urlscan.io logo urlscan.io
SecurityTrails logo

poo.phd Open in urlscan Pro
104.21.16.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://doood.cc/d/8a5y84ur5bhz
Effective URL: https://poo.phd/d/8a5y84ur5bhz
Submission: On December 25 via manual from MY — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 4 countries across 22 domains to perform 45 HTTP transactions. The main IP is 104.21.16.1, located in and belongs to CLOUDFLARENET, US. The main domain is poo.phd.
TLS certificate: Issued by WE1 on December 20th 2024. Valid for: 3 months.
This is the only time poo.phd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.21.80.1 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 104.21.16.1 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 188.114.96.3 13335 (CLOUDFLAR...)
2 142.250.186.131 15169 (GOOGLE)
5 45.133.44.52 39572 (ADVANCEDH...)
2 2001:4860:480... 15169 (GOOGLE)
1 172.67.132.168 13335 (CLOUDFLAR...)
1 172.67.174.51 13335 (CLOUDFLAR...)
1 45.133.44.53 39572 (ADVANCEDH...)
2 157.90.84.242 24940 (HETZNER-A...)
4 168.119.25.102 24940 (HETZNER-A...)
8 2a01:4f8:1060... 24940 (HETZNER-A...)
1 2a01:4f8:c0:2... 24940 (HETZNER-A...)
2 2a02:b48:8300... 39572 (ADVANCEDH...)
2 2 172.67.185.171 13335 (CLOUDFLAR...)
4 45.133.44.25 39572 (ADVANCEDH...)
45 19
1    104.21.80.1 (None, )

ASN13335 (CLOUDFLARENET, US)
doood.cc
1    2606:4700:3035::ac43:a8ce (United States)

ASN13335 (CLOUDFLARENET, US)
poop.skin
2    104.21.16.1 (None, )

ASN13335 (CLOUDFLARENET, US)
poo.phd
4    2606:4700:3037::ac43:c87b (United States)

ASN13335 (CLOUDFLARENET, US)
ax4.poopstream.co
dx4.poopstream.co
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
berlagu.com
2    142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
fonts.gstatic.com
5    45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)
1d36243653.ef1dd1776c.com
2    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    172.67.132.168 (United States)

ASN13335 (CLOUDFLARENET, US)
poophd.com
1    172.67.174.51 (United States)

ASN13335 (CLOUDFLARENET, US)
storage.multstorage.com
1    45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)
054cb3b003.1699bc140d.com
2    157.90.84.242 (Ismaning, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.242.84.90.157.clients.your-server.de
fp.metricswpsh.com
4    168.119.25.102 (Düsseldorf, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.102.25.119.168.clients.your-server.de
nereserv.com
8    2a01:4f8:1060:13eb::2 (Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
4184fdf4c0.46f884ead3.com
1    2a01:4f8:c0:2306::1 (Ehingen, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
enrtx.com
2    2a02:b48:8300::24 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)
static.bookmsg.com
2    172.67.185.171 (United States)

ASN13335 (CLOUDFLARENET, US)
p.a64x.com
4    45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)
gfxdn.pics
Apex Domain
Subdomains		 Transfer
8 46f884ead3.com
4184fdf4c0.46f884ead3.com
15 KB
5 ef1dd1776c.com
1d36243653.ef1dd1776c.com
251 KB
4 gfxdn.pics
gfxdn.pics — Cisco Umbrella Rank: 35583
12 KB
4 nereserv.com
nereserv.com — Cisco Umbrella Rank: 31261
801 B
4 poopstream.co
ax4.poopstream.co — Cisco Umbrella Rank: 91207
dx4.poopstream.co — Cisco Umbrella Rank: 90365
43 KB
2 a64x.com
p.a64x.com — Cisco Umbrella Rank: 41236
1 KB
2 bookmsg.com
static.bookmsg.com — Cisco Umbrella Rank: 41152
2 KB
2 metricswpsh.com
fp.metricswpsh.com — Cisco Umbrella Rank: 34091
427 B
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
2 gstatic.com
fonts.gstatic.com
79 KB
2 poo.phd
poo.phd
7 KB
1 enrtx.com
enrtx.com — Cisco Umbrella Rank: 53053
4 KB
1 1699bc140d.com
054cb3b003.1699bc140d.com
225 B
1 multstorage.com
storage.multstorage.com — Cisco Umbrella Rank: 29614
1 poophd.com
poophd.com — Cisco Umbrella Rank: 167465
2 KB
1 berlagu.com
berlagu.com — Cisco Umbrella Rank: 111509
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 617
7 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
108 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 poop.skin
poop.skin
628 B
1 doood.cc
doood.cc
472 B
0 google.com Failed
accounts.google.com — Cisco Umbrella Rank: 17 Failed
45 22
Domain Requested by
8 4184fdf4c0.46f884ead3.com 1d36243653.ef1dd1776c.com
5 1d36243653.ef1dd1776c.com poo.phd
1d36243653.ef1dd1776c.com
4 gfxdn.pics 1d36243653.ef1dd1776c.com
4 nereserv.com 1d36243653.ef1dd1776c.com
3 ax4.poopstream.co poo.phd
2 p.a64x.com 2 redirects
2 static.bookmsg.com
2 fp.metricswpsh.com 1d36243653.ef1dd1776c.com
2 region1.google-analytics.com www.googletagmanager.com
2 fonts.gstatic.com fonts.googleapis.com
2 poo.phd static.cloudflareinsights.com
1 enrtx.com 1d36243653.ef1dd1776c.com
1 054cb3b003.1699bc140d.com 1d36243653.ef1dd1776c.com
1 storage.multstorage.com 1d36243653.ef1dd1776c.com
1 poophd.com
1 berlagu.com poo.phd
1 static.cloudflareinsights.com poo.phd
1 www.googletagmanager.com poo.phd
1 dx4.poopstream.co poo.phd
1 fonts.googleapis.com poo.phd
1 poop.skin 1 redirects
1 doood.cc 1 redirects
0 accounts.google.com Failed
45 23

This site contains no links.

Subject Issuer Validity Valid
poo.phd
WE1		 2024-12-20 -
2025-03-20		 3 months crt.sh
ax4.poopstream.co
WE1		 2024-12-19 -
2025-03-19		 3 months crt.sh
upload.video.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
dx4.poopstream.co
WE1		 2024-12-19 -
2025-03-19		 3 months crt.sh
*.google-analytics.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-11-01 -
2025-01-30		 3 months crt.sh
berlagu.com
WE1		 2024-12-22 -
2025-03-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
1d36243653.ef1dd1776c.com
R10		 2024-12-22 -
2025-03-22		 3 months crt.sh
poophd.com
WE1		 2024-12-03 -
2025-03-03		 3 months crt.sh
multstorage.com
WE1		 2024-11-08 -
2025-02-06		 3 months crt.sh
054cb3b003.1699bc140d.com
R11		 2024-12-22 -
2025-03-22		 3 months crt.sh
notification.tubecup.net
E6		 2024-11-07 -
2025-02-05		 3 months crt.sh
46f884ead3.com
E5		 2024-12-21 -
2025-03-21		 3 months crt.sh
puwpush.com
R11		 2024-10-30 -
2025-01-28		 3 months crt.sh
static.bookmsg.com
R10		 2024-12-01 -
2025-03-01		 3 months crt.sh
gfxdn.pics
R11		 2024-11-30 -
2025-02-28		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://poo.phd/d/8a5y84ur5bhz
Frame ID: 53E558A2F1A476F8222C9C67BFD22D8F
Requests: 35 HTTP requests in this frame

Frame: https://berlagu.com/jembud/7a6862357275343879356138
Frame ID: 75FE6659FBC6A17A8DEA99E1D593AB4F
Requests: 1 HTTP requests in this frame

Frame: https://storage.multstorage.com/log/count.html
Frame ID: F74F4225A25548B77EED1AFFEC0240C0
Requests: 1 HTTP requests in this frame

