587304; Expires=Sun, 04 Feb 2024 12:11:14 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
95.101.11.115200 OK 12 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 73e08e6b2df7517d9f59328007b4c24a
b2df34913e5deac4bd3590340221afe826b1c613
72e9c769c2bd3b7007a61c097b498a38e86c008ff18139830f2941109eec6247
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D704111F31F107E780A73787E7A5536094C668E8880A583EBE60A220E2E933C"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16653
Expires: Sat, 04 Feb 2023 16:48:47 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
e69cf83721.56efa4d7b7.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQ5MjU0NjIyMjA2Nzk0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwMDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiQzQlMkNiYm5pa2tpLm1wNCUyQ09OQ0FNJTJDUGVyaXNjb3BlJTJDQ2hhdHVyYmF0ZSUyQ0NBTTQlMkNPdXRkb29yJTJDVmlkZW9zJTJDVGFuZ28ubWUlMkNQcmVtaXVtJTJDQ3Vtc2hvdy5UViUyQ0xpdmUlMkNQdWJsaWMlMkNTZXglMkNPbmx5ZmFucyUyQ0JpZ28lMkNMaXZlJTJDc3RyZWFtcyUyQ0FtYXRldXIlMkNQb3JuJTJDYXJnZW50aW5hJTJDYXJnZW50aW5hIn0=
45.133.44.25200 OK 0 B URL HTTP/2 e69cf83721.56efa4d7b7.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQ5MjU0NjIyMjA2Nzk0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwMDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiQzQlMkNiYm5pa2tpLm1wNCUyQ09OQ0FNJTJDUGVyaXNjb3BlJTJDQ2hhdHVyYmF0ZSUyQ0NBTTQlMkNPdXRkb29yJTJDVmlkZW9zJTJDVGFuZ28ubWUlMkNQcmVtaXVtJTJDQ3Vtc2hvdy5UViUyQ0xpdmUlMkNQdWJsaWMlMkNTZXglMkNPbmx5ZmFucyUyQ0JpZ28lMkNMaXZlJTJDc3RyZWFtcyUyQ0FtYXRldXIlMkNQb3JuJTJDYXJnZW50aW5hJTJDYXJnZW50aW5hIn0=
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQ5MjU0NjIyMjA2Nzk0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NjcwMDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC45MywiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiQzQlMkNiYm5pa2tpLm1wNCUyQ09OQ0FNJTJDUGVyaXNjb3BlJTJDQ2hhdHVyYmF0ZSUyQ0NBTTQlMkNPdXRkb29yJTJDVmlkZW9zJTJDVGFuZ28ubWUlMkNQcmVtaXVtJTJDQ3Vtc2hvdy5UViUyQ0xpdmUlMkNQdWJsaWMlMkNTZXglMkNPbmx5ZmFucyUyQ0JpZ28lMkNMaXZlJTJDc3RyZWFtcyUyQ0FtYXRldXIlMkNQb3JuJTJDYXJnZW50aW5hJTJDYXJnZW50aW5hIn0= HTTP/1.1
Host: e69cf83721.56efa4d7b7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:14 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10011
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
api-public.addthis.com/url/shares.json?url=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&callback=_ate.cbs.sc_httpsoncamme151854c4bbnikkimp40
23.38.200.123200 OK 78 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&callback=_ate.cbs.sc_httpsoncamme151854c4bbnikkimp40
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 69de933b2c0e0f6835f860fd3e04bb8f
c8fc761f4226907bfec15199a4b953736acbd891
8931a2f8ad4cf35ba8843c9d8f2e80c9c69b94670f0855980e6227d9750076e2
GET /url/shares.json?url=https%3A%2F%2Foncam.me%2F151854%2Fc4-bbnikki-mp4%2F&callback=_ate.cbs.sc_httpsoncamme151854c4bbnikkimp40 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: oncam.me/151854/c4-bbnikki-mp4/
last-modified: Sat, 04 Feb 2023 12:11:14 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 78
date: Sat, 04 Feb 2023 12:11:14 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10011
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
crrepo.com/extban/261733020/creatives/23279310/660c3cbc98610e68a10d0cf2ef4d65be_1101.gif
104.21.235.114200 OK 1.3 MB URL HTTP/2 crrepo.com/extban/261733020/creatives/23279310/660c3cbc98610e68a10d0cf2ef4d65be_1101.gif
IP 104.21.235.114:0
File type GIF image data, version 87a, 600 x 500\012- data
Size 1.3 MB (1328832 bytes)
Hash 7322b596d9ea7ecae32f47b9e98571b1
460dc2a1ec9e762c229b4ecb91b8a21386f7e8ba
9d2f1cc7c40fd40410eaea9f9cab3d766d3f0b7a354d16adda2ce72e62b5be92
GET /extban/261733020/creatives/23279310/660c3cbc98610e68a10d0cf2ef4d65be_1101.gif HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: image/gif
last-modified: Wed, 14 Jul 2021 16:03:39 GMT
etag: W/"60ef0adb-1444c9"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 1158
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fOVNTHTMb3DaK2Y5HbYX8JLi3nVkY3MQrrT2iHIOh5T5ygrfLrynnhmE8nzk1szZuruvIJNEDIuizmCJ6LvI2Gbcd6qQWcwYjRZ3yu1ZG57GpkJNi2LlyBs0mMa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79434ec28ec423b4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 50264
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 50441
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 50453
