poop.media Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://poops.pro/e/unyryyto8yb
Effective URL:
https://poop.media/e/unyryyto8yb
Submission: On December 05 via manual (December 5th 2023, 3:32:24 pm UTC) from ID — Scanned from GB

Summary HTTP 46 Redirects Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 23 domains to perform 46 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is poop.media. The Cisco Umbrella rank of the primary domain is 144583.
TLS certificate: Issued by E1 on December 5th 2023. Valid for: 3 months.

This is the only time poop.media was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	46.250.238.76 46.250.238.76	141995 (CAPL-AS-A...) (CAPL-AS-AP Contabo Asia Private Limited)
4	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	173.233.137.36 173.233.137.36	7979 (SERVERS-COM) (SERVERS-COM)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
5	45.133.44.52 45.133.44.52	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e4:... 2606:4700:e4::ac40:ac20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.90.84.242 157.90.84.242	24940 (HETZNER-AS) (HETZNER-AS)
2 3	2a00:1450:400... 2a00:1450:400c:c0a::54	15169 (GOOGLE) (GOOGLE)
2	94.130.198.6 94.130.198.6	24940 (HETZNER-AS) (HETZNER-AS)
8	2a01:4f8:e0:1... 2a01:4f8:e0:19cb::1	24940 (HETZNER-AS) (HETZNER-AS)
1	2a01:4f8:c0:2... 2a01:4f8:c0:2306::1	24940 (HETZNER-AS) (HETZNER-AS)
1	172.255.103.72 172.255.103.72	7979 (SERVERS-COM) (SERVERS-COM)
6	78.47.199.206 78.47.199.206	24940 (HETZNER-AS) (HETZNER-AS)
1 1	188.114.97.9 188.114.97.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:b016	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.109.87.48 23.109.87.48	7979 (SERVERS-COM) (SERVERS-COM)
1	2606:4700:20:... 2606:4700:20::ac43:46be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
46	20

5 46.250.238.76 (London, United Kingdom) 1 redirects

ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG)
PTR: vmi1540198.contaboserver.net

poops.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrolagu.cam	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

poop.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
berlagu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.233.137.36 (United States)

ASN7979 (SERVERS-COM, US)

itseagleswig.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

6a1d032c40.b65415fde6.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f7642e332d.6771600c3f.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:ac20 (United States)

ASN13335 (CLOUDFLARENET, US)

storage.multstorage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.84.242 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.84.90.157.clients.your-server.de

fp.metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0a::54 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.130.198.6 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.6.198.130.94.clients.your-server.de

nereserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a01:4f8:e0:19cb::1 (Germany)

ASN24940 (HETZNER-AS, DE)

433bb3d20f.6542309b8a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:c0:2306::1 (Germany)

ASN24940 (HETZNER-AS, DE)

mcpuwpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.255.103.72 (Netherlands)

ASN7979 (SERVERS-COM, US)

wakenssponged.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 78.47.199.206 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.206.199.47.78.clients.your-server.de

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.9 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pisism.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

xpdep.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:b016 (United States)

ASN13335 (CLOUDFLARENET, US)

xkdzj.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.87.48 (Netherlands)

ASN7979 (SERVERS-COM, US)

fikedaquabib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:46be (United States)

ASN13335 (CLOUDFLARENET, US)

img.doodcdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	6542309b8a.com 433bb3d20f.6542309b8a.com	10 KB
6	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 40045	6 KB
4	metrolagu.cam metrolagu.cam — Cisco Umbrella Rank: 157566	3 KB
4	b65415fde6.com 6a1d032c40.b65415fde6.com	205 KB
3	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 23	2 KB
3	berlagu.com berlagu.com — Cisco Umbrella Rank: 198086	2 KB
2	nereserv.com nereserv.com — Cisco Umbrella Rank: 38773	401 B
2	metricswpsh.com fp.metricswpsh.com — Cisco Umbrella Rank: 41404	428 B
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2189	304 B
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	65 KB
1	doodcdn.co img.doodcdn.co — Cisco Umbrella Rank: 41132	31 KB
1	fikedaquabib.com fikedaquabib.com — Cisco Umbrella Rank: 155707	1 KB
1	xkdzj.top xkdzj.top	220 KB
1	xpdep.top xpdep.top	109 KB
1	pisism.com 1 redirects pisism.com — Cisco Umbrella Rank: 56118	441 B
1	wakenssponged.com wakenssponged.com — Cisco Umbrella Rank: 163519	1 KB
1	mcpuwpsh.com mcpuwpsh.com — Cisco Umbrella Rank: 52970	4 KB
1	6771600c3f.com f7642e332d.6771600c3f.com	207 B
1	multstorage.com storage.multstorage.com — Cisco Umbrella Rank: 34059	905 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	91 KB
1	itseagleswig.com itseagleswig.com — Cisco Umbrella Rank: 157561
1	poop.media poop.media — Cisco Umbrella Rank: 144583	4 KB
1	poops.pro 1 redirects poops.pro — Cisco Umbrella Rank: 476279	117 B
46	23

	Domain	Requested by
8	433bb3d20f.6542309b8a.com	6a1d032c40.b65415fde6.com poop.media
6	static.bookmsg.com	poop.media 6a1d032c40.b65415fde6.com
4	metrolagu.cam	berlagu.com metrolagu.cam
4	6a1d032c40.b65415fde6.com	poop.media 6a1d032c40.b65415fde6.com
3	accounts.google.com	2 redirects poop.media
3	berlagu.com	poop.media berlagu.com
2	nereserv.com	6a1d032c40.b65415fde6.com
2	fp.metricswpsh.com	6a1d032c40.b65415fde6.com
2	region1.google-analytics.com	www.googletagmanager.com
2	code.jquery.com	poop.media metrolagu.cam
1	img.doodcdn.co	metrolagu.cam
1	fikedaquabib.com	metrolagu.cam
1	xkdzj.top	poop.media
1	xpdep.top	poop.media
1	pisism.com	1 redirects
1	wakenssponged.com	berlagu.com
1	mcpuwpsh.com	6a1d032c40.b65415fde6.com
1	f7642e332d.6771600c3f.com	6a1d032c40.b65415fde6.com
1	storage.multstorage.com	6a1d032c40.b65415fde6.com
1	www.googletagmanager.com	poop.media
1	itseagleswig.com	poop.media
1	poop.media
1	poops.pro	1 redirects
46	23

This site contains no links.

