urlscan.io logo urlscan.io
SecurityTrails logo

www.spell.theater Open in urlscan Pro
104.21.39.116  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Effective URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Submission: On October 11 via manual from HU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 8 domains to perform 60 HTTP transactions. The main IP is 104.21.39.116, located in and belongs to CLOUDFLARENET, US. The main domain is www.spell.theater.
This is the only time www.spell.theater was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
42 104.21.39.116 13335 (CLOUDFLAR...)
3 142.250.185.136 15169 (GOOGLE)
1 172.67.74.99 13335 (CLOUDFLAR...)
5 142.250.185.78 15169 (GOOGLE)
1 104.111.215.74 16625 (AKAMAI-AS)
3 2.16.186.58 20940 (AKAMAI-ASN1)
1 142.250.13.155 15169 (GOOGLE)
1 192.0.76.3 2635 (AUTOMATTIC)
1 142.250.184.228 15169 (GOOGLE)
60 10
42    104.21.39.116 (None, )

ASN13335 (CLOUDFLARENET, US)
www.spell.theater
3    142.250.185.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f8.1e100.net
www.googletagmanager.com
1    172.67.74.99 (United States)

ASN13335 (CLOUDFLARENET, US)
www.schoolofsquirt.com
5    142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net
www.google-analytics.com
1    104.111.215.74 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-74.deploy.static.akamaitechnologies.com
p.typekit.net
3    2.16.186.58 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-58.deploy.static.akamaitechnologies.com
use.typekit.net
1    142.250.13.155 (United States)

ASN15169 (GOOGLE, US)
PTR: we-in-f155.1e100.net
stats.g.doubleclick.net
1    192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)
pixel.wp.com
1    142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net
www.google.com
Domain Requested by
42 www.spell.theater www.spell.theater
5 www.google-analytics.com www.googletagmanager.com
www.spell.theater
www.google-analytics.com
3 use.typekit.net www.spell.theater
3 www.googletagmanager.com www.spell.theater
1 www.google.com www.spell.theater
1 stats.g.doubleclick.net www.google-analytics.com
1 pixel.wp.com www.spell.theater
1 p.typekit.net www.spell.theater
1 www.schoolofsquirt.com www.spell.theater
60 9

This site contains links to these domains. Also see Links.

Domain
www.schoolofsquirt.com
www.weteachsex.com
pro.schoolofsquirt.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-10-11 -
2022-10-10		 a year crt.sh
*.schoolofsquirt.com
R3		 2021-08-16 -
2021-11-14		 3 months crt.sh
*.typekit.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-16 -
2022-07-21		 a year crt.sh
use.typekit.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-16 -
2022-08-16		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 2 frames:

Primary Page: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Frame ID: FD8B5C31CC33EE14E77A6AE3DE05C0F1
Requests: 58 HTTP requests in this frame

Frame: http://www.spell.theater/clicks/SquirtingSchool2_files/blank.htm
Frame ID: F5C5856D2A619CDEC3B819C5B990DE8E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

School Of Squirt - The Original & Best Place To Learn About Squirtingcheckcheckcheckcheckcheckcheckcheckcheckcheckcheckcheck

Page URL History Show full URLs

  1. http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/ Page URL
  2. https://www.spell.theater/offer.php?id=314&sid=929473&h= Page URL
  3. http://www.spell.theater/clicks/sschool2.php?sid=929473&h= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtag/js
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

60
Requests

27 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

10
IPs

3
Countries

1095 kB
Transfer

2201 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/ Page URL
  2. https://www.spell.theater/offer.php?id=314&sid=929473&h= Page URL
  3. http://www.spell.theater/clicks/sschool2.php?sid=929473&h= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/ 		921 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.25
Resource Hash
a8a1bbfcd26f3e8cc4feafcf679e3e7c7e22810287b43e4f9af2170c14999061

Request headers

Host
www.spell.theater
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
x-powered-by
PHP/7.3.25
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kguYyjqDHSdHcfe5Wxzg8BM%2BF9P3HHBiZ9WTEDrXjjHB1J9JNqf3NOO68pJBay56HbmkzOxrYcXh1rgqbzlohVBq3Kb4gkqmXGRzOMR9megbdf%2BuOnXqsvKwt%2FHjCHbqecFqMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
69c6c6d3ade0412b-PRG
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery-1.11.0.min.js
www.spell.theater/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/jquery-1.11.0.min.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2805
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Jun 2016 01:14:34 GMT
Server
cloudflare
etag
W/"5760abfa-1787d"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wuoiJWRoA2vPqo2hEzeZL%2FWzBbRpt7NDLGye0rs7nAYqxadzoR1IbdbfMMnC8OD4blkRExSFmT5WHaG9OuC%2FUS7momwk3PzeMrW8CVi1Io5tNsoqW51Gk2t0v28Mc33PGgcBNA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d43e41412b-PRG
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-22484186-3
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39222
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 11 Oct 2021 08:39:13 GMT
offer.php
www.spell.theater/ 		240 B
744 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.spell.theater/offer.php?id=314&sid=929473&h=
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/Jjccnpbesuu/kswh831267hauuoxjm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.25
Resource Hash
a32e4e4f89efe94deae24c57c8f14333bc066f442f4b1d2d325a97b636259022