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 50453
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 518bba9a8770e8ff15229a68be5bddc3
139f944b3f4279e640901f7a6b993f1a49b51a22
0591e73dec2190752677f06525bc993dc8c7a5aa20984a5eda64c323188e2b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: b6c1caa9-72e4-476f-9c3d-4a746c410ba3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHLJoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-1289ef383fbad59621eda6d0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nIp2nUVnamnoTpFwrN1L4K1dqjYvcDGuV2yFqYskkXb14k72AZsjMg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:41 GMT
age: 50553
etag: "139f944b3f4279e640901f7a6b993f1a49b51a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 51790
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=32bf7965-2d5c-4e53-adeb-47f12b9e0357&subid=845640524&sid=1978190565&spot_id=297442&created_at=2023-02-04&timezone=0&ver=8.24.1&is_native=1
94.130.198.6200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=32bf7965-2d5c-4e53-adeb-47f12b9e0357&subid=845640524&sid=1978190565&spot_id=297442&created_at=2023-02-04&timezone=0&ver=8.24.1&is_native=1
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=32bf7965-2d5c-4e53-adeb-47f12b9e0357&subid=845640524&sid=1978190565&spot_id=297442&created_at=2023-02-04&timezone=0&ver=8.24.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 Feb 2023 12:11:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 652453a9a8e63cc2b96e8d3cc54bc693
59facf5454ca879f5cf1dc038d739434d3b5f846
5018bd617e70a47dfeb75954d1719d91ec92ea35efa4cf468e89b570d0fb4b4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5018BD617E70A47DFEB75954D1719D91EC92EA35EFA4CF468E89B570D0FB4B4A"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14899
Expires: Sat, 04 Feb 2023 16:19:33 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 652453a9a8e63cc2b96e8d3cc54bc693
59facf5454ca879f5cf1dc038d739434d3b5f846
5018bd617e70a47dfeb75954d1719d91ec92ea35efa4cf468e89b570d0fb4b4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5018BD617E70A47DFEB75954D1719D91EC92EA35EFA4CF468E89B570D0FB4B4A"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14899
Expires: Sat, 04 Feb 2023 16:19:33 GMT
Date: Sat, 04 Feb 2023 12:11:14 GMT
Connection: keep-alive
1d64fb6441.0ec78e0509.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 1d64fb6441.0ec78e0509.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 1d64fb6441.0ec78e0509.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oncam.me/
Origin: https://oncam.me
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:14 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
1d64fb6441.0ec78e0509.com/in/multy
168.119.25.22200 OK 32 kB URL HTTP/2 1d64fb6441.0ec78e0509.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (31471), with no line terminators
Hash ee1efc48280d0aa7d46fca7a45e34be0
4739ebe0d087286922fa2e6cd4796d62c2ee38d0
f79d65ac8f5a4e5578e5d392954712dd9ea6dfe96062be63940f141eb4089a78
POST /in/multy HTTP/1.1
Host: 1d64fb6441.0ec78e0509.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1406
Origin: https://oncam.me
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: application/json
content-length: 31473
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
1d64fb6441.0ec78e0509.com/in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=10882&price=0&is_cpm=1&cpm=0.608&ecpm=0.4959456&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-04&is_native=3&auction_queue=0&burl=iwekKz-Exmf4XWNigfKLQlhoLI_hGb-rL36via85-JdmRLQNfsU19HDhLNP-1URdWqb6XL51gafE7PdXICGu5XDiURXJAnHG6G2RlxABpY55l_tMbcB-hiseG1fL0y1Z87Dmbf8bpiZes7XwewPba8auetzFUfLAsEQO8CiOoEk5yvZBeo02A56OqPAr7uawn3by68ejCj1m0nCiCFydO4wwjBlC8XGnpl8oBAKhejMcTGPMpJlnlgBbIXuh1Wi3zjD4XYJ5gDaQGLVBw-lYF1kd_7xzOSyNt7jXMOUQEtwY9cbrvwW5cDFQdig9fe80UQtQ10M6VtM2xlJHm70bolsR3vj7d31qbMnBolkAl5gattR2wOypEqypuZwELqaYuHY_cwDbiZtHxPf9qAfDlL3VhQ7UJn4DEE-d9gtpBDgj2H1t3EUXi7QQ-x8kthmksosprYmcueFRLvYfYP4ONIrZj6vZMoQkSW5N2CdR9FApBbAI10ic3aVEarhwO9mMX7Jv4qWAd-pHY8Sui-1WeMeKNwV-06sSztgwoNmwcFRZaQpej9LdKGm5lyScf7eSXlt6aRHFjiGE9oJGbGkIRG79Vy6qrP2ky_XG7GyFZrFxP864NRo5wWnkJV_dzSjEtxcVqOYbgOXqaCgVAzq5agLRCyPMuZBkk2Y3qTrHkMP79KIofTN8rf0KEXP_4TzoNThmS9SF7S2fD5goGW2qMxAJIW8Kx0DcugxID8ix2Km3M0U9VVTUKhxkiyT6Vi8DNdVyY6cvHM_mOT43nZDbyxVz75-4hwrNJXzgfBLJLQmvQ_vOXtlz3M054tsgYruRXBswZT8egK6ZjPTGYzK5HT_1JHEzjVK3VCEjs8h2q_B_ZGHVDKVbvEwByxnw8-63xG56AvC-y2