Subject Issuer	Validity	Valid
poop.media E1	`2023-12-05` - `2024-03-04`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
itseagleswig.com R3	`2023-11-10` - `2024-02-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
berlagu.com GTS CA 1P5	`2023-11-05` - `2024-02-03`	3 months	crt.sh
6a1d032c40.b65415fde6.com R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
multstorage.com GTS CA 1P5	`2023-11-20` - `2024-02-18`	3 months	crt.sh
f7642e332d.6771600c3f.com R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
notification.tubecup.net R3	`2023-11-09` - `2024-02-07`	3 months	crt.sh
6542309b8a.com R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
puwpush.com R3	`2023-10-11` - `2024-01-09`	3 months	crt.sh
wakenssponged.com R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh
www.metrolagu.cam R3	`2023-10-22` - `2024-01-20`	3 months	crt.sh
bookmsg.com R3	`2023-11-11` - `2024-02-09`	3 months	crt.sh
xkdzj.top GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
fikedaquabib.com R3	`2023-11-11` - `2024-02-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-12` - `2024-02-11`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://poop.media/e/unyryyto8yb
Frame ID: E6995E03652D7AAD5A5502449B812F5E
Requests: 27 HTTP requests in this frame

Frame: https://berlagu.com/media/7znlwPQtqwM
Frame ID: B72B093B99EE6E651A11881660E50E37
Requests: 4 HTTP requests in this frame

Frame: https://storage.multstorage.com/log/count.html
Frame ID: D23D859484FFE1C25E33F5F0E43220C5
Requests: 1 HTTP requests in this frame

Frame: https://metrolagu.cam/video?q=bohongi+hati
Frame ID: 5658C36750FEA23AFB77AFCBD36A54DB
Requests: 7 HTTP requests in this frame

Frame: https://xpdep.top/images/campaigns/creativity-2459804-16938804843321.png
Frame ID: EDC8A18E2535068CEC73A431DFEAF8C9
Requests: 2 HTTP requests in this frame

Frame: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Frame ID: 20E6D33B1103E7288F832326561801FF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ngintip cwe cantik kos mandi si kameraman geter geter - DoodStream - DoodStream - DoodStream - PoopHD

Page URL History Show full URLs

https://poops.pro/e/unyryyto8yb HTTP 302
https://poop.media/e/unyryyto8yb Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

46
Requests

93 %
HTTPS

55 %
IPv6

23
Domains

23
Subdomains

20
IPs

5
Countries

754 kB
Transfer

1699 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://poops.pro/e/unyryyto8yb HTTP 302
https://poop.media/e/unyryyto8yb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2WK-rvWN_TRm8E9OjHt4VjMy2tSpee05b9f09N0byZEDctLwHBHQy8EM1sgL4lJttIFfU6qA HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YcFDC3ehwoi9eQgWyjez5L0whQ0CW2ymfiX8BnkDXF2cxSpLk_73sKH-fgJ9-RQjY2BI_JQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703624984%3A1701790338684154&theme=glif

Request Chain 29

https://pisism.com/d?bidId=push_20231205153218_8307cd42_b07b_4fb9_b96e_6393d9d2c8fe&offerId=553178&feedId=2513&data=3cb3RvQHdudG50bjBtdXFLPz5BQktGSjyJfY9XS0pNT1BGloNgcZSgkJSVi1phW15PWIiboZikrapYh45bMTEwMz8lXXB2Pz5GLIVEQzkxU4OEgXtufXtlhJBMU1JXT1VZRE1xb3x2dldMmZealVF5mJegpWBYfKKtb25nMjU2PzU4N0A7QEI8QElKMmZ1e3eJgUhPTlNLUVVGipJgVlZdVVlcYlldZmRdYWFoWaCWpJ51nqhoR0MuaHJAd0Q4N0Mxf3yDgXN2T0pHSUdPT1BQQYWBW4.VlIqCVlVYWllbWmBdYmFhYWmRa2dlbZqcbWyaYjE5ZWM5bGlBaGxEQnJtRUNKRXdNeUh6UH9-QZF.hVxQR4WMiGJYW11iYltgU5SYlG5kaGVoXKahnXdwNTQzOjwrb2pFOHN4bXRzgj90c4CEdn9.hoxJfo6Cf5OJl4uXnVJYW11iYltgWl9laWRqa2RpbmtrbGxsLnFwaip0dnt1Rnh6enI0c3Z6dlA6h3t9fYt-jVmFkpOQlFxSU5mJl52LlpSflZOhXpShoFqoq5mrnKykYmZ0Ym1pQzo-OkNCRD9HREI_&ip=217.138.196.106&ds=1&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=132bac0f-37f3-4037-b550-c6e27eb3acac HTTP 302
https://xpdep.top/images/campaigns/creativity-2459804-16938804843321.png

46 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request unyryyto8yb Show response
poop.media/e/
Redirect Chain

https://poops.pro/e/unyryyto8yb
https://poop.media/e/unyryyto8yb

8 KB
4 KB

313ms
211ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87d973b2efe652fef2316ccee965a3fe1a691ed07a935de708fdeb8059e5f5e9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600
cf-cache-status: HIT
cf-ray: 830d57452ddd63ed-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 15:32:17 GMT
last-modified: Tue, 05 Dec 2023 15:05:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mit2j5W0v1IhwR2FKtwEpZsoNoZK5h%2FbTb8UnCy8FY62uql%2BGQqQE2wBJ1rjb3P%2FjQA1PtmZFRNTbBM7e7bCXK31HB6DSPWbNNAp4w3LgzDACwlZkorAGnXAPgOc%2F3GsHQ8ET%2FFhCTca"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

content-length: 138
content-type: text/html
date: Tue, 05 Dec 2023 15:32:16 GMT
location: https://poop.media/e/unyryyto8yb
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 jquery-latest.min.js Show response
code.jquery.com/ 94 KB
33 KB 78ms
25ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-latest.min.js
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:17 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6988136
x-cache: HIT, HIT
content-length: 33202
x-served-by: cache-lga21983-LGA, cache-man4147-MAN
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701790337.365942,VS0,VE0
etag: W/"28feccc0-1762a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 11, 76851

GET
H/1.1 403
Forbidden 8613dda341d2145537903a4d9729dfc5.js
itseagleswig.com/86/13/dd/ 0
0 800ms
199ms Script
application/javascript 173.233.137.36
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.233.137.36 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Tue, 05 Dec 2023 15:32:18 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
91 KB 150ms
58ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

Requested by

Host: poop.media
URL: https://poop.media/e/unyryyto8yb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a53bb3deb38142868f2947a24b09955af34b1f914000c89d64314e80a37db8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93139
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Dec 2023 15:32:17 GMT

GET
H2 200 unyryyto8yb Show response
berlagu.com/jembud/ Frame B72B 228 B
599 B 531ms
441ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://berlagu.com/jembud/unyryyto8yb
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69c0d5d7c3fb548ed45161ffec034f92f1e1ac51141f509fe9870962772e9137

Request headers

Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 830d574dca9d7732-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 15:32:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrJubhmruS1G%2FxF7Nxplz4M7ACOm9XmMX%2Fa71COvdkspwBs1YLeURRP0pmWunom8oYH1KVO6OQsdJalaQzC6GuINv0ICiw97A4lQVvV4jbXpcwUZzFwNjlc5vshbEjmoAs%2FyTr6gjY2BGw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 c1c4fab3e4d825cf95ab773a3377267d.js Show response
6a1d032c40.b65415fde6.com/ 145 KB
42 KB 129ms
36ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 03655cfaf82852add204f416745a4a02509d6f8a6f2ebecd446dbf425863dead

Request headers

Referer: https://poop.media/
Origin: https://poop.media
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Tue, 05 Dec 2023 15:37:18 GMT
date: Tue, 05 Dec 2023 15:32:18 GMT
content-encoding: gzip
last-modified: Tue, 05 Dec 2023 11:14:29 GMT
server: nginx/1.18.0
etag: W/"656f0615-244d1"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 110ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RRBBHD087X&gtm=45je3bt0v9167878827&_p=1701790338106&gcd=11l1l1l1l1&dma=0&cid=1257803865.1701790338&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701790338&sct=1&seg=0&dl=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&dt=ngintip%20cwe%20cantik%20kos%20mandi%20si%20kameraman%20geter%20geter%20-%20DoodStream%20-%20DoodStream%20-%20DoodStream%20-%20PoopHD&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2219
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://poop.media
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 114039 Show response
6a1d032c40.b65415fde6.com/967d3c45ff4a9939f9dee02451b1c450/ 3 KB
3 KB 41ms
41ms XHR
application/json 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://6a1d032c40.b65415fde6.com/967d3c45ff4a9939f9dee02451b1c450/114039?version_name=c
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: a36684e5659980260a7841dba0614d681ee97905ef3f082051bd7903f49ba3e7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 05 Dec 2023 15:32:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
server: nginx/1.18.0
content-type: application/json
expires: Tue, 05 Dec 2023 15:37:18 GMT