Request headers

:method
GET
:authority
www.spell.theater
:scheme
https
:path
/offer.php?id=314&sid=929473&h=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://www.spell.theater/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.3.25
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPgy5WRBYgtLS7nEUxR%2BxLI7Ovsm7DiYa87jvTf6SXsdmxPlf3sASQ6rQwP2JBsCoSkELKlR5SQslfnJJ%2F7cRWeT3%2BUBt4%2BVON4g6G3q4%2FOcN%2BGCChjg%2Blx1X9O4Fz3Le0jYug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69c6c6d4aaad4107-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Primary Request sschool2.php
www.spell.theater/clicks/ 		67 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.25
Resource Hash
daf93f9d7aa7c559bc747315e359e1480c5996668798384a8fa23a81a356c84c

Request headers

Host
www.spell.theater
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
x-powered-by
PHP/7.3.25
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XBrGxbgPP%2B01SkHNY%2B11xT6LloCjLmgjhEf7gknOwgR9VM54zCgjRW9J8wLbVXNrJNmW9GSrrqMk6%2FHU1fc3qbTEY0suhNzDFibA0ToyoK1xPqz7%2F%2F4qHYCi5tNExttUi19Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
69c6c6d52ec8412b-PRG
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-22484186-3
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
127f5d0eaff5cddfb6c2c5c190cc57ada0c2017d64f72c1e9e6a0ecf9cf84b9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39175
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 11 Oct 2021 08:39:13 GMT
gtm.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		93 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/gtm.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da09b4fc38a23e1e5ed617fab5bba5541664cc2f320cc477db9a7f265620368

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:30 GMT
Server
cloudflare
etag
W/"60a2a0b6-1745f"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuyVVwlBQLllSUj9KIRKUGm4NTl1n1wx0OEMlMpCnF6%2BbfP5S9ezq02BE03qYInbadiqtxrsQrRJzxPHo334Gz%2FnA3YyuuhkjGdVuJDhJYd%2BpiMCJI8R145y8ekESLg3otEeHg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d619822790-PRG
analytics.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/analytics.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:19 GMT
Server
cloudflare
etag
W/"60a2a0ab-c001"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Teaw1UvCj8K%2BAtL697LczB5px2b92DjdLwEsm4aU3y3YtJzs8nDLFGNlDM%2B5%2FGeGxN2dvNe6luCNsZHOteLpHneaN6sDuD4z5kmDjFEmveLfqIrmQcEt7U%2BSiuUKdad%2BWBAsKw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d66c5c411f-PRG
wp-emoji-release.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wp-emoji-release.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:59:02 GMT
Server
cloudflare
etag
W/"60a2a0d6-3795"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNDWyqT0PU4SQc3Emu1%2F1%2FPRCzAQs4mzTDU5IcAomvHnggH5E9ld9w740f%2Fj7YJwnBu8RfmgEzBsopSx%2FKMz5enJZJv%2B4Xjgk7DCOoOF1AJMIloaH2RP6TdsTv%2FKURJ1z75VGw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d669dd410d-PRG
style.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		57 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/style.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:47 GMT
Server
cloudflare
etag
W/"60a2a0c7-e33b"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2BmUUF%2B86fMmCn%2BzHIFnPqLcnPukjIA20GisBn2zC3DWZndBOVb1kayluAM28h%2BGWzriWNDqV%2B9z8ppHU4aOEUj7Fo51LUQUL3UxBoAbSwZcFFGA5S9TWKmMVsp4pTmNXPx73A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5b956410d-PRG
screen.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/screen.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:39 GMT
Server
cloudflare
etag
W/"60a2a0bf-484"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wgI1zECffoy7us%2FDedWd21opcA3SfvhrVmEyM0n5gHKNaWnu1JocXn4GlosihbjA9k8J8htXenSFnkxui4w6p4vKVtasRGAZmBZxqQD7JNhMvFzz%2FhC5KSq2rbAErOOmz41HzA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5bbf8411f-PRG
thrive_flat.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		394 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/thrive_flat.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b531aa01c50f9fdb25ad05635abc3be6d858a42507c6417244d7a64063519f1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:50 GMT
Server
cloudflare
etag
W/"60a2a0ca-62908"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJRRQiYFXgbzk0hk6%2Fm%2BKZWDC30yLIQ1BbKnSjRz7oDGEngmVbQi2rGNRgnGDDDxMOlBSnNFaEWEnRS219ddUDXv7XaExLXajSr9LhXXYNRRDNg06hZQrorXqhCEGH8n1ylbwg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5b95b2790-PRG
unsemantic-grid.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/unsemantic-grid.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ee7784d217b273bd847dcc83ca3451f76f63cc1b619805dbdb297197bb44eb8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:50 GMT
Server
cloudflare
etag
W/"60a2a0ca-3107"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qi%2FoqpOS0Crk9XRpxW8OLpLuCJGCvLo1byrrUuZiYaxQl8qHIGSFxkKcIFCUklGGecoTsbFj%2FgYSDxGUhUQ0ELnBloTaZL7hZ82aJ7vLAUxujj7dqiqwzqkfEqdMajkbXfWM2w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5b97e4108-PRG
style_002.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/style_002.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a5a099b1cdf060a28dcd4821c3a04849e32b7e6931b6d289d4afc3324d6e15a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:48 GMT
Server
cloudflare
etag
W/"60a2a0c8-556a"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dv7n1MlnzMCOz8%2FlYbJZfIcE7YOukhLyA6N59FPhDFKD0CYyKUO7OMTORR8ZdD4kqp4vayynrxJ95VOAAqXZnKoXF3o%2FZ2bAcorrztslf8P7LVh4C6MKAgFezhKQ3%2FimIusHZg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5bd50f9e6-PRG
wp-emoji-release.min.js
www.schoolofsquirt.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.schoolofsquirt.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.99 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
content-encoding
br
vary
Accept-Encoding,User-Agent
cf-cache-status
HIT
wpx
1,1
age
298852
last-modified
Wed, 21 Jul 2021 00:54:32 GMT
server
cloudflare
etag
W/"4705-60f77048-bb25128a35b41a31;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQ0pZhgNQVqBzD8HG%2BU4aT19V2VQe0l%2FM7j8HczFv9VT%2FvFSTHpgefGNr8vAyVNlMZsbIMb3870Qb8od1A1gfvhB41yYo1knXVyxmkiv2GCHSYq%2Fo%2Fsq%2Fwlr8lZOYMN3U%2BYtFeNn%2Bpo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
69c6c6d69bb04107-PRG
expires
Thu, 14 Oct 2021 21:38:21 GMT
mobile.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/mobile.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b29f10d6e7c79c2f7f11b0abe16a4fb45e29673dababd29a0313d72aeaa90b5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:38 GMT
Server
cloudflare
etag
W/"60a2a0be-ec5"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24M9%2FfjqFL0KByzbAd3jk90L%2BeQ5T63B3rZhD8Lei%2BghG9lfU%2BsqeWCciGP494OoYxM%2FlZOJoACek%2Fpnm4kkvngyEkVSxona55xJ2UAsWAIyPF%2Be3u9NB0IQ%2Bek72ZvgOQrlXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5dc1a411f-PRG
font-icons.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/font-icons.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ccef01c8b992a66a79e7ee0d1d88303bfd159a77058fc9bd8cef15af49f5aaa