Frame: https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
Frame ID: 85E5BB208DDCE47C6460D566A401969F
Requests: 2 HTTP requests in this frame

Frame: https://gfxdn.pics/m/p/0/799/799756/conversions/YlIyOutd-in-page-ad-images.jpg
Frame ID: BA891AB574ECA3E702E5ADE4DB71BB21
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ngewe pulang sekolah - .mp4 - PoopHD - PoopHD

Page URL History Show full URLs

  1. https://doood.cc/d/8a5y84ur5bhz HTTP 301
    https://poop.skin/d/8a5y84ur5bhz HTTP 301
    https://poo.phd/d/8a5y84ur5bhz Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

45
Requests

91 %
HTTPS

43 %
IPv6

22
Domains

23
Subdomains

19
IPs

4
Countries

534 kB
Transfer

1754 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://doood.cc/d/8a5y84ur5bhz HTTP 301
    https://poop.skin/d/8a5y84ur5bhz HTTP 301
    https://poo.phd/d/8a5y84ur5bhz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98aeSjkW9mBgDnVJg0t34iDQMNqR6ooHJSnxt-2nkDjswjT1NDRw-beBiJWnezToVeWNnaC HTTP 302
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP9-lBk-kAFGyonhHo-KmitT3Mxndwfq6s2VJcZHnFDueJbYzWcXdXSJe0DYSm3L_q0YxIIrH&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166673758%3A1735103873091746&ddm=1
Request Chain 37
  • https://p.a64x.com/in/tip_shows/?katds_ep=mnDzUKRI8aV0z83gMEm3Oyi347fwvc6Rw_RgVHkvcrG0wgSIYkFfpBraXomknZshhKJ4GuSWhF7t5tlmxBfZ-Tk9SGPevSPfhPKHOeopXqZj-gjOF5Y5_ZxebIzgTfz7jLHYSdH9dJIqTk5_6P5zxaIVBhibWFAXso15hsBe3Qzt1muJDuXm1LBXlOqiigPerL2gHgbp6z9myBqOpnpCL2lL138Xun9qucR9yPvUg05gauJXBu13BMxFB1-eY6DLTQdp_Cboo6VSFGVzGhn9wmfyF2mLiwKo0t0oTOkvXTudU156siCk4Q1qicIpqLKkoH_g1hiL8aQkHO3FND1TdjxV0UZTUDCJN9_vRMIihl5FqPHogYpGszBrr9XbKKggcAAg4-82VoShCQVT6zvbxfkuyhP02xxslGm8fZ5MTVg8HkQh0yQecZr8cdxjefnTlz460KLcMMyjzwmh0CyEFPad5r7ZfTS9dt6DKphXGznoTg4mQsMdynJFQuPWbWG7Kzb1PSk_KzoFhTBs27nk2DvO-dIbQYoaYxUzWmBwSESwiu2aiDKbdYhY0kdFZDwOTzoDuALq3_0raloCCFmRqNuuLJhcKLNkzg7upOYnlfh-_uxp4UU-uP0dpwYSduGf8qEUl5trcJ6SoBqbkXuvBZzu87bGiCi32b69hWclcnYeA0eh5tlo8DF2h5eSJMGWSFsOH9bNXHWpLt9BXnu3eX1rLy_3iazkVsC0QvYKL04ryQI1Y0y6SxlCIY-TG7WkNgkYwztfdAX3UbaLjM6KTjjKJEccHk0PcX4OavHt1yyJpIq8Mbb2E-z105BK2P-mx9v9WpyHQAGUQFcSTZ_MT1wH4CXkUa22A8yRIvHOn-YtDYuJz1mBzTQLl3mOIX5uIFdvr0kgtxG5IJCP3_kR4CnVd0ilPlh55SEx_IqBzIEpCPwqkG156HC9A3LriQKZVdguhZsQEPIMyiH9fA&bid=0.028645999517411938 HTTP 302
  • https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
Request Chain 42
  • https://p.a64x.com/in/tip_shows/?katds_ep=8pOJ8aorcYnGAY9E0HVIpCEWeChwCxxsTPsh_c41ytnf2oM3APIOQFlOncf54owHreEMzOkrpqZgFNKpEYqLMZ48c_pvpiSoclra_FTEAYHyZ8O34wwexFE_rji-YC4F-J9jmDUmvGZ17WvjRb6tTVu1ixxXXXiR9FVy54-fCbMzbgIvOpmeuQRra26mI1r4eUm6hrAAimmY3Q3Y8uDzfsrH_7YoyEIjORJCAmmvQa3ltk5GdWMzBNI77hjnM4mMku7OP15KWDOKvX5benICpp87eV9iVo8WQWVg-zNKAswbPPumZwRD0JZbY5rKc3NxJq6zjtV0t0wIfpPmXnCbcvKvZHvtIPElkpR547--b-V8fbfjoxXLvufHhPE7yJKSbr4Hl0vkihNSWedPK15DJgtt-bCV_YRaacerDc5WU1_1zSTu5Pc7jv0DGYUaSVV_mHd5HRfUOqIfk8Y4-Twj_P2FTkThPTOKQa0BQxmajOKMc9_1oyeU7zFrOvK6aiz9_Q81jTw21msBmAHur89fc-yNb16AclnWjPrxJBkOAEYOcNbJYbu8gb_VgwkJVljKfUuculdkri9wN2DDl_kEPS3ZEr7ST-oVtdYc0OaXaee-7owwjQUkIU7CQAwNaGs8WSAr0K2O07maaXNGwmvgrDgZNZb2KqBxmt7R1Pdiqoe584jTeTcJg0y0Kmhwb-lwufD6d1NRdj-oEJiYi1GpouhCo0zL_ZEZm7g-pIv4Kg70siMKKC8hChduedkgfJ9iqmzJ34z2hTtGN70d_04BePZLSdK7uI6d6bVIih5l0-5nEW26Evx1_2SkW8DcFJQi4OO0t7wkogrdT4QNXXT60w-5d53Stonj1tidOfPVxkK2EcA0mj42Vu4OqE5bithr1KCeA8w7YK02md9bG2_rqAWiU-c2loYaEoU1mkF8rDpsZcsu1NRFYUFD1va6Rsj1BE3J44dblt2kimINCZ2e8eksOANb&bid=0.0072 HTTP 302
  • https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 8a5y84ur5bhz
poo.phd/d/
Redirect Chain
  • https://doood.cc/d/8a5y84ur5bhz
  • https://poop.skin/d/8a5y84ur5bhz
  • https://poo.phd/d/8a5y84ur5bhz
23 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poo.phd/d/8a5y84ur5bhz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bea8fabcda4b37249724a35b7985d5e011e479154596508ef01c6bd21950a601