jVIl0mXC3_r9NTf9wHV7lsliVj5uGe6JgRVDrj5ngnTEAEGnX6WkTlq7eC9uulqPhUfGLgV4MdHe5vhk433JKLkRpThvxK559aHWQAAzWCdJOZnxXWygHlaHENo-9VSxlhsc7XL2RYnIEVFGCPtBr5261mOo81nz73mhC7NPiMGeGtdCCEy2mf_LQHmFQLxFtE1zkJz_ED0XJg4TeMX6xuaHGCNgX402QNEF1rzcxwib3h2MljWPxmXp9qqFGjFeY1RDEzcWzNW-3tILfN9AkIQL_P_Y4mitl_AI6EAaSraSxOncTejfbiGglMit7MYjOwoGWQopWJ8WbOgGKBaUaVPITXVjfL9kL7eJK2i1-92_TBQc19moKRP8H3EKza36a8S5pACYcbfhvHsGlXZgb6iRmprU5eZqIujMdNEqsiKsp5t4DIavOEKIX69pihs3sgA8YADWzurM3fK9LiSMIibKGMHvZsJLDpFRmZlwVR7P-_9qUJxv-KQ3v_llevMHJrAkmAIHUVDtoKjdYXtm4Y6KJ7RJ8k6dQ4kvq6FulqIAJ9ozURumbdkcsvlj3t86JZwIPg3gDMedgj7cUeIYsB7b7yafqYuW9Cq67_9mSGrh1hBINLLkRzDuqUXJSTxGXEQT3d1mC1c8P9bcXeYN_csgX6IjyLyT_8YQ-AdhjOgI1kRw-GIa0YALe5Z9lLr0VsWyQxEDXuvJh_DUmDQ1O7TvAkWoo7gMkgreqbdc3wLO8Ag15sr-mPF3tP0weEXglpWdyXDAdJdDKDX8x7QbNwhCEWr_9TdszEVBw_0wvrxdZ8Azj6hfKwsRMaVo-9wXfhT61LtTFVqqCb5xvyCU32ABFD80LKhB_oAtmm6euoSpY1rH3-YDlfJadvviSiNOX_kaRymWYksh-FBkZY_7sYCS0i-N8QhoKJ2hfcZHhrJM2SCGBrCidwX0-Uiw5BhzW9f2dmsxKhsIQadrReR_XhKQ06N87t7vXFZGMU7fk146X03NNC1K98KU0IX4TEk0-1yU8tIE4iyJZCFXHlegXC3dJtln49RFyav0E8IR-zvNLX3Vfh847zJ3o8cLiOPfO2PfendCkk5F0yGzCi3lndaYGxkQFPx6hY6KuvcoMg1M_2UOWvipaY6r-jmKb6JTmWP6nK7eUvCIidVCsYqO-9bhNC&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.03904287540974582&placement_type_id=7&skin_test=0&verify_hash=80277daeee939cdf08bd0f3e7020d83a&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.608&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=80277daeee939cdf08bd0f3e7020d83a&real_bid=0.4959456&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25-3&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=U-5fdn8sZ7JUAf7Lj-L5Xh6tIRXAbxLUgkNWXGps-lTjqcz4u2fSI2MGmN-gYSW6sGp8GOLq2GBO0nZ-J6_47XMGa-T_poxQ_yg4lS9clsQj0pvukYaQs0BZauLyxVQIIdbaXyqz0wXI2naYaGUrkxPHz04uyJWtxUV8ikvzdiJgZxMN7Q&pop_price=0.0004959456&pop_real_bid=0.0004959456&pop_ecpm=0.044690284320513224&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=4,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=30f66495-0924-4499-bcce-3198c38877bd&mlc=1&format=default-slide-b_r-body
168.119.25.22200 OK 0 B URL HTTP/2 1d64fb6441.0ec78e0509.com/in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=10882&price=0&is_cpm=1&cpm=0.608&ecpm=0.4959456&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-04&is_native=3&auction_queue=0&burl=iwekKz-Exmf4XWNigfKLQlhoLI_hGb-rL36via85-JdmRLQNfsU19HDhLNP-1URdWqb6XL51gafE7PdXICGu5XDiURXJAnHG6G2RlxABpY55l_tMbcB-hiseG1fL0y1Z87Dmbf8bpiZes7XwewPba8auetzFUfLAsEQO8CiOoEk5yvZBeo02A56OqPAr7uawn3by68ejCj1m0nCiCFydO4wwjBlC8XGnpl8oBAKhejMcTGPMpJlnlgBbIXuh1Wi3zjD4XYJ5gDaQGLVBw-lYF1kd_7xzOSyNt7jXMOUQEtwY9cbrvwW5cDFQdig9fe80UQtQ10M6VtM2xlJHm70bolsR3vj7d31qbMnBolkAl5gattR2wOypEqypuZwELqaYuHY_cwDbiZtHxPf9qAfDlL3VhQ7UJn4DEE-d9gtpBDgj2H1t3EUXi7QQ-x8kthmksosprYmcueFRLvYfYP4ONIrZj6vZMoQkSW5N2CdR9FApBbAI10ic3aVEarhwO9mMX7Jv4qWAd-pHY8Sui-1WeMeKNwV-06sSztgwoNmwcFRZaQpej9LdKGm5lyScf7eSXlt6aRHFjiGE9oJGbGkIRG79Vy6qrP2ky_XG7GyFZrFxP864NRo5wWnkJV_dzSjEtxcVqOYbgOXqaCgVAzq5agLRCyPMuZBkk2Y3qTrHkMP79KIofTN8rf0KEXP_4TzoNThmS9SF7S2fD5goGW2qMxAJIW8Kx0DcugxID8ix2Km3M0U9VVTUKhxkiyT6Vi8DNdVyY6cvHM_mOT43nZDbyxVz75-4hwrNJXzgfBLJLQmvQ_vOXtlz3M054tsgYruRXBswZT8egK6ZjPTGYzK5HT_1JHEzjVK3VCEjs8h2q_B_ZGHVDKVbvEwByxnw8-63xG56AvC-y2jVIl0mXC3_r9NTf9wHV7lsliVj5uGe6JgRVDrj5ngnTEAEGnX6WkTlq7eC9uulqPhUfGLgV4MdHe5vhk433JKLkRpThvxK559aHWQAAzWCdJOZnxXWygHlaHENo-9VSxlhsc7XL2RYnIEVFGCPtBr5261mOo81nz73mhC7NPiMGeGtdCCEy2mf_LQHmFQLxFtE1zkJz_ED0XJg4TeMX6xuaHGCNgX402QNEF1rzcxwib3h2MljWPxmXp9qqFGjFeY1RDEzcWzNW-3tILfN9AkIQL_P_Y4mitl_AI6EAaSraSxOncTejfbiGglMit7MYjOwoGWQopWJ8WbOgGKBaUaVPITXVjfL9kL7eJK2i1-92_TBQc19moKRP8H3EKza36a8S5pACYcbfhvHsGlXZgb6iRmprU5eZqIujMdNEqsiKsp5t4DIavOEKIX69pihs3sgA8YADWzurM3fK9LiSMIibKGMHvZsJLDpFRmZlwVR7P-_9qUJxv-KQ3v_llevMHJrAkmAIHUVDtoKjdYXtm4Y6KJ7RJ8k6dQ4kvq6FulqIAJ9ozURumbdkcsvlj3t86JZwIPg3gDMedgj7cUeIYsB7b7yafqYuW9Cq67_9mSGrh1hBINLLkRzDuqUXJSTxGXEQT3d1mC1c8P9bcXeYN_csgX6IjyLyT_8YQ-AdhjOgI1kRw-GIa0YALe5Z9lLr0VsWyQxEDXuvJh_DUmDQ1O7TvAkWoo7gMkgreqbdc3wLO8Ag15sr-mPF3tP0weEXglpWdyXDAdJdDKDX8x7QbNwhCEWr_9TdszEVBw_0wvrxdZ8Azj6hfKwsRMaVo-9wXfhT61LtTFVqqCb5xvyCU32ABFD80LKhB_oAtmm6euoSpY1rH3-YDlfJadvviSiNOX_kaRymWYksh-FBkZY_7sYCS0i-N8QhoKJ2hfcZHhrJM2SCGBrCidwX0-Uiw5BhzW9f2dmsxKhsIQadrReR_XhKQ06N87t7vXFZGMU7fk146X03NNC1K98KU0IX4TEk0-1yU8tIE4iyJZCFXHlegXC3dJtln49RFyav0E8IR-zvNLX3Vfh847zJ3o8cLiOPfO2PfendCkk5F0yGzCi3lndaYGxkQFPx6hY6KuvcoMg1M_2UOWvipaY6r-jmKb6JTmWP6nK7eUvCIidVCsYqO-9bhNC&