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:26 GMT
Server
cloudflare
etag
W/"60a2a0b2-ade"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5amQgf7IPz502idRC8BZjZweD4pXuWjXpCun4ko0Pbk9hyiJeJExYvhyM6A8c6bEYovS8%2F3xuhtW0AW9DHZPVrmZIUC44DrAFsD4x6EBYTOtI71b5BYoIEwrTOVbPnIePpCOw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5d973410d-PRG
style_003.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		107 B
915 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/style_003.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cab767b401880e1bff09553abc4dc5eeadf1e2fda4d793f47866784fd7703b7d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:49 GMT
Server
cloudflare
etag
W/"60a2a0c9-6b"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fo2Ove0HtXmyBkLdN03zwA0Cm%2Bo854UHKjCFD%2BQliC2B7mArRvKzlpZz0hjp%2BeDrSwtpe3mqcnOlKCJbZ8UhYWIZSyZdUQ1lGhcEYVXORUuKSn8vJX4ZKlYpnFkqlLbWx4uipQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5d9a84108-PRG
sticky.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/sticky.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e858a3bf02390ad4f8a5db4f1b4b979d96db387f48f1c6069557bc369ee6662

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:41 GMT
Server
cloudflare
etag
W/"60a2a0c1-74d"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BipCsEYUdxvOS2iUCp%2FAk3Uw5pgJg6PbPLs0iarzLWWnB6QBXSZZ3X1137%2BK24r4qbKNPFAYFoX3NWQQEEiNbUCuQUo5Vdx8SqqhW38c%2BBDb6784oTIYUkYrQK7brj7NDQqLlg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5ed5cf9e6-PRG
menu-logo.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/menu-logo.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04fb8800b3296be9eaac9ab4f89960b4ef83dd859d987ea02f4d4fedc7f3e8ad

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:37 GMT
Server
cloudflare
etag
W/"60a2a0bd-678"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksfM%2FZ14y4edNUjHAD7igJZFMgEeDU8wLPqGYMG%2FF7b%2FmF%2BjVLmGIgspgvFjCGUuCNMitNnfJe8i%2FNbHpVW9A1fNk8uGpbN%2FxTdk40oxm8g70FZ3ijqs7CdbfxGDLlHF89S4dA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5f9762790-PRG
jetpack.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		76 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/jetpack.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
177b4773b237fa63062f913ed377e24540f843cda864a8d271c5ca083c18a9c6