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=3600, must-revalidate
cf-ray
8f765dfbeebabc5d-ZRH
content-encoding
zstd
content-type
text/html;charset=UTF-8
date
Wed, 25 Dec 2024 05:17:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ft%2BKb5Ht%2FvtbrlI7TAslYpL3E6nl1F2WocoLl8NhzoUvR1IhWvl269YmltF7CvXzEHBMHRjlH4sSj3nUgNOQWaqGC1wmzj6mGJ1qEfHFZPLhpZiSWP2dNcGB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
max-age=3600
cf-ray
8f765dfb9d410219-ZRH
content-length
167
content-type
text/html
date
Wed, 25 Dec 2024 05:17:51 GMT
expires
Wed, 25 Dec 2024 06:17:51 GMT
location
https://poo.phd/d/8a5y84ur5bhz
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqLIAG9FPUQMANxOjl%2F33gxbLXdsUYwbEmwG3nSpOi9ih%2FomhknO%2BvX3ZXkvWGyCT3lAkdBDis1c80cOqA%2FuxXXoJ2OaTgGWmuc0Bdq4Lbp1K4G8OTXoskoK206zirbDXIFFZA%2Bp%2FG4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
bootstrap.min.css
ax4.poopstream.co/ 		204 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ax4.poopstream.co/bootstrap.min.css
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c87b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=1200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"3ad35d9c124d6c7d13f776dde0df9286"
age
3767
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9xZ2fluZfd5Hfa43hugL8ibnG3ln1io3JqV4tmkXO1eXAt4Q5iAMT8tVIfoXAfN6B0b9H%2B3CdnT0kitNSJmI%2Fkc3YwR4ESpg6LxPYBO47VcgpsOPG6%2FFus77ASq%2FvmIVlEuyzV1LaHM8wRjjwmz2hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765dfeb81ebc48-ZRH
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=13776&min_rtt=13720&rtt_var=2222&sent=12&recv=13&lost=0&retrans=0&sent_bytes=6038&recv_bytes=2250&delivery_rate=285138&cwnd=254&unsent_bytes=0&cid=318f138d63342ec6&ts=32&x=0"
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
text/css
last-modified
Thu, 14 Mar 2024 17:13:03 GMT
vary
Accept-Encoding
server
cloudflare
css
fonts.googleapis.com/ 		18 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3482415177813410f604787dd9f27ba54bea4f4eca78f83cc2afaebd7b56392
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 25 Dec 2024 05:17:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 25 Dec 2024 03:21:30 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
embed2.css
ax4.poopstream.co/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ax4.poopstream.co/embed2.css
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c87b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ca2d870794ea0d5902ed97a4c515f4462b63555a5d4e8a2ccca6e1011dfe4db

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=1200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"504eba00908d13eb47133d1f92f8048a"
age
3748
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QV%2BcEwE0DThC9Se%2FUgBOmjYqmhju%2B5%2FnDLIBs51tW%2BKLyxR3BQZmqDS%2FfThLd1gTx%2BpeRXPjp6yrr24Ca%2Ba6m827IusW%2ByNgqTW8886aOLc3LjRmRXb4yWaXbku5belGH0wED6g0eYlI4pxycs%2BSIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765dfeb821bc48-ZRH
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=13769&min_rtt=13720&rtt_var=2944&sent=9&recv=12&lost=0&retrans=0&sent_bytes=4255&recv_bytes=2219&delivery_rate=285138&cwnd=252&unsent_bytes=0&cid=318f138d63342ec6&ts=30&x=0"
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
text/css
last-modified
Thu, 14 Mar 2024 17:13:01 GMT
vary
Accept-Encoding
server
cloudflare
X3XKLRGk9.jpg
dx4.poopstream.co/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dx4.poopstream.co/X3XKLRGk9.jpg
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c87b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2c5ee2d342788e2999ad4d3f7e34393e8e21b6ebf1b97f01c6582e5dbaa09c8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=1200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
REVALIDATED
etag
"ed31ccaf8b692d99403889ee453cbe46"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g7csZua3L9a8RwrYdKuM61at8grBoT6iNrRf2gYseWKLBpvK6e1Vr5Nvsr6eHiawiK4UXrVS%2BBSlLGGQ5RLll8oXeQLCuKBJE0jpGzSKnpms2tOIhPPK9JruAXX0BrECAKSTdzGJLTgbbgXt0Wuonw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765dfecf7abc5d-ZRH
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=18996&min_rtt=13720&rtt_var=11810&sent=9&recv=13&lost=0&retrans=0&sent_bytes=4276&recv_bytes=2228&delivery_rate=276574&cwnd=254&unsent_bytes=0&cid=8376f4f487d8a66a&ts=306&x=0"
content-length
11618
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
image/jpeg
last-modified
Sun, 15 Dec 2024 07:53:36 GMT
vary
Accept-Encoding
server
cloudflare
js
www.googletagmanager.com/gtag/ 		323 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b73b4d6ee085c82805409b10f086d55daeb91acbe912c72e17ff698939909409
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 25 Dec 2024 05:17:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109952
x-xss-protection
0
server
Google Tag Manager
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://poo.phd
Referer
https://poo.phd/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8f765dfe9937bc71-ZRH
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
7a6862357275343879356138
berlagu.com/jembud/ Frame 75FE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://berlagu.com/jembud/7a6862357275343879356138
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://poo.phd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
MISS
cf-ray
8f765e001afbbc00-ZRH
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Wed, 25 Dec 2024 05:17:52 GMT
last-modified
Wed, 25 Dec 2024 05:17:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikPrLn31DWB93wtqxubTW%2Be62Z5CHtqUbdHWsOoTIWL%2BHfoMeoLnYPcmjqZij7mjMS6Pj%2FlUp2paT4SfYqDts1f2z6w2XGGhr7O1hKEvD4iMm3LTEBR85Qlv17FT0w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=14086&min_rtt=13905&rtt_var=2325&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4188&recv_bytes=4508&delivery_rate=713&cwnd=12000&unsent_bytes=0&cid=169cd92e379d7d0d&ts=357&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
play.svg
ax4.poopstream.co/ 		633 B
871 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ax4.poopstream.co/play.svg
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c87b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=1200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"85f08506e5a64050719e7e18a26cd9c4"
age
3747
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPwDIffA0hIHrGN7tBehVKi3MFSvf%2BA4t6hvvj1mVThK6%2F0MecwHDYPf8Y9gyBgWx39zbiOTVJOS8HmmIOuUC6xgXF9z71f5AaixpdmtSEKo%2BHdw8ZexYw8VeR2LH98mzpLjW%2BHscVsdTobwSP2uqw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765dfef88fbc48-ZRH
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=15449&min_rtt=13716&rtt_var=2537&sent=40&recv=29&lost=0&retrans=0&sent_bytes=35733&recv_bytes=2366&delivery_rate=2414634&cwnd=256&unsent_bytes=0&cid=318f138d63342ec6&ts=67&x=0"
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
image/svg+xml
last-modified
Thu, 14 Mar 2024 17:17:30 GMT
vary
Accept-Encoding
server
cloudflare
XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v26/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://poo.phd
Referer
https://fonts.googleapis.com/

Response headers

age
72693
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 24 Dec 2025 09:06:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 24 Dec 2024 09:06:18 GMT
last-modified
Thu, 14 Sep 2023 00:02:20 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
39124
x-xss-protection
0
server
sffe
XRXX3I6Li01BKofIMNaDRs4.woff2
fonts.gstatic.com/s/nunito/v26/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunito/v26/XRXX3I6Li01BKofIMNaDRs4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
2a4ba0bfd05a144b759af1564fae807d80463489344ed2cf2d0f7fb5635e967a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://poo.phd
Referer
https://fonts.googleapis.com/

Response headers

age
73084
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 24 Dec 2025 08:59:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 24 Dec 2024 08:59:47 GMT
last-modified
Thu, 14 Sep 2023 00:02:36 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
41800
x-xss-protection
0
server
sffe
862b0c9d4b8ff8a325163de60540b9c4.js
1d36243653.ef1dd1776c.com/ 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Requested by
Host: poo.phd
URL: https://poo.phd/d/8a5y84ur5bhz
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
78c30b418896961856ee26e09ac3990b9e790852ad1333a0d30e8ede9f771a6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://poo.phd
Referer
https://poo.phd/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"6751bce7-1dc9f"
expires
Wed, 25 Dec 2024 05:22:52 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 14:47:03 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8137
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RRBBHD087X&gtm=45je4cc1v9167878827za200&_p=1735103871822&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1995777293.1735103872&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1735103871&sct=1&seg=0&dl=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&dt=ngewe%20pulang%20sekolah%20-%20.mp4%20-%20PoopHD%20-%20PoopHD&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=724
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://poo.phd
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 05:17:51 GMT
content-type
text/plain
server
Golfe2
114039
1d36243653.ef1dd1776c.com/caa18f82c17e42cdd7f59f12d32e22e2/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://1d36243653.ef1dd1776c.com/caa18f82c17e42cdd7f59f12d32e22e2/114039?version_name=c&domain=poo.phd
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
c7181d6a62501f72fa7ede9ddc24a309b6b06afd67e4996cec5253768f8a1b94