GET
H2 200 count.html Show response
storage.multstorage.com/log/ Frame D23D 882 B
905 B 140ms
55ms Document
text/html 2606:4700:e4::ac40:ac20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.multstorage.com/log/count.html
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ac20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

Request headers

Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 830d574f7ae56389-LHR
content-encoding: br
content-type: text/html
date: Tue, 05 Dec 2023 15:32:18 GMT
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pj0HIkjrkJU%2FZm6Fx8MiqRxDgjJuvwMtPwtRZpimq0EMre7lBNoUJJo9mRpQxYINx0lYtq%2F0Acj%2BD236tNsAKlvcOBfJeqdA0Scq0rie4ut5ooHyoQHpa%2F9WnEJ2KB0x%2BgVGH%2FwxdDg9sj8rrUQVLR6dBDQbgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-request-id: bca5180ff20b80d3aa599669f5b7fad1

GET
H2 200 track Show response
f7642e332d.6771600c3f.com/in/ 0
207 B 177ms
84ms XHR
text/plain 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://f7642e332d.6771600c3f.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI0MzI1MzI1MTk3OTE2NTI4NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTQuMCIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjE2MDB4MTIwMCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiRXVyb3BlL0xvbmRvbiIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjA2LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJuZ2ludGlwJTJDY3dlJTJDY2FudGlrJTJDa29zJTJDbWFuZGklMkNzaSUyQ2thbWVyYW1hbiUyQ2dldGVyJTJDZ2V0ZXIlMkNEb29kU3RyZWFtJTJDRG9vZFN0cmVhbSUyQ0Rvb2RTdHJlYW0lMkNQb29wSEQifQ==
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:18 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 06db77dc272219cb0cfe547b80e73116.js Show response
6a1d032c40.b65415fde6.com/ 90 KB
26 KB 108ms
36ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://6a1d032c40.b65415fde6.com/06db77dc272219cb0cfe547b80e73116.js
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 5ed409ded92c58ead1b59c48a9022b6972416b224c017c184e59198a5f570b59

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Tue, 05 Dec 2023 15:37:18 GMT
date: Tue, 05 Dec 2023 15:32:18 GMT
content-encoding: gzip
last-modified: Tue, 05 Dec 2023 10:47:13 GMT
server: nginx/1.18.0
etag: W/"656effb1-1698f"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 e9888d79e7fb4bee037592776d9d7dd4.js Show response
6a1d032c40.b65415fde6.com/ 541 KB
133 KB 165ms
93ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 25ab37f5254eae1598cd8d0bd1017f7a32d421a1a2b3418aa41589eb5e993efd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Tue, 05 Dec 2023 15:37:18 GMT
date: Tue, 05 Dec 2023 15:32:18 GMT
content-encoding: gzip
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
server: nginx/1.18.0
etag: W/"6568599a-8746e"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

POST
H/1.1 200
OK fp Show response
fp.metricswpsh.com/ 58 B
428 B 143ms
48ms XHR
application/json 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=114039
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/c1c4fab3e4d825cf95ab773a3377267d.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: c5fa5ba9b1b976166cd82c7e2ce809bf48785f67b318c20bed3462a34c42ba2f

Request headers

Referer: https://poop.media/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Tue, 05 Dec 2023 15:32:18 GMT
Server: nginx/1.20.1
Vary: Origin
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 58

OPTIONS
H/1.1 204
No Content fp
fp.metricswpsh.com/ Frame 0
0 173ms
49ms Preflight 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=114039
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.media
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Connection: keep-alive
Date: Tue, 05 Dec 2023 15:32:18 GMT
Server: nginx/1.20.1
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2WK-rvWN_TRm8E9OjHt4VjMy2tSpee05b9f09N0byZEDctLwHBHQy8E...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YcFDC3ehwoi9eQgWyjez5L0whQ0CW2ymfiX8BnkDXF2cxSpLk_73sKH-fgJ9-RQjY2BI_JQ&passive...

0
0

50ms
50ms

Image
text/html

2a00:1450:400c:c0a::54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YcFDC3ehwoi9eQgWyjez5L0whQ0CW2ymfiX8BnkDXF2cxSpLk_73sKH-fgJ9-RQjY2BI_JQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703624984%3A1701790338684154&theme=glif
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Server: 2a00:1450:400c:c0a::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 Dec 2023 15:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-9f0IZs-kT2rQ53JGt3096w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 403
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YcFDC3ehwoi9eQgWyjez5L0whQ0CW2ymfiX8BnkDXF2cxSpLk_73sKH-fgJ9-RQjY2BI_JQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703624984%3A1701790338684154&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 4cff8516-3a0a-415f-bd75-a019245d285b
https://poop.media/ 204 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://poop.media/4cff8516-3a0a-415f-bd75-a019245d285b
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 270fb9f71a35c9aac351e9fb4c18d5d8e7d2d40488bfc802b5bae62d3b133bee

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length: 204
Content-Type: text/javascript

GET
H2 200 dip Show response
nereserv.com/in/ 0
201 B 167ms
62ms XHR
text/plain 94.130.198.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?site=native-push&wl=1&event_id=433565c3-dcc4-4710-a4f6-f198836924b7&subid=357529620&sid=2072906018&spot_id=418774&created_at=2023-12-05&timezone=0&ver=8.121.0&is_native=1
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.130.198.6 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.198.130.94.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:18 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

POST
H2 200 multy Show response
433bb3d20f.6542309b8a.com/in/ 37 KB
4 KB 1151ms
1151ms XHR
application/json 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://433bb3d20f.6542309b8a.com/in/multy
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 19371c06ebd0fe7219c6869df21bd3ea72930dc81f36fc9db4028be625020a9c

Request headers

Referer: https://poop.media/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
content-encoding: gzip
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 3363

GET
H2 200 dip Show response
nereserv.com/in/ 0
200 B 170ms
65ms XHR
text/plain 94.130.198.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?site=native-push&wl=1&event_id=38e820d8-c0ca-49d1-9405-638f672b224b&subid=388464194&sid=3719782952&spot_id=418776&created_at=2023-12-05&timezone=0&ver=8.121.0&is_native=1
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.130.198.6 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.198.130.94.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:18 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

POST
H2 200 multy Show response
433bb3d20f.6542309b8a.com/in/ 40 KB
5 KB 831ms
830ms XHR
application/json 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://433bb3d20f.6542309b8a.com/in/multy
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 407450afd189ccd09d0eaa5981d237b7aa93ee93c92cf3910f60745314d1457d

Request headers

Referer: https://poop.media/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
content-encoding: gzip
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 5234

OPTIONS
H2 204 multy
433bb3d20f.6542309b8a.com/in/ Frame 0
0 177ms
50ms Preflight 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://433bb3d20f.6542309b8a.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.media
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Tue, 05 Dec 2023 15:32:18 GMT
pragma: no-cache
server: nginx/1.18.0
vary: Origin