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.03904287540974582&placement_type_id=7&skin_test=0&verify_hash=80277daeee939cdf08bd0f3e7020d83a&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.608&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=80277daeee939cdf08bd0f3e7020d83a&real_bid=0.4959456&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25-3&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=U-5fdn8sZ7JUAf7Lj-L5Xh6tIRXAbxLUgkNWXGps-lTjqcz4u2fSI2MGmN-gYSW6sGp8GOLq2GBO0nZ-J6_47XMGa-T_poxQ_yg4lS9clsQj0pvukYaQs0BZauLyxVQIIdbaXyqz0wXI2naYaGUrkxPHz04uyJWtxUV8ikvzdiJgZxMN7Q&pop_price=0.0004959456&pop_real_bid=0.0004959456&pop_ecpm=0.044690284320513224&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=4,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=30f66495-0924-4499-bcce-3198c38877bd&mlc=1&format=default-slide-b_r-body
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=10882&price=0&is_cpm=1&cpm=0.608&ecpm=0.4959456&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-02-04&is_native=3&auction_queue=0&burl=iwekKz-Exmf4XWNigfKLQlhoLI_hGb-rL36via85-JdmRLQNfsU19HDhLNP-1URdWqb6XL51gafE7PdXICGu5XDiURXJAnHG6G2RlxABpY55l_tMbcB-hiseG1fL0y1Z87Dmbf8bpiZes7XwewPba8auetzFUfLAsEQO8CiOoEk5yvZBeo02A56OqPAr7uawn3by68ejCj1m0nCiCFydO4wwjBlC8XGnpl8oBAKhejMcTGPMpJlnlgBbIXuh1Wi3zjD4XYJ5gDaQGLVBw-lYF1kd_7xzOSyNt7jXMOUQEtwY9cbrvwW5cDFQdig9fe80UQtQ10M6VtM2xlJHm70bolsR3vj7d31qbMnBolkAl5gattR2wOypEqypuZwELqaYuHY_cwDbiZtHxPf9qAfDlL3VhQ7UJn4DEE-d9gtpBDgj2H1t3EUXi7QQ-x8kthmksosprYmcueFRLvYfYP4ONIrZj6vZMoQkSW5N2CdR9FApBbAI10ic3aVEarhwO9mMX7Jv4qWAd-pHY8Sui-1WeMeKNwV-06sSztgwoNmwcFRZaQpej9LdKGm5lyScf7eSXlt6aRHFjiGE9oJGbGkIRG79Vy6qrP2ky_XG7GyFZrFxP864NRo5wWnkJV_dzSjEtxcVqOYbgOXqaCgVAzq5agLRCyPMuZBkk2Y3qTrHkMP79KIofTN8rf0KEXP_4TzoNThmS9SF7S2fD5goGW2qMxAJIW8Kx0DcugxID8ix2Km3M0U9VVTUKhxkiyT6Vi8DNdVyY6cvHM_mOT43nZDbyxVz75-4hwrNJXzgfBLJLQmvQ_vOXtlz3M054tsgYruRXBswZT8egK6ZjPTGYzK5HT_1JHEzjVK3VCEjs8h2q_B_ZGHVDKVbvEwByxnw8-63xG56AvC-y2jVIl0mXC3_r9NTf9wHV7lsliVj5uGe6JgRVDrj5ngnTEAEGnX6WkTlq7eC9uulqPhUfGLgV4MdHe5vhk433JKLkRpThvxK559aHWQAAzWCdJOZnxXWygHlaHENo-9VSxlhsc7XL2RYnIEVFGCPtBr5261mOo81nz73mhC7NPiMGeGtdCCEy2mf_LQHmFQLxFtE1zkJz_ED0XJg4TeMX6xuaHGCNgX402QNEF1rzcxwib3h2MljWPxmXp9qqFGjFeY1RDEzcWzNW-3tILfN9AkIQL_P_Y4mitl_AI6EAaSraSxOncTejfbiGglMit7MYjOwoGWQopWJ8WbOgGKBaUaVPITXVjfL9kL7eJK2i1-92_TBQc19moKRP8H3EKza36a8S5pACYcbfhvHsGlXZgb6iRmprU5eZqIujMdNEqsiKsp5t4DIavOEKIX69pihs3sgA8YADWzurM3fK9LiSMIibKGMHvZsJLDpFRmZlwVR7P-_9qUJxv-KQ3v_llevMHJrAkmAIHUVDtoKjdYXtm4Y6KJ7RJ8k6dQ4kvq6FulqIAJ9ozURumbdkcsvlj3t86JZwIPg3gDMedgj7cUeIYsB7b7yafqYuW9Cq67_9mSGrh1hBINLLkRzDuqUXJSTxGXEQT3d1mC1c8P9bcXeYN_csgX6IjyLyT_8YQ-AdhjOgI1kRw-GIa0YALe5Z9lLr0VsWyQxEDXuvJh_DUmDQ1O7TvAkWoo7gMkgreqbdc3wLO8Ag15sr-mPF3tP0weEXglpWdyXDAdJdDKDX8x7QbNwhCEWr_9TdszEVBw_0wvrxdZ8Azj6hfKwsRMaVo-9wXfhT61LtTFVqqCb5xvyCU32ABFD80LKhB_oAtmm6euoSpY1rH3-YDlfJadvviSiNOX_kaRymWYksh-FBkZY_7sYCS0i-N8QhoKJ2hfcZHhrJM2SCGBrCidwX0-Uiw5BhzW9f2dmsxKhsIQadrReR_XhKQ06N87t7vXFZGMU7fk146X03NNC1K98KU0IX4TEk0-1yU8tIE4iyJZCFXHlegXC3dJtln49RFyav0E8IR-zvNLX3Vfh847zJ3o8cLiOPfO2PfendCkk5F0yGzCi3lndaYGxkQFPx6hY6KuvcoMg1M_2UOWvipaY6r-jmKb6JTmWP6nK7eUvCIidVCsYqO-9bhNC&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.03904287540974582&placement_type_id=7&skin_test=0&verify_hash=80277daeee939cdf08bd0f3e7020d83a&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.608&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=80277daeee939cdf08bd0f3e7020d83a&real_bid=0.4959456&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25-3&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=U-5fdn8sZ7JUAf7Lj-L5Xh6tIRXAbxLUgkNWXGps-lTjqcz4u2fSI2MGmN-gYSW6sGp8GOLq2GBO0nZ-J6_47XMGa-T_poxQ_yg4lS9clsQj0pvukYaQs0BZauLyxVQIIdbaXyqz0wXI2naYaGUrkxPHz04uyJWtxUV8ikvzdiJgZxMN7Q&pop_price=0.0004959456&pop_real_bid=0.0004959456&pop_ecpm=0.044690284320513224&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=4,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=30f66495-0924-4499-bcce-3198c38877bd&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: 1d64fb6441.0ec78e0509.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:15 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