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=300
expires
Wed, 25 Dec 2024 05:22:52 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
application/json
server
nginx/1.18.0
x-cdn-host-id
ds8137
rum
poo.phd/cdn-cgi/ 		0
137 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://poo.phd/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json
Referer
https://poo.phd/d/8a5y84ur5bhz

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST,OPTIONS
cf-ray
8f765e025ec9bc5d-ZRH
access-control-allow-origin
https://poo.phd
date
Wed, 25 Dec 2024 05:17:52 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon-32x32.png
poophd.com/img/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://poophd.com/img/favicon-32x32.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.132.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8424609afcdb42d56d4cb1c9582fe2349bd8bb70cb9647b5782b49a27b41207

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"663881be-4a3"
age
1869505
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLvg%2BSr68fhYqKOZlatZHRiJBoZt57Lfk9wdKwulWcDp2tA%2FybEj2ztTF4OgwrSgdin2KglLcl26qKQFzxc9UfKb%2BaRfYz8HJTnNFGBEcpxuzviLtpgjt%2FVggtJ%2F"}],"group":"cf-nel","max_age":604800}
expires
Thu, 02 Jan 2025 13:59:27 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=15022&min_rtt=14927&rtt_var=5786&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4134&recv_bytes=4312&delivery_rate=191696&cwnd=12000&unsent_bytes=0&cid=43ffec93f6a8821b&ts=28&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
image/png
last-modified
Mon, 06 May 2024 07:07:42 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=2592000, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f765e0289a82397-ZRH
server
cloudflare
count.html
storage.multstorage.com/log/ Frame F74F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.multstorage.com/log/count.html
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.174.51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://poo.phd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f765e02f8a5bc11-ZRH
content-encoding
zstd
content-type
text/html
date
Wed, 25 Dec 2024 05:17:52 GMT
last-modified
Mon, 18 Sep 2023 14:39:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OEgpndrTTSVscVG%2BiGDOiCordDd5vlnhlnIBkK55pOonuWHkuEDRw3wHqopSIfxTFvhLn5%2FusuQO30HGbCOIp6uggpzSmFEQm4jiWgkC94E17SISUWdhzl56rDy7HReCHUD4AQtrCqz48g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=14121&min_rtt=14018&rtt_var=3101&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4128&recv_bytes=4461&delivery_rate=41905&cwnd=12000&unsent_bytes=0&cid=640d7b7c4c4cc12b&ts=43&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-request-id
35c67cfbd2447f3bbd7ccbae25280226
track
054cb3b003.1699bc140d.com/in/ 		0
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://054cb3b003.1699bc140d.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzczMDk4MjEzMTQ1MzUwMTAwIiwidGltZXpvbmUiOjEsInZlciI6IjMuMTM2LjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxNjAweDEyMDAiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IkV1cm9wZS9adXJpY2giLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xMiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:52 GMT
vary
Origin
server
nginx/1.18.0
x-cdn-host-id
ds8137
access-control-allow-headers
Content-Type
205973d52425114ceaed52c8220c4047.js
1d36243653.ef1dd1776c.com/ 		186 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
6f247d24254bc663a4b64c21b7a263c62d4d904df200566e7466902db93cc428

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"67697129-2e793"
expires
Wed, 25 Dec 2024 05:22:52 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 23 Dec 2024 14:18:17 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8137
4b6c03e13f1d541701802e41ed0a0ff1.js
1d36243653.ef1dd1776c.com/ 		105 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1d36243653.ef1dd1776c.com/4b6c03e13f1d541701802e41ed0a0ff1.js
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
ee760b58bd5840ef70071acf5e8080ff553ccb2de01326e1115eae4329d5c574

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"67595e9f-1a374"
expires
Wed, 25 Dec 2024 05:22:52 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 11 Dec 2024 09:42:55 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8137
fp
fp.metricswpsh.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://fp.metricswpsh.com/fp?tag_id=114039
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
157.90.84.242 Ismaning, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.242.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://poo.phd
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin
https://poo.phd
Connection
keep-alive
Date
Wed, 25 Dec 2024 05:17:52 GMT
Server
nginx/1.20.1
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
fp
fp.metricswpsh.com/ 		60 B
427 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fp.metricswpsh.com/fp?tag_id=114039
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/862b0c9d4b8ff8a325163de60540b9c4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
157.90.84.242 Ismaning, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.242.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash
fcd9509964217e1ba683bc388c77503b97517a7c700b446544206d3b8d840c64

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Referer
https://poo.phd/

Response headers

Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
https://poo.phd
Content-Length
60
Date
Wed, 25 Dec 2024 05:17:52 GMT
Content-Type
application/json; charset=UTF-8
Vary
Origin
Server
nginx/1.20.1
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98aeSjkW9mBgDnVJg0t34iDQMNqR6ooHJSnxt-2nkDjswjT1NDRw-beB...
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP9-lBk-kAFGyonhHo-KmitT3Mxndwfq6s2VJcZHnFDueJbYzWcXdXSJe0DYSm3L_q0YxIIrH&passive=t...
0
0
6c8eba9b213c1077b6ede0642c5614ce.js
1d36243653.ef1dd1776c.com/ 		539 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1d36243653.ef1dd1776c.com/6c8eba9b213c1077b6ede0642c5614ce.js
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e4458185d2dea4139a703f057349fa501847b1c44d6c18409b06d57883a996eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"67697125-86d8a"
expires
Wed, 25 Dec 2024 05:22:53 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 23 Dec 2024 14:18:13 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8137
dip
nereserv.com/in/ 		0
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?site=native-push&wl=1&event_id=0a436a7c-f713-4f13-bd01-f48a84fe5f59&subid=388464194&sid=3991337719&spot_id=418776&created_at=2024-12-25&timezone=1&ver=7.368.0-b&is_native=1
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
168.119.25.102 Düsseldorf, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.102.25.119.168.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.18.0
access-control-allow-headers
Content-Type
multy
4184fdf4c0.46f884ead3.com/in/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://4184fdf4c0.46f884ead3.com/in/multy
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://poo.phd
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
date
Wed, 25 Dec 2024 05:17:53 GMT
pragma
no-cache
server
nginx/1.20.1
vary
Origin
multy
4184fdf4c0.46f884ead3.com/in/ 		46 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://4184fdf4c0.46f884ead3.com/in/multy
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
98a89131ffe2b37e3e5703e95295ca464d8f955411a01abb96af5e0fbc310163

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
6155
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/json
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
dip
nereserv.com/in/ 		0
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?site=native-push&wl=1&event_id=20fbda53-718b-4f36-b62a-b9ec6bdf1e18&subid=357529620&sid=3997187972&spot_id=418774&created_at=2024-12-25&timezone=1&ver=7.368.0-b&is_native=1
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
168.119.25.102 Düsseldorf, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.102.25.119.168.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.18.0
access-control-allow-headers
Content-Type
multy
4184fdf4c0.46f884ead3.com/in/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://4184fdf4c0.46f884ead3.com/in/multy
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://poo.phd
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
date
Wed, 25 Dec 2024 05:17:53 GMT
pragma
no-cache
server
nginx/1.20.1
vary
Origin
multy
4184fdf4c0.46f884ead3.com/in/ 		57 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://4184fdf4c0.46f884ead3.com/in/multy
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
0e669171fb484fa82177d97a60c894910c0920d902c00141603e09d2ae425f39