OPTIONS
H2 204 multy
433bb3d20f.6542309b8a.com/in/ Frame 0
0 180ms
53ms Preflight 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://433bb3d20f.6542309b8a.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.media
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Tue, 05 Dec 2023 15:32:18 GMT
pragma: no-cache
server: nginx/1.18.0
vary: Origin

POST
H2 200 7znlwPQtqwM Show response
berlagu.com/media/ Frame B72B 640 B
609 B 236ms
236ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://berlagu.com/media/7znlwPQtqwM
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15bbdc749ff4fd0b5f5fd6fb9ce8f78fdbef077a235f34f9dbadb97e3c464f3b

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://berlagu.com
Referer: https://berlagu.com/jembud/unyryyto8yb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 830d57509f797732-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 15:32:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPgbDs3BAD80Z%2FfJPx9LVj4W1YoYsrhz8ItjAg1aG24DR0ymoarpx5oZjbymWO7tIz555lS7bK8ukZlaYlS7lX%2F%2B%2BbQPaA751k1CmgkKD6pOHFztvrbLPlFt9%2FC9iOqOWngD7Hd26grRNg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

POST
H2 200 / Show response
mcpuwpsh.com/get/ 4 KB
4 KB 537ms
430ms Fetch
application/json 2a01:4f8:c0:2306::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mcpuwpsh.com/get/
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/06db77dc272219cb0cfe547b80e73116.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2306::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 14deed91bde7b9d3d16d0b46176c181bdfe048f63da69ea7b4bf574ec5289a27

Request headers

Referer: https://poop.media/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
server: nginx/1.16.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 4130

GET
H3 200 embed.css
berlagu.com/ Frame B72B 1 KB
870 B 42ms
41ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://berlagu.com/embed.css
Requested by: Host: berlagu.com
URL: https://berlagu.com/media/7znlwPQtqwM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://berlagu.com/media/7znlwPQtqwM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:18 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Nov 2023 14:04:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 23008
etag: W/"655cb90b-446"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cpIEXqPrMLzkoIhevHctdGhCAix2jNN1CItcV5MK6hwoGWYFH31cDiixPtwj1vehM4BTKJUC4bFyWb85aJ%2BgoeoRJjyLh3F4CNNs%2FiS2J%2FiRc0755rZwtK62QZBSNmi1LZf%2F0TazU0OAxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 830d57521c3f413b-LHR
alt-svc: h3=":443"; ma=86400
expires: Tue, 05 Dec 2023 21:08:50 GMT

GET
H/1.1 200
OK 65101 Show response
wakenssponged.com/rizdGR8ExUj7Bb6T/ Frame B72B 0
1 KB 328ms
73ms Script
application/javascript 172.255.103.72
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://wakenssponged.com/rizdGR8ExUj7Bb6T/65101

Requested by

Host: berlagu.com
URL: https://berlagu.com/media/7znlwPQtqwM

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

172.255.103.72 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://berlagu.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Tue, 05 Dec 2023 15:32:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: https://berlagu.com
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

GET
H2 200 unyryyto8yb Show response
metrolagu.cam/jembud/ Frame 5658 232 B
317 B 1045ms
353ms Document
text/html 46.250.238.76
CAPL-AS-AP Contab...

General

Check archive.org

Show headers Download Go to

Full URL

https://metrolagu.cam/jembud/unyryyto8yb

Requested by

Host: berlagu.com
URL: https://berlagu.com/media/7znlwPQtqwM

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.250.238.76 London, United Kingdom, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),

Reverse DNS

vmi1540198.contaboserver.net

Software

nginx /

Resource Hash

38b43a2c933caeaae9c513390097df938dc06e302a1f6c7d78a7503964f00f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://berlagu.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 15:32:19 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
947 B 159ms
47ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=746e502e-55da-4908-84c0-2c7148604b4b
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
948 B 158ms
46ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 /
433bb3d20f.6542309b8a.com/in/show/ 0
201 B 147ms
52ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://433bb3d20f.6542309b8a.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&refdom=poop.media&auction_time=1701790338&subid=388464194&sid=3719782952&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-05&iabcat=IAB25-3&keywords=&user_fp=11254069022125629296&score=76.81398610047412&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fe%252Funyryyto8yb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F746%2Fm2wuuqo2xr7fvofrqpji3lgjwktuk55ts27pfdgfzn5hqz32nj7gieduafrcp36p6x6u4kqczm32oxpmk2pi44wsgogoc6xiohfo5rxm2c27l2evnsbesimqipxhzvsmkkwfnl4d27om7dmnq6xxdotpvkppf5nut2ejfnkj2zfirl5dy5fmqrsv5fzxojlqyjyfbhlsq6riuumajfejc5lmwjff5scbyd5jotgqi6ojfd3xuiy6bf675v5zq3kcqdfeqqfzosk6zcxji6rhbrzuuvnulj2aod2wnmhxz7jvnycon7sgqsd2pziumwttpbsxw6sammchq3trmbyuotkrabcudscuogiguq3n2vfogyevnfenawvyizzkwmsf3bavns3uohzdo46spxflvi5ijj7m6scbvw542skyr2rgs22sczsqatrxqn5b3czv3jz4xxtz7jxzxe2xunenf6lewbexkkzmauyq46lkejrcmrcfaziuiqq5mvbswx3wbjtxglcsiahhe4lbfj2rbuzujtieng4p2f3pumdgz55epr43k2bw5uxdwjm2e32576dxbmtrtwr3vhv2ugi2k3uaghnhaebeaq5b27cdp4xsaequai6c2jbge4dsiwj7gmttqliscajemxarc46v6iyaeiesqzjzbedvekjbgj2sccrvia6gan3ef4bbivaejiorijaveilcwvjyfz6vqdy6f4vsao3eca7v6lrtdm7cotawbrcbassmmilh6c3tlq2cq72rcjmhsklhpasei22tpzxso332iylvkukuceedgtl2ib3fyylzn4abgmrdfrvx46sbmybxsydce4xraaieluab6rihheccucj3anwtucadbakscmtvonagidtzmfywo4kaiznaer2ljj3agpymdegtoltukfiq4kzfeyuswfb5nesdy6laojeuivakkqiaupyhheftiuitamns4orinqqskod7hzqqe6tyaerdchqfa4kbmfyohejs6uycbersapioa5fssijcgf7t4msyfyyccjbxcqduixqtdqpskejnbn5qspsro5vx2xt5pfxx66sbnibx6shs7su23sefu6x3q6ii6d3md6lggdyo7nfesg23pknximnverwn3dannq5iw7rbecuauk5o35uu3snqs2ktnhxwcuc2hy6dma3jdfrcqkzygnprqb2wdmjuoyezjvdeixgsz32mu4kxp5afouhr7vnbnefhin5bcohi3ad7lmjknjeuu3sgfr5oegw6g2nweffzhands3d6leefap2xabv6pwjdzjtikty%3D%3Fu%3D&icons=pQqfFSG2QIeklIiOqeuY0QcOQMtHYWPGXeZ1Z8eThzOCQk06LYmxoFD9TWiel4b8Yg6_yXnj5N9Kz3ssp4yZzGS_i35nJX5w_oqi6bZbDeeL0eqZRBoaIMZXFrxlvb3AZV4EU-yeS_9PHQMS9fgFXE512znfMyH5mUIfafAjpekfCreFWA&ext_cid=0&px_id=31418776&min_cpm=0.0487465259526559&out_id=1&campaign_type=lq-pop&aid=412&cid=2766&uniq=&mid=4496198447632212825&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.047494710967230756&cpm=0&verify_hash=9c04678bfe72b5f897fe76f26ec1e64e&is_native=2&real_bid=0.0007407549697905776&original_bid_usd=0.0007901386344432829&original_bid=0.0007901386344432829&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F119.0.6045.199%20Safari%2F537.36&ip_mismatch=2001:ac8:21:e::6&geo=GB&carrier=-&label_ids=0,4,89,27,93,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1701876738&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.0007901386344432829&hostname=auc-inpage-hz-7-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/London&topics=&historical_keywords=&pop_cpc=0.0000007901386344432829&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=801c7f10-d681-4f60-9224-f3d44dafc370
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