1d64fb6441.0ec78e0509.com/in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675685474&created_at=2023-02-04&is_native=1&auction_queue=0&burl=qrN_3xqwnhO1wEKDPpM4CEiYdRe1al8n6ikpIOV6DJIoo1Ljkx6MnQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0009059478520872757&placement_type_id=&skin_test=0&verify_hash=2938f95f23b604be633a22675716dd4d&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=pGSDmJ0i8n96vs0xSX_sdAofIhfBYoEFtmr5JyeOm_3dG7taNNGuECl3it9HIpiw6T13iL5fKpiC3sQyN_w5iHVYho8jNVyNA_gOOdbDdm_RMqzVapvnOEvThuhC215F1ZyNEpHY9jFNTVwiLYxiFswjNhTUzQrLXmwahyq4he-L2T_YRg3DOgrUu0qt80fVe5rn1HvMw7R2I9pVKIEgjWDCvCD-cOuGPFCPs1HaSXBURN8zGiH7B1ZV46pgldBgFhgd85W-iYREr6Ih8_cw9njU_GZ6SkG95THYO9xGNdQ3BMRWV53M8Mie0xcvIgVM4jJ_H8Ep9snjX3SNHq6OjksoYJjkiaiCJy_6-AXL0N6F4NdLNTu7EF_jmBXeOMmTd252mzjhz3oPyLseKUsQY1zcxi1z04X1vi1GM8XI4Av7PsUMROt2Htggc5CqoamsG-pxO81HWkwKgU_dlHXVUIAwEM111tvphcYy629oI8Ael2R3UNfiVCfDHzwvLtNlTPk0Ea10CLSqnw7PBC7XbxcHx36iSMtYygWQJeNtwUnlcvlPqZMuRxGJy-kzIAF5mgvdr6N8y4kIqeLGJs2d--5JW6Afp0S9pJr9xpIzmwqA-ynELyKQsaB52JGz3CUA1xpTZzVDBH05-nzaY-rSD6zLysZq4UbfKSTds5WznVwpySHIiYIeGRFnyB2nj-bKJpMkZRdwJHnnrZ2wRaNMONkrv4mn2IOg8HWHovV2tbSIT_5GEiVsymH1pVkeb7Sa7oOcKTBZYNQsQHWFNi0gXFZb-SwR93VD08HOTCNixMWdTMby5iBXXh02JJE_d8EKhwYT1RDaX_lXH8DtdGBVKcZUrErJZnSNXjEyDU_9j38wnsC4F6AzXIAJxyeawmHqhZe4_kWNH8y4gx81atukMnXH8MYRFu7hhWByHeoF2UU4eQZsxqsWlzN3zN81ewoDezrRvFCw4nZmj0Ueapny_lS-ETZ-g-IOrgKR9mbqQ2OJNvPzdaYbVBnrZNghQ0uiFEAo0wzwXMyz3Tk7-SBkSsc249vDIJOZSBlZuvPw-7DK0OeyOmLPSEO-NsEwRySo98PXfMOPlWKWzrzZpPwqX7sKKb7DA-I1oaO6YN4sbiJewR_G-HLwLokqmr5B81LuDeRqkq_AR8ZXWMeYs3YgdbUCVUygMw0ot3nxhRjPoUFqHKBQXkcnAx1vwBndC3I42b1i9n3oK5dOVlJVrARtOyq85DrS&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=Adult&label_ids=4,90,5,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&cpa=4ff6162f-eb49-4ed4-b577-62796d41900d&format=default-slide-b_r-body
168.119.25.22200 OK 0 B URL HTTP/2 1d64fb6441.0ec78e0509.com/in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675685474&created_at=2023-02-04&is_native=1&auction_queue=0&burl=qrN_3xqwnhO1wEKDPpM4CEiYdRe1al8n6ikpIOV6DJIoo1Ljkx6MnQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0009059478520872757&placement_type_id=&skin_test=0&verify_hash=2938f95f23b604be633a22675716dd4d&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=pGSDmJ0i8n96vs0xSX_sdAofIhfBYoEFtmr5JyeOm_3dG7taNNGuECl3it9HIpiw6T13iL5fKpiC3sQyN_w5iHVYho8jNVyNA_gOOdbDdm_RMqzVapvnOEvThuhC215F1ZyNEpHY9jFNTVwiLYxiFswjNhTUzQrLXmwahyq4he-L2T_YRg3DOgrUu0qt80fVe5rn1HvMw7R2I9pVKIEgjWDCvCD-cOuGPFCPs1HaSXBURN8zGiH7B1ZV46pgldBgFhgd85W-iYREr6Ih8_cw9njU_GZ6SkG95THYO9xGNdQ3BMRWV53M8Mie0xcvIgVM4jJ_H8Ep9snjX3SNHq6OjksoYJjkiaiCJy_6-AXL0N6F4NdLNTu7EF_jmBXeOMmTd252mzjhz3oPyLseKUsQY1zcxi1z04X1vi1GM8XI4Av7PsUMROt2Htggc5CqoamsG-pxO81HWkwKgU_dlHXVUIAwEM111tvphcYy629oI8Ael2R3UNfiVCfDHzwvLtNlTPk0Ea10CLSqnw7PBC7XbxcHx36iSMtYygWQJeNtwUnlcvlPqZMuRxGJy-kzIAF5mgvdr6N8y4kIqeLGJs2d--5JW6Afp0S9pJr9xpIzmwqA-ynELyKQsaB52JGz3CUA1xpTZzVDBH05-nzaY-rSD6zLysZq4UbfKSTds5WznVwpySHIiYIeGRFnyB2nj-bKJpMkZRdwJHnnrZ2wRaNMONkrv4mn2IOg8HWHovV2tbSIT_5GEiVsymH1pVkeb7Sa7oOcKTBZYNQsQHWFNi0gXFZb-SwR93VD08HOTCNixMWdTMby5iBXXh02JJE_d8EKhwYT1RDaX_lXH8DtdGBVKcZUrErJZnSNXjEyDU_9j38wnsC4F6AzXIAJxyeawmHqhZe4_kWNH8y4gx81atukMnXH8MYRFu7hhWByHeoF2UU4eQZsxqsWlzN3zN81ewoDezrRvFCw4nZmj0Ueapny_lS-ETZ-g-IOrgKR9mbqQ2OJNvPzdaYbVBnrZNghQ0uiFEAo0wzwXMyz3Tk7-SBkSsc249vDIJOZSBlZuvPw-7DK0OeyOmLPSEO-NsEwRySo98PXfMOPlWKWzrzZpPwqX7sKKb7DA-I1oaO6YN4sbiJewR_G-HLwLokqmr5B81LuDeRqkq_AR8ZXWMeYs3YgdbUCVUygMw0ot3nxhRjPoUFqHKBQXkcnAx1vwBndC3I42b1i9n3oK5dOVlJVrARtOyq85DrS&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=Adult&label_ids=4,90,5,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&cpa=4ff6162f-eb49-4ed4-b577-62796d41900d&format=default-slide-b_r-body
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=2322889499277839048&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=845640524&sid=1978190565&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.036&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=oncam.me&hostname=auc-inpage-hz-6-c&site_id=31297442&spot_id=297442&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675685474&created_at=2023-02-04&is_native=1&auction_queue=0&burl=qrN_3xqwnhO1wEKDPpM4CEiYdRe1al8n6ikpIOV6DJIoo1Ljkx6MnQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73297442&adblock=0&auction_host=apply&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0009059478520872757&placement_type_id=&skin_test=0&verify_hash=2938f95f23b604be633a22675716dd4d&score=84.67591926121551&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D845640524%26spot_id%3D297442%26is_adult%3D1%26p%3Dhttps%253A%252F%252Foncam.me%