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
7982
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/json
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
3d793f3b-2a70-4996-8cc4-0af6d70a4bcf
https://poo.phd/ Frame 		0
0
dip
nereserv.com/in/ 		0
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?event_id=a380126f-2ff1-4984-9576-d602c912b295&subid=500843478&spot_id=503362&created_at=2024-12-25&timezone=1&ver=1.160.1-b
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/4b6c03e13f1d541701802e41ed0a0ff1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
168.119.25.102 Düsseldorf, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.102.25.119.168.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.18.0
access-control-allow-headers
Content-Type
dip
nereserv.com/in/ 		0
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?event_id=a380126f-2ff1-4984-9576-d602c912b295&subid=500843478&spot_id=503362&created_at=2024-12-25&timezone=1&ver=1.160.1-b
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/4b6c03e13f1d541701802e41ed0a0ff1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
168.119.25.102 Düsseldorf, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.102.25.119.168.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.18.0
access-control-allow-headers
Content-Type
/
enrtx.com/get/ 		3 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://enrtx.com/get/
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/4b6c03e13f1d541701802e41ed0a0ff1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:c0:2306::1 Ehingen, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
b0b9d8f1d07dd39744ca03c0861d9b6b97621af4d510eb862441e92bb9fd28fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
3569
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/json
vary
Origin
server
nginx/1.16.0
access-control-allow-headers
Content-Type
SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
static.bookmsg.com/creatives/SG/ 		486 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:b48:8300::24 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.24.0 /
Resource Hash
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=31536000
etag
"6659aceb-1e6"
expires
Thu, 25 Dec 2025 05:17:53 GMT
x-proxy-cache
HIT
accept-ranges
bytes
content-length
486
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/webp
last-modified
Fri, 31 May 2024 10:56:43 GMT
server
nginx/1.24.0
x-cdn-host-id
ds8138
SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
static.bookmsg.com/creatives/SG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:b48:8300::24 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.24.0 /
Resource Hash
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
max-age=31536000
etag
"6659aceb-42a"
expires
Thu, 25 Dec 2025 05:17:53 GMT
x-proxy-cache
HIT
accept-ranges
bytes
content-length
1066
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/webp
last-modified
Fri, 31 May 2024 10:56:43 GMT
server
nginx/1.24.0
x-cdn-host-id
ds8138
/
4184fdf4c0.46f884ead3.com/in/show/ 		0
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4184fdf4c0.46f884ead3.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&refdom=poo.phd&auction_time=1735103873&subid=388464194&sid=3991337719&tcid=0&ver=7.368.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-25&iabcat=IAB25-3&keywords=&user_fp=4691093766822902068&score=37.77537632106199&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fd%252F8a5y84ur5bhz%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fd%252F8a5y84ur5bhz%26idzone%3D0%26sid%3D1886&icons=etUPMG06rg-0lQKlz6IFYQNQuI3E-slsx9KLay1DaQlUvaIZZxTEFwq34ACLK6CIILjWtSQb8CK4B-Njll0h0BoY9bcohx9lKWtoSy2_vFDXwaOIMfccAUOYQX22I_10YmX8sXlMh5T9k_35HQvY1yqB0OmOeUrmcCcZ73Tim-5pvX5tBg&ext_cid=0&px_id=418776&min_cpm=0.045380645439493855&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1892338676429963664&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.010709832388638017&cpm=0&verify_hash=5e9805103174ad25707bcac14b8ff972&is_native=4&real_bid=0.00025027776551705445&original_bid_usd=0.0010604990000000001&original_bid=0.0010604990000000001&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&ip_mismatch=2a00:bd80:a902:0:3a0::1&geo=CH&carrier=-&label_ids=27,4,108,0,114,20&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0010604990000000001&hostname=auc-inpage-hz-13-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Zurich&topics=&historical_keywords=&pop_cpc=0.0000010604990000000002&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0368df4f-d68d-46ec-9c2f-c522e9184e0e&prev_step_diff=473
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
/
4184fdf4c0.46f884ead3.com/in/show/ 		0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4184fdf4c0.46f884ead3.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&refdom=poo.phd&auction_time=1735103873&subid=388464194&sid=3991337719&tcid=0&ver=7.368.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-25&iabcat=IAB25-3&keywords=&user_fp=4691093766822902068&score=37.77537632106199&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fd%252F8a5y84ur5bhz%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=26962&crtid=bf8f399357ea64947978eb68691cfc73&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DF5UexbRAuMcKF9703eG0y8FB0R7AcCg4xxY0_JbI_UPaIUm1VaJcaWTswDZZx6L6HWwk2d4l7w_vlySCziTRYsIyY_yCbQAoT7zHTW-z7CkS_rbIZxXljK29U-qNcOCt3BAAyjHUvvk7mtq36RUy4a51zpfziq23GgvNL9koyeqnF-R3qm0IDM8jb5j3sQGsV4s7r0ufTzaXNNcz9Ie9gPyTyCUEE6zF58o15JFIrvzH6D7Xr9gWPbuHuK9jmZw_3BTT2niF8IB5_k57EEIE_DgmfiH2czcIzXmGmf4sMINSikTjNgFKvz14boSg2q31iFr0tuOZIa57-0AegkmHmbE1mEVhUpjRdGHqTZRc4N2ExYKtLxzNnnzMKrYqIpwxCyhkJ7uyyMHksVv-R1unjAcOBb32MUsJNKPnxsDtiEpkqCQ8ZXvpxCd7ifcL-fAZ4o_ukFdEzdRpgV-SgsWNu1aMK9Q8GbGwVaeDx6v7cBRh19sVSw7csBYjrgKiwVy6QS4kktVzJ52MlExo3G5pXnMbekqMQZYcbPdq3JssD-uTN-TfKZNybYC5pUJ9XqyGB7ogwRR6YwSOic37XOZ0BLkwO8lk7kr42b5wLDlMVmIAma2C--40nQf0VRE4wWCddVdL4mSEB60qSaP9njqA6TdlQYGDbDp2P3rLoTCGY2N7gcqJk9hFMsojGVzhRMPgGiGOt3ZeqWdK9fvLzvGPYVB3U82qtLZ_dqJQFDPPgNqlYqrXybilvlyha2unlmzw_7F8t2mAfNR_-WCKH_8Ic-Q8XRqVZmTjzmI6-sSDPwlv753yh8YK7ODhiuFnoZSsXkjIklWFMNXmIyY4hG9MGY3gAELmnHJvCTOyLHqNkfQvUFnq4xie7kHWOrPj-0NAIKaIs3j8RUBQzGTBQ7fixqhpEm8HiCvP7uXf78uV5ENFzgXKlrPecNcaPVvX5ke4Sr9z6o5tnJdCMj9zznkXT02ITRgMfUv2qTALY_KCMXO8zboZS3O0_0VUCOOSmNErDYZvOD6Sndvd-AWQZ-1yU2_NrHXzynbg2BoAJn4-feIk6zwGo-EX-DdW2Ae7ZPPgwdkDEUj0nps64U3-keOU4xIKp2LHn5iGQmCLCpsA5BwVHGMscvH5OEgUSH6660Xj4liWyvE4jFl07_Mh71N6hZpHNSHT6XZAqBxbNJfby13V9B5Lb_X4rqJ4E4EW5eEA_SBQh99ua7c0wLs9PxCA6CsC07Joeg%26bid%3D0.028645999517411938&icons=RtxGBYSDmmlg__DLyiuYmZAY8uzi8vRIIQJ8S3896nVjDlq2QoD6MeRcyw7y6dDyxakCtj4AGvLTP0QzEqjgbGL6g89Kiq3QmFHLifpqDzSoK1DSarddzJ-ekkOjwwNXB3bQs84p_cL9dvTno7G_OeY9BCv99YcMYc_7dF8BBnhR8mrNSAQMyRwSLNtpJUxqYbt2Zu3xUXcIlOEbkirccygDfMbjuAvspscfu2H_HYdtkC5gQ-EPlzoJ6hN-SMMh8yyUoDCHZDkZKWhVGqvsN-53jxdflVVdoKzo6n6ASxL_iPoODaem8-wmCezo2jqGiU6vHrSo0l5T92UX-rytlvDzzTBdD9lt1QnmrGzqGFqSIv6bTpAh5fARYVrF6jo1qNnPyvMzmSSxsMekVrSbfV3gFJECBH2ZxtljYW8kneOb-lXWcKeE5sdgXWDe1znhseGiR68CS6MUVM_2cMPtSV9hqDQ9_WHl6ssg-IInl_5vfQi4h53y4xA4gdaftiYIYPdGF0tD8W7wLL2G5sdWXJIVZbdpVarP88Mlk4qAsU9s1G6kfWomfD_o007hk7YuQ3aNg3QOikZAsU4zpNhY0SSxyxxxnDawZMigtqAskVZOm2V2DmnliDrY2aowolFzB1VxeWZMHwa4sBQxHwbDTeZNXxwmNJxGLJoRI_Pu0hGe-M_FHknUS_ICaPAIrt27amF7xcbUgJZkhgMVqGVS00-f1Su1vl_mIdI0OV4bg6BH02Vb0SL0gMXr57uLmORUkoPm4rOj9-XI-BprqWbELfHVgxUN9l63wlbly4CjtlGa4oU7QwbGSbMQOrqjdaOri9yR1qhrf5aetvUa5zKPy9ex101PP4mYgldBz1Z-8QB0BsTrNVwRdd5dO0b5eimQkL3b17vnvwE6ZTVgtNDHBj7zt7N9syhIbhg7b-UoggU6TgFoMqhpk3YcWvkjQx1syafWYsjKqbrf5U4r4zwvKkAdw-G9CqfNUBbZUqI21ZEOwpLME5TkGVlilpfzGPZwnU2s0Qmbrbf9KSrSdVDSGWknEBpGfSc0vwk_XaFrzqEqZdjOatONKT3BiM3sfAFBD47MsggX2vCaaOpUK9B2b2L2KviXnnlweRe2pW053zjcYcSci_XpNrgCJox5WmozXB8ophhb26RPduDZRL4c5Xy3_AGLdEOTk74jwe6tBhTsr2Qfu6-YJ_fEkqkHc6EYamUb43rwNh4fEb1Z42dB8aNCydKiVsBvyR0fMT0MMBbXYNIz8iMRSeiq-2r_aLUA3QSffUAFbT45vpw2eExOo2-ZiULPQriiko3zkrwzK5wsSNZhMBcHKA9hOuCxI0bzRkiw-NaK0ESlG-dfK07og8e6eRH48uXlKRUhOk9FDN0mN5itTP-UdUcHkV2ZjDbdcGbkmgPijjQiwLUAwSOsewJPFGrTJl0uUbVVgL4&ext_cid=333464&px_id=73418776&min_cpm=0.003137165858640403&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=12b02a2cba7ec2a5407add9f7c4eedea777cad15fdd57b2bfb9e0e73c694fd6c&mid=1892338676429963664&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.029886213188828642&cpm=0.028645999517411938&verify_hash=0cb31b691b06d98f19589d1d5c818fea&is_native=1&real_bid=0.027835318094411313&original_bid_usd=0.03075662529455141&original_bid=0.03075662529455141&show_type=0&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&ip_mismatch=2a00:bd80:a902:0:3a0::1&geo=CH&carrier=-&label_ids=90,5,55,98,70,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1735276673&image_url=https%3A%2F%2Fgfxdn.pics%2Fm%2Fp%2F0%2F799%2F799756%2Fconversions%2FYlIyOutd-in-page-ad-images.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-13-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Zurich&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=333464&is_webview=0&client_price=0.006996240091323863&direct_client_price=0&priority=0&client_payment_model=cpc&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=6384167d-e5e4-4c9f-a26a-499cca8b8d4d&prev_step_diff=473
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
sY5j4nFp-in-page-ad-icons.jpg
gfxdn.pics/m/p/0/799/799755/conversions/ Frame 85E5
Redirect Chain
  • https://p.a64x.com/in/tip_shows/?katds_ep=mnDzUKRI8aV0z83gMEm3Oyi347fwvc6Rw_RgVHkvcrG0wgSIYkFfpBraXomknZshhKJ4GuSWhF7t5tlmxBfZ-Tk9SGPevSPfhPKHOeopXqZj-gjOF5Y5_ZxebIzgTfz7jLHYSdH9dJIqTk5_6P5zxaIVBhi...
  • https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
Protocol
H2
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
1ab52167b452d86a8ff636b10d5b84bf39154ae713949d161b302bb00dc7a69f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id
0f2ff8504b538b111e92da50edc79d39
cache-control
no-cache, no-store, must-revalidate
etag
"66a1bb39-5fb"
pragma
no-cache, no-cache
expires
0
x-proxy-cache
MISS, HIT
accept-ranges
bytes
content-length
1531
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/jpeg
last-modified
Thu, 25 Jul 2024 02:40:57 GMT
server
nginx