creativity-2459804-16938804843321.png
xpdep.top/images/campaigns/ Frame EDC8
Redirect Chain

https://pisism.com/d?bidId=push_20231205153218_8307cd42_b07b_4fb9_b96e_6393d9d2c8fe&offerId=553178&feedId=2513&data=3cb3RvQHdudG50bjBtdXFLPz5BQktGSjyJfY9XS0pNT1BGloNgcZSgkJSVi1phW15PWIiboZikrapYh45...
https://xpdep.top/images/campaigns/creativity-2459804-16938804843321.png

109 KB
109 KB

139ms
40ms

Image
image/png

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xpdep.top/images/campaigns/creativity-2459804-16938804843321.png
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa7f2ebcdaad807908384505799c2dec8606fe4f0138a985b01991b714bc1cb2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 951
age: 622696
cdn-cachedat: 11/26/2023 03:28:57
cdn-pullzone: 283898
alt-svc: h3=":443"; ma=86400
content-length: 111236
last-modified: Tue, 05 Sep 2023 02:21:24 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: "64f690a4-1b284"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrYpK0uRPrpy8AOGx8MtjJhnihUnPE119hWJBdIaAlRyWzk6TNlRANiu%2Biqlwa3%2FNSJy0yKvBU5V8VBNjID00tVnSrH4ESvEXmy71aBeWCNZjFGVNoi5Cxbxq6XPru4mI1Ik3e8Ro%2B0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cdn-cache: HIT
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cache-control: public, max-age=31919000
cdn-requestid: 427fc344d426d60509583080d2265bf3
accept-ranges: bytes
cf-ray: 830d57588c62642b-LHR
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

Redirect headers

date: Tue, 05 Dec 2023 15:32:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9WzD6IS%2FQxQkrwKEq1M0YmWbwMX%2FulaIDtVDMNE0RJVUBmQnr4RZZgt%2B0U6D3rJ2ImvV%2FhNgcfrk4A2s03NruWMiovYTDpQeU4HL%2BlsamdUBHgygD0OOJGtQUZ%2Bj"}],"group":"cf-nel","max_age":604800}
location: https://xpdep.top/images/campaigns/creativity-2459804-16938804843321.png
cf-ray: 830d57578e0548c8-LHR
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
433bb3d20f.6542309b8a.com/in/show/ 0
200 B 141ms
53ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://433bb3d20f.6542309b8a.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&refdom=poop.media&auction_time=1701790338&subid=388464194&sid=3719782952&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-05&iabcat=IAB25-3&keywords=&user_fp=11254069022125629296&score=76.81398610047412&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fe%252Funyryyto8yb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=12&crtid=97678fd2489108899a6cc7152ae50b87&url=https%3A%2F%2Fpisism.com%2Fc%3FbidId%3Dpush_20231205153218_8307cd42_b07b_4fb9_b96e_6393d9d2c8fe%26feedId%3D2513%26offerId%3D553178%26data%3D3cb3RvQHdudG50bjBtdXFLPz5BQktGSjyJfY9XS0pNT1BGloNgcZSgkJSVi1phW15PWIiboZikrapYh45bMTEwMz8lXXB2Pz5GLIVEQzkxU4OEgXtufXtlhJBMU1JXT1VZRE1xb3x2dldMmZealVF5mJegpWBYfKKtb25nMjU2PzU4N0A7QEI8QElKMmZ1e3eJgUhPTlNLUVVGipJgVlZdVVlcYlldZmRdYWFoWaCWpJ51nqhoR0MuaHJAd0Q4N0Mxf3yDgXN2T0pHSUdPT1BQQYWBW4.VlIqCVlVYWllbWmBdYmFhYWmRa2dlbZqcbWyaYjE5ZWM5bGlBaGxEQnJtRUNKRXdNeUh6UH9-QZF.hVxQR4WMiGJYW11iYltgU5SYlG5kaGVoXKahnXdwNTQzOjwrb2pFOHN4bXRzgj90c4CEdn9.hoxJfo6Cf5OJl4uXnVJYW11iYltgWl9laWRqa2RpbmtrbGxsLnFwaip0dnt1Rnh6enI0c3Z6dlA6h3t9fYt-jVmFkpOQlFxSU5mJl52LlpSflZOhXpShoFqoq5mrnKykYmZ0Ym1pQzo-OkNCRD9HREI_%26ds%3D1&icons=WpRWyFpU1cE4TkZkrwNVLtry3mg8vl3W3STIil5hgSORV_qvsCysvgDBh7pB20Yy0aWXJL8SdabcRupy1C8hoMHcLE95NO8PWDmLz3tpzdwSzmUy6LBdyE47f12rBQpzf7mIxM1TpGRIRYU7SeCfz-9vKT2W1dsJdUCHntOB5u1_XaQNeLuhci16VqMaTJ6uFyheo3b5yibSmpvzGrrsKb9VOxv5NvOW6IVy9gQQggG1ZNeN9Q5AGDI2-H_QxRwxkOLh28csKgE_J8ZA2tA7SiwL-rhrrtBYINfDX8EFqkyeFwOIRs-mOUS9g5nT-yP05VZc_YyL9rIwk6RySFN7QVUPcSuabXGSrffMAVeKTeaqFAe-cpeaBvTEBDLLFHH4E4p_wfTDo-U_Hqc3oz2GWwCLmD1hdNxxpm-uG5dHkz39SfFXsgzAuBNyL5NMoZiiHq6IRgusccFLm7BODPiMvmI2fLFHzfq3TOPJy_H5vKRF7_YSYAPy9aCrM6OFXWWAx0jSfPIxbtvkv8n-iU7-JBSqFP0SjaopcZbWBe4WBC80J5c6_USjRvJYC9CuRuUw4oqL5ayU9Ph-z9xy3o4upev1WPUpK0BzHH3bWFzMaRE4j3sNucGZ-A5e8BaarIm5FqPsIbYclD7gZJD_Iew84pS5JxjoUDC_2lCXoRJh-GSE45n2aMxa_pc5vF4afcS-eZObSJWON01yHNqxecMv8eG-4YA_MGtKEuOIDGBr9WvV75CFUhtnWzq2fWtyEfWPvAJg3aFj1ZUSuj_SzJjh1zTR0dO3aPSZtykZKos58MWq2p9GvBrjJox_zdyHF9RLmC-Y9NNmNmQtEj8SAqzrBHjTIWT7b2W3VtSxmsWVXxkC1eIQH6_rl2XN8E4clGVCmlh1HupAwkscmxV74IAy2htQhAkKpPCKmJKYEyYbsSZ4qzAIC2rpaYPHmhiVHFyzENYZK8jXFmHgDyueKDNpWkJ-hr8bJ_RHjrIVbOSuzWfL62-Kehl6WofutXVvvA&ext_cid=0&px_id=73418776&min_cpm=0.0014433308880399372&out_id=0&campaign_type=hq&aid=255&cid=11833&uniq=&mid=4496198447632212825&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.015661987015726443&cpm=0&verify_hash=531da7f3a96aa651cb5bf7bbaa008fa5&is_native=1&real_bid=0.00825&original_bid_usd=0.00825&original_bid=0.00825&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F119.0.6045.199%20Safari%2F537.36&ip_mismatch=2001:ac8:21:e::6&geo=GB&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1701876738&image_url=https%3A%2F%2Fxkdzj.top%2Fimages%2Fcampaigns%2Fcreativity-image-2459804-16938804843321.png&site=native-push-adult&price=0.00825&hostname=auc-inpage-hz-7-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/London&topics=&historical_keywords=&pop_cpc=0.00000825&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=279c8a5f-de96-4b2f-9a01-b4234a2668c3
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 creativity-image-2459804-16938804843321.png
xkdzj.top/images/campaigns/ Frame EDC8 219 KB
220 KB 138ms
41ms Image
image/png 2606:4700:3037::ac43:b016
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xkdzj.top/images/campaigns/creativity-image-2459804-16938804843321.png
Requested by: Host: poop.media
URL: https://poop.media/e/unyryyto8yb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:b016 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c80841e32c0d034754d70fc5cafb258b79a76260ab97ab6f7f0dbbb450ef4217