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=pGSDmJ0i8n96vs0xSX_sdAofIhfBYoEFtmr5JyeOm_3dG7taNNGuECl3it9HIpiw6T13iL5fKpiC3sQyN_w5iHVYho8jNVyNA_gOOdbDdm_RMqzVapvnOEvThuhC215F1ZyNEpHY9jFNTVwiLYxiFswjNhTUzQrLXmwahyq4he-L2T_YRg3DOgrUu0qt80fVe5rn1HvMw7R2I9pVKIEgjWDCvCD-cOuGPFCPs1HaSXBURN8zGiH7B1ZV46pgldBgFhgd85W-iYREr6Ih8_cw9njU_GZ6SkG95THYO9xGNdQ3BMRWV53M8Mie0xcvIgVM4jJ_H8Ep9snjX3SNHq6OjksoYJjkiaiCJy_6-AXL0N6F4NdLNTu7EF_jmBXeOMmTd252mzjhz3oPyLseKUsQY1zcxi1z04X1vi1GM8XI4Av7PsUMROt2Htggc5CqoamsG-pxO81HWkwKgU_dlHXVUIAwEM111tvphcYy629oI8Ael2R3UNfiVCfDHzwvLtNlTPk0Ea10CLSqnw7PBC7XbxcHx36iSMtYygWQJeNtwUnlcvlPqZMuRxGJy-kzIAF5mgvdr6N8y4kIqeLGJs2d--5JW6Afp0S9pJr9xpIzmwqA-ynELyKQsaB52JGz3CUA1xpTZzVDBH05-nzaY-rSD6zLysZq4UbfKSTds5WznVwpySHIiYIeGRFnyB2nj-bKJpMkZRdwJHnnrZ2wRaNMONkrv4mn2IOg8HWHovV2tbSIT_5GEiVsymH1pVkeb7Sa7oOcKTBZYNQsQHWFNi0gXFZb-SwR93VD08HOTCNixMWdTMby5iBXXh02JJE_d8EKhwYT1RDaX_lXH8DtdGBVKcZUrErJZnSNXjEyDU_9j38wnsC4F6AzXIAJxyeawmHqhZe4_kWNH8y4gx81atukMnXH8MYRFu7hhWByHeoF2UU4eQZsxqsWlzN3zN81ewoDezrRvFCw4nZmj0Ueapny_lS-ETZ-g-IOrgKR9mbqQ2OJNvPzdaYbVBnrZNghQ0uiFEAo0wzwXMyz3Tk7-SBkSsc249vDIJOZSBlZuvPw-7DK0OeyOmLPSEO-NsEwRySo98PXfMOPlWKWzrzZpPwqX7sKKb7DA-I1oaO6YN4sbiJewR_G-HLwLokqmr5B81LuDeRqkq_AR8ZXWMeYs3YgdbUCVUygMw0ot3nxhRjPoUFqHKBQXkcnAx1vwBndC3I42b1i9n3oK5dOVlJVrARtOyq85DrS&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.036&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=Adult&label_ids=4,90,5,0&conditions=all,dch_ip,tz_offset&need_redirect_show=0&cpa=4ff6162f-eb49-4ed4-b577-62796d41900d&format=default-slide-b_r-body HTTP/1.1
Host: 1d64fb6441.0ec78e0509.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:15 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash db0fbd0d8cd40a6d6dd0eaefaab7768b
217add18e86b9e605f9006e537f15400b45f0f90
507697d43fda32713698e09eefff9b6e1730774b8da6ca86b131b1cb4a860852
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5615
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:15 GMT
Last-Modified: Sat, 04 Feb 2023 10:37:40 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1efc8c3c61de56d2f4363b2c6921c589
13cabd2d34a14cd61dce1ff11418d9d2b0780623
23705b8853f17d1affbb72cab0c27338af253f4d8396ae9db74993b874596ace
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23705B8853F17D1AFFBB72CAB0C27338AF253F4D8396AE9DB74993B874596ACE"
Last-Modified: Fri, 03 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3936
Expires: Sat, 04 Feb 2023 13:16:51 GMT
Date: Sat, 04 Feb 2023 12:11:15 GMT
Connection: keep-alive
pn.bquildna43.site/in/tip_shows/?katds_ep=BRDJgC79ik9MOAfDwSDZKHRaMl_9Aot-QZRTJ_CWbIxFWmvBS0AB7HQ5KZCH3L3AY9zY3oblIFtAJzWroSmgONUymZaHjpms4u_1H4zTByZRUo_JaH5OqNZ4BorMlMnY6i4ExdndK7_cZagvNFRxOoIAGiDlmF0rHg_0JwZT0Z34MrvEc6tsvgeFRTjw3uwC4cRG4CO_HaLosPw9oMhlNXFyECzjdbIcGODJLlCR4dPQA1QsrhcUREFYKkmCofS8X1c16nymIoKXEZWpjY4RpvMHCXObRkfExwcNJAJELmkZ2BaTUM6tSk125ObZ8lWtaP3hp1DWtbsyC1E6oIdxoYNQGXn8CZWJIIa12PohNpzkx7U3QOCwBBOFqjWFARII9y60ARzfaeDFpCjgvEwxyyItKZKvsN8oHRmSlUqjTO2PWOOOg6c8Gsdo7b9twEFGuppty5Kgvw7qSebmDR8ejLtu2FWsrtsAGbaUFWGDt7nILPyt24RDUfPEYpBGZ_caW8lep_AD-82Jx1bzKKgn85joQPcwBRaz12DQYp86yPh4LxqgsnerMdVGFjoDmwRI1Ya-fy5YqcKwypuvLIJ6kpXDvLWF4H7b0ytNQMpHcLw5ulBrmmkOprqwFnsdAwww91-7CZRWO5aJr0UIYw6yjNcJS8x2bR2n3M8VW7sn6KzsxF3aoFA269M6Bc3JAEQDk1jPjzzpfqLIr7gNbWcVo2i8YCz28s87d8YxzNmMcV9TnaApbCge_liWAeR_x5gRXaH0tjfF1GU218NzUMQI_Ty2xVo34OJCobpedw33fTIsYxyNKLOhnUox&sp=${SECOND_PRICE}&cpa=1790c50e-b75e-4a60-9b9c-d7d1c75806ac&format=default-slide-b_r-body
188.114.97.1302 Found 0 B URL HTTP/2 pn.bquildna43.site/in/tip_shows/?katds_ep=BRDJgC79ik9MOAfDwSDZKHRaMl_9Aot-QZRTJ_CWbIxFWmvBS0AB7HQ5KZCH3L3AY9zY3oblIFtAJzWroSmgONUymZaHjpms4u_1H4zTByZRUo_JaH5OqNZ4BorMlMnY6i4ExdndK7_cZagvNFRxOoIAGiDlmF0rHg_0JwZT0Z34MrvEc6tsvgeFRTjw3uwC4cRG4CO_HaLosPw9oMhlNXFyECzjdbIcGODJLlCR4dPQA1QsrhcUREFYKkmCofS8X1c16nymIoKXEZWpjY4RpvMHCXObRkfExwcNJAJELmkZ2BaTUM6tSk125ObZ8lWtaP3hp1DWtbsyC1E6oIdxoYNQGXn8CZWJIIa12PohNpzkx7U3QOCwBBOFqjWFARII9y60ARzfaeDFpCjgvEwxyyItKZKvsN8oHRmSlUqjTO2PWOOOg6c8Gsdo7b9twEFGuppty5Kgvw7qSebmDR8ejLtu2FWsrtsAGbaUFWGDt7nILPyt24RDUfPEYpBGZ_caW8lep_AD-82Jx1bzKKgn85joQPcwBRaz12DQYp86yPh4LxqgsnerMdVGFjoDmwRI1Ya-fy5YqcKwypuvLIJ6kpXDvLWF4H7b0ytNQMpHcLw5ulBrmmkOprqwFnsdAwww91-7CZRWO5aJr0UIYw6yjNcJS8x2bR2n3M8VW7sn6KzsxF3aoFA269M6Bc3JAEQDk1jPjzzpfqLIr7gNbWcVo2i8YCz28s87d8YxzNmMcV9TnaApbCge_liWAeR_x5gRXaH0tjfF1GU218NzUMQI_Ty2xVo34OJCobpedw33fTIsYxyNKLOhnUox&sp=${SECOND_PRICE}&cpa=1790c50e-b75e-4a60-9b9c-d7d1c75806ac&format=default-slide-b_r-body