Redirect headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location
https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKK2swmc%2B7VpCfy81BKbtS3ZgMEG3JRxXslCO9NeUOj9MGoJps0MJSHJbQ%2Fw0KYjDw8G87cwZXoN8qpXZWtQAj6nbjum6cmKPZiaTwfMWfo7128VpFQHw%2FTka4yL"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765e096a46bc4d-ZRH
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=14670&min_rtt=14269&rtt_var=3602&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4128&recv_bytes=6303&delivery_rate=37034&cwnd=12000&unsent_bytes=0&cid=8f6966e5925c4e25&ts=43&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/json
server
cloudflare
priority
u=1,i
YlIyOutd-in-page-ad-images.jpg
gfxdn.pics/m/p/0/799/799756/conversions/ Frame 85E5 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gfxdn.pics/m/p/0/799/799756/conversions/YlIyOutd-in-page-ad-images.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
14a070fd10fa3cada36a6037f9925c789311b51510f167eb373b7aeb05912d68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id
3cdb9d010320591e79ecc9e9719dda02
cache-control
no-cache, no-store, must-revalidate
etag
"66a1bb3d-10cf"
pragma
no-cache, no-cache
expires
0
x-proxy-cache
HIT, HIT
accept-ranges
bytes
content-length
4303
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/jpeg
last-modified
Thu, 25 Jul 2024 02:41:01 GMT
server
nginx
YlIyOutd-in-page-ad-images.jpg
gfxdn.pics/m/p/0/799/799756/conversions/ Frame BA89 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gfxdn.pics/m/p/0/799/799756/conversions/YlIyOutd-in-page-ad-images.jpg
Requested by
Host: 1d36243653.ef1dd1776c.com
URL: https://1d36243653.ef1dd1776c.com/205973d52425114ceaed52c8220c4047.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
14a070fd10fa3cada36a6037f9925c789311b51510f167eb373b7aeb05912d68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id
3cdb9d010320591e79ecc9e9719dda02
cache-control
no-cache, no-store, must-revalidate
etag
"66a1bb3d-10cf"
pragma
no-cache, no-cache
expires
0
x-proxy-cache
HIT, HIT
accept-ranges
bytes
content-length
4303
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/jpeg
last-modified
Thu, 25 Jul 2024 02:41:01 GMT
server
nginx
/
4184fdf4c0.46f884ead3.com/in/show/ 		0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4184fdf4c0.46f884ead3.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&refdom=poo.phd&auction_time=1735103873&subid=357529620&sid=3997187972&tcid=0&ver=7.368.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-25&iabcat=IAB25-3&keywords=&user_fp=4691093766822902068&score=37.708150929359284&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fd%252F8a5y84ur5bhz%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fclickmint3.online%2Fb2%2Fl%2Fc%2Fredir%3Fasid%3D3264892527uvbIeTIt%26cid%3D10%26did%3DQGtXS3U%26eid%3D13321%26n%3D2d04bb92ae4a797dfd6bd89c%26nid%3D10006%26sid%3DN6dZBYJ0LBF%252BcjnsVyuAJCm6ExjX4CXXqIFky8zCp5kClO8jH%252FPJpU5eP2XnrkKvGTrvFaosARzCqd8GXLwjDz8uJGYjlN9QodbUFvTzQbQd0GyCeKl4wOouJ%252BRd%252BBtBRd9YMLAadEFNNmoKrDQbRXUZij2Y4VRrZe4%252BTMWvcBD1m50U3CxgLIP7gmSwVNMOL1UPaC6pIW%252FW%252F8nM6LPqOdkwXksWBbeV%252BVHAceuFOAnkmaflJgYB40YEIpYWPLfPDRLq8niAYwzJ%252BqZPbckVhQOPr7sO6AlD%252FcCLqKUoODFfhapL9Ug6PMk2%252BxWFVxTB%252FmJK4ofm%252ByNb24H4WzWrp22YQC4YcGWOShAarQE8%252BT0CjvVB9N2jy0eqGMGH2zMk3wPDS6lOGofN4ZgV2O0icmx4m3BGCNUV7O0FQwI268gosi%252FPh9Zju71V1pWpGMkaQA8GvvszTrzbzHbZEDGZ%252F95w8rXaadyt1rKAtFhbnPlzmcBGJmOw6cXifOQvD%252BVogS7XlPjFPOOLy%252BQWKnmEfeYemivfeXah0dTRas6UDGnz8jYwOW1JXlaMkGFDJ05ySrOvCzQxqAbxa8fzP3e455EYB9WP6qLPClxcDlt7Q7k62FYwR6AVeyL1Kh7ypkYMCcxsEcCjyMET8R7FD4yIMvpPgPE3AnMVjLZBLLdyrGfbfvyOV%252BPxVdIj4rU1mCeJhENPJK6zp6woAxan5nYw7tpKQsTeyFFtZ%252FY%252FKmvNRYprLKwFePEXvVHqrZ2mKFqrrTlJqOeWFInfHUm3760cney7ytzOcq4ot7Z%252BgAKpvuQ1fmLrq0NVR2NBZK7LCjvzUfX9djhNKjNpKYW9zqayPGJcwRRySOyZknyLQfNItYxTLCFR6t4kvux1PPUErD1WVB4U6s6GRYcLQVbjWCfkUjxBzxm1C8BePRbRbL2zFD1tmwDbgKnrJbs2zXDWB98F%252BwvplPTLfd%252F%252F1jiQ%252F0Sf7Ez%252FLMRO9TFhtNnyqmPeDyp8L3swUvYkstV1NcIjwE1DLy33ccQ1PMZX4OF1GX%252B8jndkW95IS1%252BCGUiQuY1jR7Aqs7ITaARTq2s4RNTsVm6bKyDnSuiKfxA57fMMyztND8OqNEzI0xtdPOPTXyTEY410v4yuJzoiWJ6JyLN7uKE1uv8BnKfmCtB9nEsAhEaYyZz5ehVTW9RS8aiEzcmqfZcUDvYR1NTxzoZN9SWcFoeO3J3OlLo%252F%252BA%252FGMtw6G7kAkkucnzYLPW5%252FBGzACpXuq2W%252BHZSWVAnUayAAyUP66AuKNjtIPpYgxxZsvGFk8pbABzEm15wvMbrF%252BM3PDHwoJfNGeH8Lhl%252FlCGReyTWNfwbIK8NKYwbsYouIXWuQnFoO1A5GeH%252BvSU8eetGoWLQ2hzjPNMXKDWDyN628ALE2ks36gGNXZuPdNhEbY0k685g5EKv9dQI%252BgIsimAdxwojrWXdaHu73Xpv1KQc3uBmBkscwBonNERI5lGPjLHtutCzKUk1%252BcGzeu4FrDAPYLBvhgYzdLOURVL4YG8%252BKFBsmJ6crfbvzpz5BjP7VazHuPjuq2tKdMylOGFaDej9J3aq9il3w4qdrZPVNX%252Fm1bhuFEyTUWx86JBJZU%252B80KmXCC1cbONWQUcOeQAG%252Bgcd%252BVJLCRhVWpzfhw5JQMc52%26ssid%3D3264892527uvbIeTIt%26ts%3D1735103873%26ttl%3D3600%26v%3Dv5.14.3.1&icons=7JcubZas80BTCfABbohNGsBcMIG__P8CsLe_Iau6cfVkm0NQGcbl8qz-JtaZKVExt1Q28QbLXAukP57J0r-dF-2RZnW2iVoFbY5q7JoEwJebEu8WgW-Da426bYerekCLAq9rvJhBUGMlODcYikUa7DQepbEl_FZI9S8Wuk-E-QpITZJcNQ&ext_cid=0&pop_price=0.0006448&pop_ecpm=0.015666931908870228&px_id=707404&min_cpm=0.03155052894533725&out_id=1&campaign_type=lq-pop-ext&aid=3424&cid=13130&uniq=&mid=5985860091794904965&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.5266081481933573&cpm=0&verify_hash=36d964df6eede7fe5dc08db24c4fffb3&is_native=3&real_bid=0.0005266081481933573&pop_real_cpm=0.0006448&pop_real_bid=0.0005266081481933573&original_bid_usd=0.0006448&original_bid=0.0006448&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&ip_mismatch=2a00:bd80:a902:0:3a0::1&geo=CH&carrier=-&label_ids=81,11,4,20,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0006448&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Zurich&topics=&historical_keywords=&pop_cpc=0.0006448&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=571e0cc2-4b75-4554-9f43-068d2f054278&prev_step_diff=509