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 951
age: 1272039
cdn-cachedat: 11/20/2023 22:00:04
cdn-pullzone: 283898
alt-svc: h3=":443"; ma=86400
content-length: 224031
last-modified: Tue, 05 Sep 2023 02:21:25 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: "64f690a5-36b1f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKAjK9lZQp83Nfgpqw%2BkVnUYQkl6EcMGE7w%2Bvara7As2sWrWvX20V8mTdi1NNvpSswZ2LGB4JjDngmYgzfImJ1si9q4ziBj0zgBmkgh8pseRVO4ZcRpZwyMNj6e6n0%2FivNqHzRD%2FQH0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cdn-cache: HIT
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cache-control: public, max-age=31919000
cdn-requestid: d230dee63aeed01f35e4b87d4bc33691
accept-ranges: bytes
cf-ray: 830d5757982e368e-LHR
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 200 video Show response
metrolagu.cam/ Frame 5658 2 KB
1 KB 357ms
357ms Document
text/html 46.250.238.76
CAPL-AS-AP Contab...

General

Check archive.org

Show headers Download Go to

Full URL

https://metrolagu.cam/video?q=bohongi+hati

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.250.238.76 London, United Kingdom, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),

Reverse DNS

vmi1540198.contaboserver.net

Software

nginx /

Resource Hash

74ec625f8a7d8b470c754dfd28de1802aacfe44068124c8a7efab56933ccbb10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://metrolagu.cam
Referer: https://metrolagu.cam/jembud/unyryyto8yb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 15:32:20 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
947 B 50ms
50ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
947 B 51ms
50ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=2c2a67d6-d169-43c5-8a3a-fef641a0ba0b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:19 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 /
433bb3d20f.6542309b8a.com/in/show/ 0
200 B 54ms
53ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://433bb3d20f.6542309b8a.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&refdom=poop.media&auction_time=1701790338&subid=357529620&sid=2072906018&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-05&iabcat=IAB25-3&keywords=&user_fp=11254069022125629296&score=70.45885507639845&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fe%252Funyryyto8yb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm2xuuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqz32nj7gieduafrcp3wp6x6u4kqwzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesimqipxhzvsmkkwfnl4d27om7dmnq6xxdotpvkppf5nut2ejfnkj2zfkvtwjr62kpo5ixryokybq3byhufzs7jwg5iksjnewcsf5jbe2mssdrnit5tk3677oe4h5mh42hdd2sbz5rc7b2fnzsstgtp3usqne2ja2wugo5onpwwfdolmgbwtrooefg4oknlc6t3paj7yxg3hijrghs5kdmiaxi2dxmr5eatcvavfumttairzfm4cumb6x5ultnsueyvgqj2bvon5vlrgnortq7vttnytxphyhlufev6vfywn4mb7yjcghkvmkzol2fzghq3apjeizg2s2tn25aungxjtpm3mnwrhis5v3xjakyslbca6ua63kobrcof2nayauwqy3gfdhectvbjthq4krjyghwlleof2rezsszvnelx2btc362mpkobwo24s53glvjfkjfppuwve7jja77e2lum2l7w6oz6lmly7pqvzza6zoda7bunq7njsgmaa3dm4ta6bffmatkvzgfaqskmaudrgemhick5xqajsthqcsgirdce2aaojddv7qwfdhlytrsmbzoayfgak6dmirgdyzfzjskargpv5vkqqjfryde633iiyfo63aebsckr2glibewe2jgvbhgwjhle2g2oqucuzcgldlpf3eeyqcpbuhoz3wivavacscijrbq6s6l53v4zl7pflu4xlypjtxu52fmehx6ylsi67jbun5qp4z7bftoejo56wd55astbhurhmlbknxxwgfexsmfdcnpr7q6w57b4ssacrkviht7klmvpaqinwwlusejrncubzhiz3xo2zhfqpaktc7c4lbcmkppkducrcsppfojswgjrzggqcdnoc4mrlytgueixepr7m4qryj7lcxav2gnriax5q4fljawsfaijmt3ztaoiifab2xdfqrgmtsoj4piaehke%3D%3D%3D%3D%3D%3D%3Fu%3D&icons=Wq1rIx-7t1TYWWCqvssyQC5bb7D3rkRDVj1gKC-X6vuUrQ4N89lV21kqNg1yy3RwwIOyHn6h1wJ_tR68n7cY4LMqPOlP3LnKbSdOq_9JIK0A_EU2CQ1kU06XT5fMG5sui0QkQxYqt3XRW-O6i2Z3zqiZkEYQ7Elf6BTg17Pu3Rwn8dmLlw&ext_cid=0&px_id=53418774&min_cpm=0.03540371275487896&out_id=1&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=1587695242733635318&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.05992032333435817&cpm=0&verify_hash=76c882f24fc7c645bae5461d9caf9c34&is_native=2&real_bid=0.0012867623183968027&original_bid_usd=0.0013859999418593951&original_bid=0.0013859999418593951&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F119.0.6045.199%20Safari%2F537.36&ip_mismatch=2001:ac8:21:e::6&geo=GB&carrier=-&label_ids=93,108,123,76,89,27,0,4,81&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1701876738&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.0013859999418593951&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/London&topics=&historical_keywords=&pop_cpc=0.0000013859999418593952&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=d81cfceb-f210-4652-b736-4a8d7cd2efd2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:19 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ Frame 20E6 790 B
947 B 52ms
52ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: 6a1d032c40.b65415fde6.com
URL: https://6a1d032c40.b65415fde6.com/e9888d79e7fb4bee037592776d9d7dd4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ Frame 20E6 790 B
947 B 53ms
52ms Image
image/webp 78.47.199.206
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&st=0.03&cpa=3ce94a14-6551-482e-9602-94b54cd182cf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.206.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
server: nginx/1.18.0
etag: "5fbd16bb-316"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 790