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:32 GMT
Server
cloudflare
etag
W/"60a2a0b8-12f9f"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2GCaQwDb47%2BCjKA5TkT48niPG9mfYYUBbqNuF1Rle27gzwK9tSLkrqBRZwlz4UGoN5HcAI58Bvlln3GcHcm8DByfnoUqnhpZjU9Mu%2FgaXSLwgekjoyvJrCPTCs3%2B9scF7Kssw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5f98b410d-PRG
jquery.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/jquery.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:34 GMT
Server
cloudflare
etag
W/"60a2a0ba-15d98"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBL8WtjHSMMP5No928KUS%2FnK%2BgcBbHiiqcwCF1jlyMJbDZc1ePYilH3Rx5jypwQgoHsrPnotNI6mjz%2FIboe0%2BRsPKHYoXBkeeVEvu5l6dFWQdfNG85MSAqWJjir%2F%2BGEY1liK1w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d609c84108-PRG
jquery-migrate.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/jquery-migrate.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:32 GMT
Server
cloudflare
etag
W/"60a2a0b8-2bd8"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MsXkXbdFx2x4L0R6GJqfy2QyO6JkHiOx9Cy%2BdZLuDyC52bW2eaSLhPhEJsmF%2FUPca3sxSVD2z50X90y9NfcXNjMm%2FL2SaZJVBwd74RBPge1kehO0p0PurTwT0nf07%2Bl0K9%2BTnA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d60d63f9e6-PRG
edc2avj.css
www.spell.theater/clicks/SquirtingSchool2_files/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/edc2avj.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc3376166dd200ed0ebecad0338a2a9cefa48f34057fed2b7183cb54ab052f91

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:25 GMT
Server
cloudflare
etag
W/"60a2a0b1-cae"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BAfpZFqhyBG31VfMxCxq0Syl3aSWjgyai7c71YOA5WhJ7YqKqAoK0zX67tl54OIkn2jPNPauz6s4i0ZzB4kcBvnwNe%2FuCXzEaDSvvp5mFN8%2FJgTYRXD2qwAXRiIWUa30lwksA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d5fc2f411f-PRG
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-22484186-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
6736
date
Mon, 11 Oct 2021 06:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 11 Oct 2021 08:46:57 GMT
sos-logo-tiny-1.png
www.spell.theater/clicks/SquirtingSchool2_files/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/sos-logo-tiny-1.png
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
970d7e7b687bbb122c2418af225ecc6e6d3d39057fcd9f467757462d3064f90d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
5807
last-modified
Mon, 17 May 2021 16:58:40 GMT
Server
cloudflare
etag
"60a2a0c0-16af"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o00GURDXSXGkQL3u5Xj7hRcbfQ9Pc45GOfftzdKBh%2B34XGuzzIocNgsxTlNk0POZSR7HDGllSt%2F7kwADp8hp1xMPnHP7PS7iD4jwzMyemMB9%2FP709xqjJuc8SradbaWYE2A2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d66d8bf9e6-PRG
1f609.svg
www.spell.theater/clicks/SquirtingSchool2_files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/1f609.svg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:19 GMT
Server
cloudflare
etag
W/"60a2a0ab-49f"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgzU3mquVSDIktXDqdbXx5Um1uHwAUAaXWbrr7QH2KLzzypSdPLDl8p35yXPdWZO5ZFRSxqsVMOhka%2BB5mO7WNwMxtp15TvcUg%2F06dVLYUiY7JaEldb%2FZIOi%2BT59BgYCBhMS3g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/svg+xml
Cache-Control
max-age=14400
CF-RAY
69c6c6d67a244108-PRG
sticky.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/sticky.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cf678c930e404a259cde8363532ab40f706f6e79d568977775d377a40404004

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:42 GMT
Server
cloudflare
etag
W/"60a2a0c2-2115"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BVnvsZlDjc3pCU5KCNvNKvMmPcl4JtufnY2P6NC8GFoxE7DncMn9mf2T3inPXZUMZlgN6fxXJQ%2FKSo0i0CAIxiplcVUndCnu27yP513Hh5lrDtbEkd0dpOB9l0Us2TDVwcajQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d629ef4108-PRG
front.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/front.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:26 GMT
Server
cloudflare
etag
W/"60a2a0b2-17cb"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQl5hmI%2Bmx8UeQ7%2BWRaYwESuJQ%2BNTlsICnVP3V7nKFDqfNhOSf6pzi320o90OQ7uDCb65Mm7aMsaPrk9MjhbsOZg9HZisDwOcEmo51IXt1pX%2FhXKFCNd0VzzXrAu5AUtI1PErw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d649972790-PRG
imagesloaded.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/imagesloaded.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:30 GMT
Server
cloudflare
etag
W/"60a2a0b6-15fd"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkFg10UtqCQdX18SU6wUSmOr2U6DCdHZSWHIh3LEeBYt%2FW1h%2F7uAqFELq%2F6kj9F9erxb3F1ce4rPCkIGYITMh1OgOunHFrVF%2FfDjUz4vEHBfajxxiyWZmo5M%2BXKldwty4Xhx8A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d64d80f9e6-PRG
masonry.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/masonry.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:36 GMT
Server
cloudflare
etag
W/"60a2a0bc-5e4a"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjonQVfcXgVaiftIpbDaR7HY%2BPhgiMJ%2FOI5YailuZuBcsmNXjOYmbIAbFmQqdqcN7uTxBA2JP1n4MC025acfw5UbvsaMhgEWgHuU7HDx2po3Fd5sf09McHEeqroMiyhdgrGmUA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d649c0410d-PRG
jquery_002.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/jquery_002.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:34 GMT
Server
cloudflare
etag
W/"60a2a0ba-71b"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JLJrMXiCRiBQtYkXCO83NYiwPYeScWr%2BdaX6znPlFZrWiQaCWvJ5kikYvjNlnyGC1mpcBp%2F0VlZSYtw3HIvwxLziu94qnTRv0%2BtHP%2BV1hQmP637n517G7wTEEx2sgobgVhYtHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d64f55412b-PRG
frontend_002.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		69 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/frontend_002.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2558f8df90b3370d31e7dac6b5003c9e795c2b52a8db7fa172c4e2ce68ff171