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
/
4184fdf4c0.46f884ead3.com/in/show/ 		0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4184fdf4c0.46f884ead3.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&refdom=poo.phd&auction_time=1735103873&subid=357529620&sid=3997187972&tcid=0&ver=7.368.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-25&iabcat=IAB25-3&keywords=&user_fp=4691093766822902068&score=37.708150929359284&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fd%252F8a5y84ur5bhz%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=26962&crtid=bf8f399357ea64947978eb68691cfc73&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DVI5Io-eqARCfWes1BrpTKFdGn7a_cTf8jFboleHT64GrQyxZiZNgZZ9hqPXpRYoRH6xz6eRyZtU19n1yoeJ_iDxqXvxN6jUcU7TckRV_A5eGfK7aDt_xKReyQj6xXjdEE0cTV5CddbICIUvFZ4qPuh8IOlfH6C2Jea_mwGP5MAE8wtP7aJZOcBss5bdGSeRhDNygbXk1Tdy4Z-jlfeGHO0M8tKUGhhZp1WDQK8qU7P7T2DpW1bf-ZP-isUBk_WvHunFUykiSs5BBm2PyxKMyqaXBJkci6IKLlnzHMljjFzcX_xWXdSCArFeCXKqwqBAZesEmSDiQomFJrEMHUV_bMrHjaSIrqS5Rwj6sbDP8i4Auv8WzEgmu06RjIGMDiM9WHEfCsPWAanz2niAj1qVh1mIsUZSdtpGrzGu15VYtIReIkd2gRHHKGKuygRHzpi6TGi_VqzyKfvmRLKTY0esT6RAHasmBLdZYK6qpr9moKSEAmcB3PtZF-lVWMYGjwu2lFM70OIZiwYvQXoFO4sVaXQqjJXwsoCk17z15OWVq_-PUR2WWPbqkLBQL6X-wbWmRak7MJiBWUvsSbyEl4scSSuJiIGVVwC8Zgp1yE6hvymHGtkZjgWvSxdY2csldGW5KebkIq8s6_72GNasiUxpLQZxTuxAq_iP2qzhO1MmhmaZE98v6K0w0hlyIf8e9NhnqFsOvnqjnJouWJ2Jh37g4rWfc88zRT2krWt1SFxZuXN7PQHY3MgAn7e2yL77GfK8wzgK_io5LM834yZnugGfwwsFNic20_9TeMLwX1uKkiNaxbPhPXbO_NmmL_A72SI0TIJE746qHDbmcG7Mmynr6b6CmtVpeKMI8PVfAAu3EAvY2knfi_o48pC9W74pDDN36pwvty55Iqbhl7H6jqQ7zrLmNuGYW8Gm32v3QN8OSCgX7qSOh2yl-nY1AKmBoGBREpqwzVWvpUQglNlRIlNy45dz9fGu7D85Kdw2DRpb1RrG_JBeOTUAHd2wCZ1zaAC92dbC7KQmhfcei-KCiNBuP9VgBehTrhECpxd3dlK2L4m8FyXRXTP2Nx6FV9vx2LrJAZGdeyqcC4WB90KotxVno6sPwkjo8Em2eO_oIR34iOZcdO0oyujnyrOhMhTV_iDwhyqIzklqY4kgYfcsyBRQivMeC-_6KpLNAAK3y3KsfF5G3tNZ3Ls7TViMfFxaQ3dI5CrlkWqtYOBYnh3rmWA8gFGiJ5XXJYS7Wvh7vAAZd%26bid%3D0.0072&icons=H70TfO8Vq-rEk-2D7PbF7GYC71wEoR6L8PSGprzXAbgJjLaYfPIDQGfV-ayUvK6UfuWDV8FAeHqqimkkEKQ1PoCJQcl7MLg1yRpzqLgRhEXSSle8f0XnrkMRWAnWChSlTyBH1LKzv78yNkU9kQ5upOJkup9AiRJ8BB_U_W4N1PL6M_BNxIr62YB1b8E8qJgg5npQ0apY61NaJHHGTCRN4qKYtqpthh6mfPCTSl3PBvowm9AuoseVkOrZxr_YobXIMziqOM7EHTXsCbTyzUuc3bbLTJHJ-ItPInMLk48g_QoPl1JWWGap8bC448-11-GfJwmoF6rmVLqtmkUl87sDyzU_yGBvk9cjjEIvKGAkemk2UMAImpS64Gyw8ir_dbGTe5u6kn3S5hKRogBSxZfq2jtQhoFkdD0OsjvWOa0woniQDyK_K4g5D5DaYaXEyHGpOOV-GqV9e6HZK9S_3KGPbzR9GEDiqoSUGi8hRLo6p7U8l1GoRLbJfEJJgSjr7WBUKgTGbc5wWB61hb4GdqezNe2-qMNHPZOvBi3HH8jMUK3u828mBzx3OtwxvxY7LEWzFMKg5mk_4VZaE7P2nmebSGF5KgcTOJTZQtOdUFJzKjrAb0vgctKfVZ34-SMgY2eBNJVeM8X8ZV_02CEijx6h5pkgai-qr0CbukdZC6n7FyVMhc7RXmf5pcnKUjYJQBKTeKqjANN_LTVPK31DdX-7qIogvDBmrzHVBFpl9ume-XeCR-S_r1wDAC1tw-9XayhHDJbus-AM-TnwkWaOxhw3txv7719aw3aBUCvt2yX0F_CLPz9ehfSWzXHCYAw4uXI-TDMVn3vYrrqlEoS1K7tRll9ZBYMZP_BI9bskxCzQlQW5Wp01pRWfSzD1Pq57jZKq8zr_i9D2CfqXtHI9pTHgzD9yvTJABw2p0GSurASOs_y5QPqQWidXoI6xuaZCgQ7HJOArhvdKWEjsR7AVMcJQjaja9TnZ27oP7CvP0L4K1Zs1I0OYMQcE5UKU49vbjiLLHjl--UxQ0UhaRvQZAd8A4PAOeyal05b2xGzN3tFzS5P8a_hivQvpcKzPPUTNd8Uqfih8sc0uj1OF1_MHu6bh5RKVulB0ImtU32s5tct4l0HD_ExgTSKZtfr-17wexE9iKKpR2zJv32Ya2hpe3LuG2bznEvAkTovPV7R8bSOR0WAfyeJ8CyvBeH1Zt5DMJZM8vYCEy8Ad3Ujtfw2tn3itx6p1EbPl3ROLsrSTbp8dY1an5f3C-GoLa96I9me0E7bcEVvELl6xguue8CeGBBN5o42zDZvHTLkNeIBI1x1rnAy9vdCbVaUfBfyhhB5lNiE2ggt5lkIBJIjlKdDxdVG8r3FQ5OfZE7J5X1WW1OBPa5Bh8gCF57Zc_tS61cCoq2NfsUz26r7YlRJhUPx223KWeeI62_Bjvpf_9A&ext_cid=333464&px_id=73418774&min_cpm=0.0075265157405420184&out_id=0&campaign_type=hq&aid=127&cid=12697&uniq=12b02a2cba7ec2a5407add9f7c4eedea777cad15fdd57b2bfb9e0e73c694fd6c&mid=5985860091794904965&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.043981295328518334&cpm=0&verify_hash=16ee038079e410bd994f3f5ea5a0e500&is_native=1&real_bid=0.006197040081024192&original_bid_usd=0.0072&original_bid=0.0072&show_type=0&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&ip_mismatch=2a00:bd80:a902:0:3a0::1&geo=CH&carrier=-&label_ids=148,98,4,90,5,55,70,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1735276673&image_url=https%3A%2F%2Fgfxdn.pics%2Fm%2Fp%2F0%2F799%2F799756%2Fconversions%2FYlIyOutd-in-page-ad-images.jpg&site=native-push-adult&price=0.0072&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Zurich&topics=&historical_keywords=&pop_cpc=0.000007199999999999999&ext_campaign_id_str=333464&is_webview=0&client_price=0.006197040081024192&direct_client_price=0&priority=0&client_payment_model=cpc&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=96f4a963-00f1-4794-bb52-1d224dce67fa&prev_step_diff=509
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Wed, 25 Dec 2024 05:17:53 GMT
vary
Origin
server
nginx/1.20.1
access-control-allow-headers
Content-Type
sY5j4nFp-in-page-ad-icons.jpg
gfxdn.pics/m/p/0/799/799755/conversions/ Frame BA89
Redirect Chain
  • https://p.a64x.com/in/tip_shows/?katds_ep=8pOJ8aorcYnGAY9E0HVIpCEWeChwCxxsTPsh_c41ytnf2oM3APIOQFlOncf54owHreEMzOkrpqZgFNKpEYqLMZ48c_pvpiSoclra_FTEAYHyZ8O34wwexFE_rji-YC4F-J9jmDUmvGZ17WvjRb6tTVu1ixx...
  • https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
Protocol
H2
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
1ab52167b452d86a8ff636b10d5b84bf39154ae713949d161b302bb00dc7a69f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id
0f2ff8504b538b111e92da50edc79d39
cache-control
no-cache, no-store, must-revalidate
etag
"66a1bb39-5fb"
pragma
no-cache, no-cache
expires
0
x-proxy-cache
MISS, HIT
accept-ranges
bytes
content-length
1531
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
image/jpeg
last-modified
Thu, 25 Jul 2024 02:40:57 GMT
server
nginx