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=BRDJgC79ik9MOAfDwSDZKHRaMl_9Aot-QZRTJ_CWbIxFWmvBS0AB7HQ5KZCH3L3AY9zY3oblIFtAJzWroSmgONUymZaHjpms4u_1H4zTByZRUo_JaH5OqNZ4BorMlMnY6i4ExdndK7_cZagvNFRxOoIAGiDlmF0rHg_0JwZT0Z34MrvEc6tsvgeFRTjw3uwC4cRG4CO_HaLosPw9oMhlNXFyECzjdbIcGODJLlCR4dPQA1QsrhcUREFYKkmCofS8X1c16nymIoKXEZWpjY4RpvMHCXObRkfExwcNJAJELmkZ2BaTUM6tSk125ObZ8lWtaP3hp1DWtbsyC1E6oIdxoYNQGXn8CZWJIIa12PohNpzkx7U3QOCwBBOFqjWFARII9y60ARzfaeDFpCjgvEwxyyItKZKvsN8oHRmSlUqjTO2PWOOOg6c8Gsdo7b9twEFGuppty5Kgvw7qSebmDR8ejLtu2FWsrtsAGbaUFWGDt7nILPyt24RDUfPEYpBGZ_caW8lep_AD-82Jx1bzKKgn85joQPcwBRaz12DQYp86yPh4LxqgsnerMdVGFjoDmwRI1Ya-fy5YqcKwypuvLIJ6kpXDvLWF4H7b0ytNQMpHcLw5ulBrmmkOprqwFnsdAwww91-7CZRWO5aJr0UIYw6yjNcJS8x2bR2n3M8VW7sn6KzsxF3aoFA269M6Bc3JAEQDk1jPjzzpfqLIr7gNbWcVo2i8YCz28s87d8YxzNmMcV9TnaApbCge_liWAeR_x5gRXaH0tjfF1GU218NzUMQI_Ty2xVo34OJCobpedw33fTIsYxyNKLOhnUox&sp=${SECOND_PRICE}&cpa=1790c50e-b75e-4a60-9b9c-d7d1c75806ac&format=default-slide-b_r-body HTTP/1.1
Host: pn.bquildna43.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: application/json
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 2357.0=1; expires=Sun, 05 Feb 2023 12:10:06 GMT; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tDjwdemzh3sL508Y3haZVflIqXLipxkPWWZ%2Bs5l1ima5Y%2BNG0%2B49bKmXUssn1aFqA7n1iqExMMvIM8qsVjZWYZfhx60hC81s8rN5NBibD9LhRXMWxaNc6IPhTbC55g2d1%2Bb%2F1Ps%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79434ecfdd7c0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash db0fbd0d8cd40a6d6dd0eaefaab7768b
217add18e86b9e605f9006e537f15400b45f0f90
507697d43fda32713698e09eefff9b6e1730774b8da6ca86b131b1cb4a860852
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2538
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 12:11:15 GMT
Last-Modified: Sat, 04 Feb 2023 11:28:57 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
45.133.44.25200 OK 9.0 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 300x200, components 3\012- data
Hash ac4fce2099a6cbd7264384fba760fc66
d95ed9daf1b4e01d98b089f6688319cc5e377aad
0e5e7942344997c25d52522d74def5e71eb22337f2fecf13ac63fe940bcdb176
GET /m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: image/jpeg
content-length: 9014
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:18:07 GMT
etag: "62e4e93f-2336"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
45.133.44.25200 OK 2.9 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3\012- data
Hash 66098442dc8934e8c6f5351e39d40e71
6bdebd9a664636433febe19afd7a5b37bff07126
b264aead392358ee4523a21bdd6726c1ec24c6ff849dbdf07dfd15bc6dedff4e
GET /m/p/0/374/374538/conversions/6OTjphwd-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: image/jpeg
content-length: 2921
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:17:53 GMT
etag: "62e4e931-b69"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=a28ebe02-9fd0-4e9c-8831-b9c07e9c7135&mlc=1&format=default-slide-b_r-body
168.119.25.18200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=a28ebe02-9fd0-4e9c-8831-b9c07e9c7135&mlc=1&format=default-slide-b_r-body
IP 168.119.25.18:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=a28ebe02-9fd0-4e9c-8831-b9c07e9c7135&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
168.119.25.18200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP 168.119.25.18:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 12:11:15 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
bcprm.com/promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
185.75.252.140200 OK 0 B URL HTTP/2 bcprm.com/promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
IP 185.75.252.140:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=712490&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy HTTP/1.1
Host: bcprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Sat, 04 Feb 2023 12:11:12 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 103
X-Firefox-Spdy: h2
bcprm.com/promo.php?c=712490&type=banner&size=728x90&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
185.75.252.140200 OK 0 B URL HTTP/2 bcprm.com/promo.php?c=712490&type=banner&size=728x90&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
IP 185.75.252.140:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=712490&type=banner&size=728x90&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy HTTP/1.1