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2803
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:28 GMT
Server
cloudflare
etag
W/"60a2a0b4-115cb"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQOXOU1Wkbpq%2B5y91TntBlU5BZoAtAUo8rjlctjHp3WqinCsI4qI0XoGyAfR5lUtddTQ4SpWyPfx00eLbQWezBo6Kei56P8MmmQ4sIzCb89NIt0egewFO91OFBKHQc5rE9jQMw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d64c4c411f-PRG
main.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/main.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:36 GMT
Server
cloudflare
etag
W/"60a2a0bc-1c98"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiXXnDbxkZM1VyEta137STGOsbiUjKCSQv9zO30D42cNNGT7U8QdbnPhW91CaL0nLWUDWybq460NrX8iSjEEXvNQzal%2FoI2Xnf2U8zNQ%2BxqWiD1VbuYiLiYKq%2BD2D3aw24UcYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d65a0a4108-PRG
frontend.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/frontend.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b991021ae67f0ba966eca14253e6a8012415cf0b20b686533feece87db2ba802

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:27 GMT
Server
cloudflare
etag
W/"60a2a0b3-728"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qhqTr589Zqb7wPDfvNSAUafZrWNl9%2B8%2BRh5i44N9q1ps81xT6QrCYuYLQ%2B5C7dj%2BZvBUAU36ELokmAo64Ku6hjNutp4SJXl5eMrsirgf95DAHVPN3WzBs4EltJ0vaVxa8SxY%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d659a12790-PRG
wp-embed.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wp-embed.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:59:02 GMT
Server
cloudflare
etag
W/"60a2a0d6-592"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uV46Igp%2Fr45Pbbpx1TDHCk5CJUaYHCpIYAA0GuYCmQwWr7GjEUa3AMK%2BmvV9fG90i6HuC19Y8Vot1ZzEK71OtZCvvcVfL7DmoEbOykVkOlgjRoEZpk4sl%2BzbsnRnffzvD27yGw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d66f63412b-PRG
e-202115.js
www.spell.theater/clicks/SquirtingSchool2_files/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/e-202115.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
*/*
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:58:23 GMT
Server
cloudflare
etag
W/"60a2a0af-230c"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ncfg3VC44w1L4LWSe0KgOZLurO47xfxKEZep7OygT2%2BzBmrs%2B%2FFSkAdZFMHFERa%2BYZaBGyRYkKixBr0aYzTxnFXSQ52tltpsd3stIUouI%2B%2FEoDXXJHGMt0MYqqGbJn0KZGJvUA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=14400
CF-RAY
69c6c6d679a72790-PRG
g.gif
www.spell.theater/clicks/SquirtingSchool2_files/ 		50 B
837 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/g.gif
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
50
last-modified
Mon, 17 May 2021 16:58:29 GMT
Server
cloudflare
etag
"60a2a0b5-32"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4j10BG10bhs0gfr8RznVdlgfYuRoCLRH61EDxoTVD2Dq8IwbScwtZp0mKjQ%2FcOtlFsrv%2FkUn7tUCS7%2FBNBNEGpGx35PcPaUiqvgiXFmaoFazAIjgdvuI0n%2BXIz5u3ZLbpg9fw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d68f74412b-PRG
gtm.js
www.googletagmanager.com/ 		133 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WQK7ZT
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
240f5fa2628b642335f10234cfa675c0fdb01df7a9549c6d4c00d4197f945682
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50586
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 11 Oct 2021 08:39:13 GMT
p.css
p.typekit.net/ 		5 B
181 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/SquirtingSchool2_files/edc2avj.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-74.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
last-modified
Thu, 05 Nov 2020 13:49:42 GMT
server
nginx
etag
"5fa402f6-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
6736
date
Mon, 11 Oct 2021 06:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 11 Oct 2021 08:46:57 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1624441580&t=pageview&_s=1&dl=http%3A%2F%2Fwww.spell.theater%2Fclicks%2Fsschool2.php%3Fsid%3D929473%26h%3D&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=782608542&gjid=1369685567&cid=333854784.1633941554&tid=UA-22484186-3&_gid=94822319.1633941554&_r=1&gtm=2oua60&z=194070508
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.spell.theater/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 11 Oct 2021 08:39:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://www.spell.theater
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1624441580&t=pageview&_s=1&dl=http%3A%2F%2Fwww.spell.theater%2Fclicks%2Fsschool2.php%3Fsid%3D929473%26h%3D&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1058012622&gjid=1247770915&cid=333854784.1633941554&tid=UA-50355398-1&_gid=94822319.1633941554&_r=1&gtm=2wg5c1WQK7ZT&z=1298949269
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.spell.theater/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 11 Oct 2021 08:39:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://www.spell.theater
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/SquirtingSchool2_files/edc2avj.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-58.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9