GET
H2 200 /
433bb3d20f.6542309b8a.com/in/show/ 0
200 B 70ms
70ms Image
text/plain 2a01:4f8:e0:19cb::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://433bb3d20f.6542309b8a.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&refdom=poop.media&auction_time=1701790338&subid=357529620&sid=2072906018&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-05&iabcat=IAB25-3&keywords=&user_fp=11254069022125629296&score=70.45885507639845&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fe%252Funyryyto8yb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm2xuuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqz32nj7gieduafrcp3wp6x6u4kqwzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesimqipxhzvsmkkwfnl4d27om7dmnq6xxdotpvkppf5nut2ejfnkj2zfkvtwjr62kpo5ixryokybq3byhufzs7jwg5iksjnewcsf5jbe2mssdrnit5tk3677oe4h5mh42hdd2sbz5rc7b2fnzsstgtp3usqne2ja2wugo5onpwwfdolmgbwtrooefg4oknlc6t3paj7yxg3hijrghs5kdmiaxi2dxmr5eatcvavfumttairzfm4cumb6x5ultnsueyvgqj2bvon5vlrgnortq7vttnytxphyhlufev6vfywn4mb7yjcghkvmkzol2fzghq3apjeizg2s2tn25aungxjtpm3mnwrhis5v3xjakyslbca6ua63kobrcof2nayauwqy3gfdhectvbjthq4krjyghwlleof2rezsszvnelx2btc362mpkobwo24s53glvjfkjfppuwve7jja77e2lum2l7w6oz6lmly7pqvzza6zoda7bunq7njsgmaa3dm4ta6bffmatkvzgfaqskmaudrgemhick5xqajsthqcsgirdce2aaojddv7qwfdhlytrsmbzoayfgak6dmirgdyzfzjskargpv5vkqqjfryde633iiyfo63aebsckr2glibewe2jgvbhgwjhle2g2oqucuzcgldlpf3eeyqcpbuhoz3wivavacscijrbq6s6l53v4zl7pflu4xlypjtxu52fmehx6ylsi67jbun5qp4z7bftoejo56wd55astbhurhmlbknxxwgfexsmfdcnpr7q6w57b4ssacrkviht7klmvpaqinwwlusejrncubzhiz3xo2zhfqpaktc7c4lbcmkppkducrcsppfojswgjrzggqcdnoc4mrlytgueixepr7m4qryj7lcxav2gnriax5q4fljawsfaijmt3ztaoiifab2xdfqrgmtsoj4piaehke%3D%3D%3D%3D%3D%3D%3Fu%3D&icons=zIx3OzsxOSEOjv5CBmRWiQUrU4b7pMfTVqUFYhy4QVXoWcWU6cTDzTpUU_DJ9StWfDSqRwPucIu4UWJq4dwvmfJQq-sT9MDwgbvGW4BanW1JvjEcTfnq5yVlWROM8X3RY_E2BcGrDgQaW_Dd4dAtYo65ixa67vTvwBVmcVjJJHNwF0lIYQ&ext_cid=0&px_id=53418774&min_cpm=0.03540371275487896&out_id=0&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=1587695242733635318&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.05992032333435817&cpm=0&verify_hash=76c882f24fc7c645bae5461d9caf9c34&is_native=2&real_bid=0.0012867623183968027&original_bid_usd=0.0013859999418593951&original_bid=0.0013859999418593951&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F119.0.6045.199%20Safari%2F537.36&ip_mismatch=2001:ac8:21:e::6&geo=GB&carrier=-&label_ids=89,93,123,4,76,81,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1701876738&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.0013859999418593951&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/London&topics=&historical_keywords=&pop_cpc=0.0000013859999418593952&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&st=0.03&cpa=7ab1cdc0-182c-46e7-840b-8100926cf484
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:20 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1 200
OK 64343 Show response
fikedaquabib.com/rotaInGRWQGA24/ Frame 5658 0
1 KB 254ms
44ms Script
application/javascript 23.109.87.48
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://fikedaquabib.com/rotaInGRWQGA24/64343

Requested by

Host: metrolagu.cam
URL: https://metrolagu.cam/video?q=bohongi+hati

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

23.109.87.48 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://metrolagu.cam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Tue, 05 Dec 2023 15:32:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: https://metrolagu.cam
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires

GET
H2 200 jquery-latest.min.js Show response
code.jquery.com/ Frame 5658 94 KB
33 KB 25ms
25ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-latest.min.js
Requested by: Host: metrolagu.cam
URL: https://metrolagu.cam/video?q=bohongi+hati
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://metrolagu.cam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6988139
x-cache: HIT, HIT
content-length: 33202
x-served-by: cache-lga21983-LGA, cache-man4147-MAN
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701790340.312284,VS0,VE0
etag: W/"28feccc0-1762a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 11, 76852

GET
H2 200 embed.css
metrolagu.cam/ Frame 5658 1 KB
609 B 353ms
353ms Stylesheet
text/css 46.250.238.76
CAPL-AS-AP Contab...

General

Check archive.org

Show headers Download Go to

Full URL

https://metrolagu.cam/embed.css

Requested by

Host: metrolagu.cam
URL: https://metrolagu.cam/video?q=bohongi+hati

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.250.238.76 London, United Kingdom, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),

Reverse DNS

vmi1540198.contaboserver.net

Software

nginx /

Resource Hash

6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://metrolagu.cam/video?q=bohongi+hati
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
server: nginx
etag: W/"651596cf-446"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Wed, 06 Dec 2023 03:32:20 GMT

GET
H2 200 fxrjs99tmgwkl7zo.jpg
img.doodcdn.co/snaps/ Frame 5658 30 KB
31 KB 184ms
98ms Image
image/jpeg 2606:4700:20::ac43:46be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.doodcdn.co/snaps/fxrjs99tmgwkl7zo.jpg
Requested by: Host: metrolagu.cam
URL: https://metrolagu.cam/video?q=bohongi+hati
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:46be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e2fef74ef78477d6cab63d3ab83f2740b8954a3c5db658b604017b97e7dc50d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://metrolagu.cam/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=31116
alt-svc: h3=":443"; ma=86400
content-length: 30683
cf-bgj: imgq:100,h2pri
last-modified: Thu, 05 Oct 2023 05:48:11 GMT
server: cloudflare
etag: "651e4e1b-798c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DWvoLef%2B69h5L9ClrKnIJkx3QVnM1u%2FsvcwiqtmOaOymGwA4MW6Vk%2FeQ3%2FS8n8DbwSMNyhTYAMB1Arzm6NvJDMuh0IkPG%2F%2Ff%2BQUJUXG4%2FWtudDteAtv%2BKAkso8GNenPu4wBENAI0i57L5goU"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 830d575b8fa44130-LHR
expires: Tue, 19 Dec 2023 06:37:50 GMT

GET
H2 200 play.svg
metrolagu.cam/ Frame 5658 633 B
789 B 350ms
349ms Image
image/svg+xml 46.250.238.76
CAPL-AS-AP Contab...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrolagu.cam/play.svg

Requested by

Host: metrolagu.cam
URL: https://metrolagu.cam/embed.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.250.238.76 London, United Kingdom, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),

Reverse DNS

vmi1540198.contaboserver.net

Software

nginx /

Resource Hash

b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://metrolagu.cam/embed.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 15:32:20 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
server: nginx
etag: "650c2028-279"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 633