Host: bcprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Sat, 04 Feb 2023 12:11:12 GMT
x-bcs: ded7383
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 103
X-Firefox-Spdy: h2
bcprm.com/promo.php?c=712489&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
185.75.252.140200 OK 0 B URL HTTP/2 bcprm.com/promo.php?c=712489&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy
IP 185.75.252.140:0
ASN #48684 Viking Host B.V.
GET /promo.php?c=712489&type=banner&size=300x250&name=st_true;st_small_big_huge;st_random_all;st_molly;st_snapchat;st-boobs;double2;how_long;st-squirt;crazy HTTP/1.1
Host: bcprm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin:
expires: Sat, 04 Feb 2023 12:11:12 GMT
x-bcs: ded7384
strict-transport-security: max-age=0;
cache-control: no-cache, public
content-encoding: gzip
x-bc-bl: 103
X-Firefox-Spdy: h2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817078&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817078&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP 104.18.59.150:0
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslstdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817078&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Referer: https://oncam.me/
Connection: keep-alive
Cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLECaqYHxHT48F6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79434ec3be84b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817076&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817076&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP 104.18.59.150:0
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmslsrdVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817076&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Referer: https://oncam.me/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs2GUnUC48LyjS
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79434ec3fee5b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817080&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817080&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11
IP 104.18.59.150:0
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397613&masterSmartpopId=2683&memberId=ooc4ASOptmsltldVdVLTXdW6VzqpbXUzOodTK6V0rpXT1UU0uldK6V0zpXSuldK6Z0rpXTOc6VwQa5_x_7uc6V0rpXSuldK6V0rpXB9g&p1=4581850&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4817080&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30208&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oncam.me
Referer: https://oncam.me/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbs2GUnUC48LyjS
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:13 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://oncam.me
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79434ec3eee3b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oncam.me/151854/c4-bbnikki-mp4/
186.2.163.70200 OK 0 B URL HTTP/2 oncam.me/151854/c4-bbnikki-mp4/
IP 186.2.163.70:0
ASN #262254 DDOS-GUARD CORP.
GET /151854/c4-bbnikki-mp4/ HTTP/1.1
Host: oncam.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: __ddg1_=SixjmUahj8xAhVlmR7AM; Domain=.oncam.me; HttpOnly; Path=/; Expires=Sun, 04-Feb-2024 12:11:12 GMT
ASPro_e9694da344=ovrkmup1uua5tvgf1t1qd3numt; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 0 B URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116423
date: Sat, 04 Feb 2023 12:11:12 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
onclickprediction.com/a/display.php?r=6660318
35.190.73.129200 OK 0 B URL HTTP/2 onclickprediction.com/a/display.php?r=6660318
IP 35.190.73.129:0
GET /a/display.php?r=6660318 HTTP/1.1
Host: onclickprediction.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 04 Feb 2023 12:11:12 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
link: <www.gaming-adult.com>; rel=dns-prefetch,<www.gaming-adult.com>; rel=preconnect,<eventucker.com>; rel=dns-prefetch,<eventucker.com>; rel=preconnect
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
js.wpushsdk.com/npc/sdk/wpu/npush.m.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpushsdk.com/npc/sdk/wpu/npush.m.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oncam.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 12:11:14 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 03 Feb 2023 12:56:56 GMT
etag: W/"63dd0498-4fa40"
content-encoding: gzip
expires: Sat, 04 Feb 2023 12:16:14 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2