Request headers

Referer
http://www.spell.theater/
Origin
http://www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
server
nginx
etag
"852dacc5cd2685c187708b882b28635465e17bd0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32688
l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/SquirtingSchool2_files/edc2avj.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-58.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
259ca84f380e0a4a327867ce595dbb02ea8f3fe8ae0e96f902e0051fc44c194c

Request headers

Referer
http://www.spell.theater/
Origin
http://www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
server
nginx
etag
"a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33656
l
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/SquirtingSchool2_files/edc2avj.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-58.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9911551bfac483efeaad5d4f502eaf6796e61f1776eaeac37e937104e47ec84f

Request headers

Referer
http://www.spell.theater/
Origin
http://www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 08:39:13 GMT
server
nginx
etag
"98ea2e3888e90196090ca6bc7ddc5345e1871a7a"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34376
click-box.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		328 KB
329 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/click-box.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69d8acb1d591a05de8ee50e77ce8f6872cc5cdd120125d8aa386eb31ccf98ec8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
336086
last-modified
Mon, 17 May 2021 16:58:21 GMT
Server
cloudflare
etag
"60a2a0ad-520d6"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGtjcTlA9ibEnG%2F4x0nBQGOKbjESk7e7lcKJgUeBHIol3NYxGTovztL%2Fr5QY5DsVR0NJD826aPDFfqeRGIHo%2BzU3Px4VYtEob9xqUy27lyH%2BeYvViakGBHXxi4l%2BAIEmw00HKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d6ffa8412b-PRG
wap-megan-small.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wap-megan-small.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6abed458bcfd5c4bab5cea2f84ad8fdad9a4488ca5b949f34020f7077053bb0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
42485
last-modified
Mon, 17 May 2021 16:59:00 GMT
Server
cloudflare
etag
"60a2a0d4-a5f5"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5SXyM1n3nr6PtDhrYWmQ9M%2FiljUyJ2I9p1G%2FD2tR%2Bmaj9J5ZvQp2%2FROJsucNbPNm7CVzkWIWeax1jfdw5T6iQBLt38lNY7gDaPavkrsHLHrPjBqXI%2BabP%2BNpPawghyqxrJQMg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d6f9db2790-PRG
wap-katia-small.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wap-katia-small.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
770eb583dc189fa1df3fb6e00e10b75f4b9f041efff69ab4d1748fedeed6fe45

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
44605
last-modified
Mon, 17 May 2021 16:58:57 GMT
Server
cloudflare
etag
"60a2a0d1-ae3d"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PbfIg0e3RP00naOZKpIpdcbURKDi0GGxkFCoB3%2Brcv8erm%2FlCJCiKPbQ0atilhHmb8QeKKFHCK9CUOzZm5PdKoTDwHrAsaCAZJrwb%2Fk%2B5wOfYIz35qmnhgudGJBhlgQ44t712g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d70aa74108-PRG
wap-chrissy-small.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wap-chrissy-small.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13065c081312f094ed752e74f9f9fb71244f4975efdf707f57dddb7b17fa819f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
46067
last-modified
Mon, 17 May 2021 16:58:55 GMT
Server
cloudflare
etag
"60a2a0cf-b3f3"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djfDHSwuHxrgo6L0FzG3D%2FfD4oEzgt3toNrCmJV4tK8N4k58Xp%2BPiKJ6MjgjwCuSU9wam26YnIGXfkjEPKCsVy%2F52CehsxsWxVQ76L1alhFtpsHsD9apM7FiL9mcgB51yfY0NA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d70cb4411f-PRG
wap-arrow-small.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/wap-arrow-small.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58162d2e56333abc255f31af928a0710dd7814898d67b4db3be0d9bd0f811c29

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
33949
last-modified
Mon, 17 May 2021 16:58:52 GMT
Server
cloudflare
etag
"60a2a0cc-849d"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dF7Mw%2BeCC8vXqQa6A4Nfcbr0YU72ykD3LRMdCSa%2BVdnqoU8zLNyI%2FktInz7avnfQREpdOBSe0EpaROI568UQt85qoOQIm6cFsjpoM87OGLs3bvHuKuv%2BjcQlI9qUiGKoyAUNuw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d70dd1f9e6-PRG
stroke-video.jpg
www.spell.theater/clicks/SquirtingSchool2_files/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/stroke-video.jpg
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d967b9f264ca94ba53f9adfd9ab95f39e53382a418a9f739fe67b1404c1788fa