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 38ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RRBBHD087X&gtm=45je3bt0v9167878827&_p=1701790338106&gcd=11l1l1l1l1&dma=0&cid=1257803865.1701790338&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1701790338&sct=1&seg=0&dl=https%3A%2F%2Fpoop.media%2Fe%2Funyryyto8yb&dt=ngintip%20cwe%20cantik%20kos%20mandi%20si%20kameraman%20geter%20geter%20-%20DoodStream%20-%20DoodStream%20-%20DoodStream%20-%20PoopHD&en=scroll&epn.percent_scrolled=90&_et=3&tfd=7225
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://poop.media/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 15:32:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://poop.media
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.poop.media/	1970-01-21 02:19:10	Name: _ga Value: GA1.1.1257803865.1701790338
.poop.media/	1970-01-21 02:19:10	Name: _ga_RRBBHD087X Value: GS1.1.1701790338.1.0.1701790338.0.0.0
fp.metricswpsh.com/	1970-01-21 01:28:46	Name: id Value: 4032688180461698771
wakenssponged.com/	1970-01-20 16:44:36	Name: GL_UI4 Value: eJw9jVtOwzAURPNOgSYwUhbAEhKlpfgTsQg%2BIz9uU9PErhyTiN1jIcHXHI3OaKIoSppHxGuRI%2F3iRzwzxc5StO2p74m9ikNLrBenXh6IM%2FbCjrjTy%2BC5mMhn2C0zd37wa4b9SIacloO0iio8BeuvuRq7mQy5cNyoCvkcjKlCKZzdFnJNiszwmVC8X5wNmc%2F80zqkXccCaxM4bpHYpUnre5Qf2qgwrPdIurauiwgPt4n7s3XzoFURIx8dV4T4DTvJPY3WfaNUtFy9vQF2UsO%2F%2F%2Fubbl2LQtGqZTi3%2FkLuBydKTkY%3D
wakenssponged.com/	1970-01-20 16:44:36	Name: GL_GI10 Value: eJwFwUEKwjAQBdDMCIGqVD72AD1BMVVaXaqIC6k7D1CSULMwCWn0%2FL4nhOBqDXYRm1b1jdofG3XqGrXrQBP4fgFrj%2FLlXbamfjg%2FmfABJSyG8xOcPJbD6PXbztkmkC4LkMNqaA99ffumEC3YzyiuIcWQxmxBURI4BynAs6kE6Ce3f9rzHpo%3D
metrolagu.cam/	1969-12-31 23:59:59	Name: PHPSESSID Value: n1is1ldmgl4vse4mqfu2tn05ng
fikedaquabib.com/	1970-01-20 16:44:36	Name: GL_UI4 Value: eJw9jVtOwzAURPNOgSYwUhbAEhKlpfgTsQg%2BIz9uU9PErhyTiN1jIcHXHI3OaKIoSppHxGuRI%2F3iRzwzxc5StO2p74m9ikNLrBenXh6IM%2FbCjrjTy%2BC5mMhn2C0zd37wa4b9SIacloO0iio8BeuvuRq7mQy5cNyoCvkcjKlCKZzdFnJNiszwmVC8X5wNmc%2F80zqkXccCaxM4bpHYpUnre5Qf2qgwrPdIurauiwgPt4n7s3XzoFURIx8dV4T4DTvJPY3WfaNUtFy9vQF2UsO%2F%2F%2Fubbl2LQtGqZTi3%2FkLuBydKTkY%3D
fikedaquabib.com/	1970-01-20 16:44:36	Name: GL_GI10 Value: eJwFwUEKwjAQBdDMCIGqVD72AD1BMVVaXaqIC6k7D1CSULMwCWn0%2FL4nhOBqDXYRm1b1jdofG3XqGrXrQBP4fgFrj%2FLlXbamfjg%2FmfABJSyG8xOcPJbD6PXbztkmkC4LkMNqaA99ffumEC3YzyiuIcWQxmxBURI4BynAs6kE6Ce3f9rzHpo%3D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YcFDC3ehwoi9eQgWyjez5L0whQ0CW2ymfiX8BnkDXF2cxSpLk_73sKH-fgJ9-RQjY2BI_JQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-703624984%3A1701790338684154&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

433bb3d20f.6542309b8a.com
6a1d032c40.b65415fde6.com
accounts.google.com
berlagu.com
code.jquery.com
f7642e332d.6771600c3f.com
fikedaquabib.com
fp.metricswpsh.com
img.doodcdn.co
itseagleswig.com
mcpuwpsh.com
metrolagu.cam
nereserv.com
pisism.com
poop.media
poops.pro
region1.google-analytics.com
static.bookmsg.com
storage.multstorage.com
wakenssponged.com
www.googletagmanager.com
xkdzj.top
xpdep.top
157.90.84.242
172.255.103.72
173.233.137.36
188.114.97.9
2001:4860:4802:34::36
23.109.87.48
2606:4700:20::ac43:46be
2606:4700:3037::ac43:b016
2606:4700:e4::ac40:ac20
2a00:1450:4001:80f::2008
2a00:1450:400c:c0a::54
2a01:4f8:c0:2306::1
2a01:4f8:e0:19cb::1
2a04:4e42:400::649
2a06:98c1:3120::3
2a06:98c1:3121::3
45.133.44.52
46.250.238.76
78.47.199.206
94.130.198.6
03655cfaf82852add204f416745a4a02509d6f8a6f2ebecd446dbf425863dead
14deed91bde7b9d3d16d0b46176c181bdfe048f63da69ea7b4bf574ec5289a27
15bbdc749ff4fd0b5f5fd6fb9ce8f78fdbef077a235f34f9dbadb97e3c464f3b
19371c06ebd0fe7219c6869df21bd3ea72930dc81f36fc9db4028be625020a9c
25ab37f5254eae1598cd8d0bd1017f7a32d421a1a2b3418aa41589eb5e993efd
270fb9f71a35c9aac351e9fb4c18d5d8e7d2d40488bfc802b5bae62d3b133bee
38b43a2c933caeaae9c513390097df938dc06e302a1f6c7d78a7503964f00f1d
407450afd189ccd09d0eaa5981d237b7aa93ee93c92cf3910f60745314d1457d
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5ed409ded92c58ead1b59c48a9022b6972416b224c017c184e59198a5f570b59
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf
69c0d5d7c3fb548ed45161ffec034f92f1e1ac51141f509fe9870962772e9137
6a53bb3deb38142868f2947a24b09955af34b1f914000c89d64314e80a37db8c
74ec625f8a7d8b470c754dfd28de1802aacfe44068124c8a7efab56933ccbb10
87d973b2efe652fef2316ccee965a3fe1a691ed07a935de708fdeb8059e5f5e9
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
8e2fef74ef78477d6cab63d3ab83f2740b8954a3c5db658b604017b97e7dc50d
a36684e5659980260a7841dba0614d681ee97905ef3f082051bd7903f49ba3e7
aa7f2ebcdaad807908384505799c2dec8606fe4f0138a985b01991b714bc1cb2
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
c5fa5ba9b1b976166cd82c7e2ce809bf48785f67b318c20bed3462a34c42ba2f
c80841e32c0d034754d70fc5cafb258b79a76260ab97ab6f7f0dbbb450ef4217
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

poop.media Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

46 Requests

93 %HTTPS

55 %IPv6

23 Domains

23 Subdomains

20 IPs

5 Countries

754 kBTransfer

1699 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

46 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

poop.media Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

46
Requests

93 %
HTTPS

55 %
IPv6

23
Domains

23
Subdomains

20
IPs

5
Countries

754 kB
Transfer

1699 kB
Size

8
Cookies

46 HTTP transactions
0 data transactions