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2802
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length
33552
last-modified
Mon, 17 May 2021 16:58:45 GMT
Server
cloudflare
etag
"60a2a0c5-8310"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9i8Bjjm5iAEchVDGYcKi97pePBsJgmSfNUatw%2FCKYRlQfYGDYu2a9XPUiQVPfSVozBGZBiuhGqGueZuUVx8k38ajkQ4DWRxSNiuTR5CQW6UMf4lv0GNNLQehovA5Dzi0lM2mNA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Accept-Ranges
bytes
CF-RAY
69c6c6d70a3e410d-PRG
blank.htm
www.spell.theater/clicks/SquirtingSchool2_files/ Frame F5C5 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/blank.htm
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4082fbd91490dca29de8a985204a543c3bfd77ba5adcb3062588ded44d7ac64b

Request headers

Host
www.spell.theater
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Accept-Encoding
gzip, deflate
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/sschool2.php?sid=929473&h=

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
last-modified
Mon, 17 May 2021 16:58:21 GMT
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAyEBO2wcWGikmO94%2BhOEWN2amhO6xs7PbHwn3lIkPflvLcG78duLUaf0f8yLfK1AK0ddAclZUxzC5iLFq6bX6AzBhse4nfZPxMjY3OEoiG6NCsAlzZSjfCZbxtLcjvrVIGf6w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
69c6c6d73df7f9e6-PRG
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
g.gif
pixel.wp.com/ 		0
0
g.gif
pixel.wp.com/ 		0
0
collect
stats.g.doubleclick.net/j/ 		2 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-22484186-3&cid=333854784.1633941554&jid=782608542&gjid=1369685567&_gid=94822319.1633941554&_u=YEBAAUAAAAAAAC~&z=1022621831
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.13.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
we-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.spell.theater/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 11 Oct 2021 08:39:13 GMT
content-type
text/plain
access-control-allow-origin
http://www.spell.theater
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
g.gif
pixel.wp.com/ 		50 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=www.spell.theater&ref=&fcp=0&rand=0.09112320545079866
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
HTTP/1.1
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Cache-Control
no-cache
Server
nginx
Connection
keep-alive
Content-Length
50
Content-Type
image/gif
ga-audiences
www.google.com/ads/ 		42 B
522 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-22484186-3&cid=333854784.1633941554&jid=782608542&_u=YEBAAUAAAAAAAC~&z=1686448659
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Oct 2021 08:39:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
inject.css
www.spell.theater/clicks/SquirtingSchool2_files/blank_data/ Frame F5C5 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.spell.theater/clicks/SquirtingSchool2_files/blank_data/inject.css
Requested by
Host: www.spell.theater
URL: http://www.spell.theater/clicks/SquirtingSchool2_files/blank.htm
Protocol
HTTP/1.1
Server
104.21.39.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.spell.theater
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://www.spell.theater/clicks/SquirtingSchool2_files/blank.htm
Cookie
_gcl_au=1.1.459784285.1633941554; _ga=GA1.2.333854784.1633941554; _gid=GA1.2.94822319.1633941554; _gat_gtag_UA_22484186_3=1; _gat_UA-50355398-1=1
Connection
keep-alive
Cache-Control
no-cache
Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/clicks/SquirtingSchool2_files/blank.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Mon, 11 Oct 2021 08:39:13 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2801
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 17 May 2021 16:59:09 GMT
Server
cloudflare
etag
W/"60a2a0dd-f28"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iw99Ae%2F5qej3w6fomBNA3%2F95UvKyCdn6ZG%2FBgN%2BqvVEFLf%2FtrUDtn0QrUYYrmqcehTBkI39oXfr8U%2F%2FAfYzv6kkQghy6pMY4pFNyw%2FG6FGajcpj9BKAE9qZ0WYjc2J8o7s1sCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=14400
CF-RAY
69c6c6d7ce41f9e6-PRG
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&a=1624441580&t=event&ni=1&_s=1&dl=http%3A%2F%2Fwww.spell.theater%2Fclicks%2Fsschool2.php%3Fsid%3D929473%26h%3D&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=25%25&el=http%3A%2F%2Fwww.spell.theater%2Fclicks%2Fsschool2.php%3Fsid%3D929473%26h%3D&_u=aGDACUABBAAAAC~&jid=&gjid=&cid=333854784.1633941554&tid=UA-50355398-1&_gid=94822319.1633941554&gtm=2wg5c1WQK7ZT&z=278070415
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.spell.theater/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Oct 2021 18:08:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
52259
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pixel.wp.com
URL
file://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=&ref=&fcp=7006&rand=0.6457847384272682
Domain
pixel.wp.com
URL
file://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=&ref=&fcp=510&rand=0.5654239798109387

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| gtag object| dataLayer object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga undefined| $ function| jQuery object| gaplugins object| gaGlobal object| gaData function| generateStickyDebounce object| tocplus function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| tve_frontend_options function| _typeof object| ThriveGlobal object| TVE_jQFn object| TCB_Front function| tve_add_http function| tve_is_email function| tve_unserialize object| generatepressMenu object| tve_dash_front object| TVE_Dash undefined| __thrive_$oJ object| wp object| TL_Const object| _stq object| twemoji function| st_go function| linktracker_init object| wpcom object| tcb_autofill number| TCB_PAGE_INDEX

5 Cookies

Domain/Path Name / Value
.spell.theater/ Name: _gcl_au
Value: 1.1.459784285.1633941554
.spell.theater/ Name: _ga
Value: GA1.2.333854784.1633941554
.spell.theater/ Name: _gid
Value: GA1.2.94822319.1633941554
.spell.theater/ Name: _gat_gtag_UA_22484186_3
Value: 1
.spell.theater/ Name: _gat_UA-50355398-1
Value: 1

2 Console Messages

Source Level URL
Text
javascript error URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Message:
Not allowed to load local resource: file://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=&ref=&fcp=7006&rand=0.6457847384272682
javascript error URL: http://www.spell.theater/clicks/sschool2.php?sid=929473&h=
Message:
Not allowed to load local resource: file://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=&ref=&fcp=510&rand=0.5654239798109387

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

p.typekit.net
pixel.wp.com
stats.g.doubleclick.net
use.typekit.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.schoolofsquirt.com
www.spell.theater
pixel.wp.com
104.111.215.74
104.21.39.116
142.250.13.155
142.250.184.228
142.250.185.136
142.250.185.78
172.67.74.99
192.0.76.3
2.16.186.58
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04fb8800b3296be9eaac9ab4f89960b4ef83dd859d987ea02f4d4fedc7f3e8ad
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0cf678c930e404a259cde8363532ab40f706f6e79d568977775d377a40404004
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fcb9630248f525a2dc403f5d88ad721b941306c1540dbed57a9e046b7a6ea6b
127f5d0eaff5cddfb6c2c5c190cc57ada0c2017d64f72c1e9e6a0ecf9cf84b9f
13065c081312f094ed752e74f9f9fb71244f4975efdf707f57dddb7b17fa819f
177b4773b237fa63062f913ed377e24540f843cda864a8d271c5ca083c18a9c6
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
240f5fa2628b642335f10234cfa675c0fdb01df7a9549c6d4c00d4197f945682
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
259ca84f380e0a4a327867ce595dbb02ea8f3fe8ae0e96f902e0051fc44c194c
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b
2e858a3bf02390ad4f8a5db4f1b4b979d96db387f48f1c6069557bc369ee6662
4082fbd91490dca29de8a985204a543c3bfd77ba5adcb3062588ded44d7ac64b
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19
58162d2e56333abc255f31af928a0710dd7814898d67b4db3be0d9bd0f811c29
5b29f10d6e7c79c2f7f11b0abe16a4fb45e29673dababd29a0313d72aeaa90b5
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5ccef01c8b992a66a79e7ee0d1d88303bfd159a77058fc9bd8cef15af49f5aaa
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
69d8acb1d591a05de8ee50e77ce8f6872cc5cdd120125d8aa386eb31ccf98ec8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6da09b4fc38a23e1e5ed617fab5bba5541664cc2f320cc477db9a7f265620368
770eb583dc189fa1df3fb6e00e10b75f4b9f041efff69ab4d1748fedeed6fe45
7a5a099b1cdf060a28dcd4821c3a04849e32b7e6931b6d289d4afc3324d6e15a
7ee7784d217b273bd847dcc83ca3451f76f63cc1b619805dbdb297197bb44eb8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
970d7e7b687bbb122c2418af225ecc6e6d3d39057fcd9f467757462d3064f90d
9911551bfac483efeaad5d4f502eaf6796e61f1776eaeac37e937104e47ec84f
9b531aa01c50f9fdb25ad05635abc3be6d858a42507c6417244d7a64063519f1
a32e4e4f89efe94deae24c57c8f14333bc066f442f4b1d2d325a97b636259022
a8a1bbfcd26f3e8cc4feafcf679e3e7c7e22810287b43e4f9af2170c14999061
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b6abed458bcfd5c4bab5cea2f84ad8fdad9a4488ca5b949f34020f7077053bb0
b991021ae67f0ba966eca14253e6a8012415cf0b20b686533feece87db2ba802
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
cab767b401880e1bff09553abc4dc5eeadf1e2fda4d793f47866784fd7703b7d
ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9
d967b9f264ca94ba53f9adfd9ab95f39e53382a418a9f739fe67b1404c1788fa
daf93f9d7aa7c559bc747315e359e1480c5996668798384a8fa23a81a356c84c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2558f8df90b3370d31e7dac6b5003c9e795c2b52a8db7fa172c4e2ce68ff171
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fc3376166dd200ed0ebecad0338a2a9cefa48f34057fed2b7183cb54ab052f91
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869