Redirect headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location
https://gfxdn.pics/m/p/0/799/799755/conversions/sY5j4nFp-in-page-ad-icons.jpg
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2xbx1CeGSWDovi3wbJUvnPq7ymPBhf3im%2B8IzWW9%2FbZpzT%2B7oNiCSxElNENl1vvYcZ4ZjcddoAsYRrQk0bNGup55YVtUKQNdfC2ROYqIGvqVGDe%2FZoZGgNKgXEv"}],"group":"cf-nel","max_age":604800}
cf-ray
8f765e097a55bc4d-ZRH
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=14670&min_rtt=14269&rtt_var=3602&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4840&recv_bytes=6303&delivery_rate=37034&cwnd=12000&unsent_bytes=0&cid=8f6966e5925c4e25&ts=47&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 25 Dec 2024 05:17:53 GMT
content-type
application/json
server
cloudflare
priority
u=3,i
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RRBBHD087X&gtm=45je4cc1v9167878827za200&_p=1735103871822&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1995777293.1735103872&ul=de-ch&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1735103871&sct=1&seg=0&dl=https%3A%2F%2Fpoo.phd%2Fd%2F8a5y84ur5bhz&dt=ngewe%20pulang%20sekolah%20-%20.mp4%20-%20PoopHD%20-%20PoopHD&en=scroll&epn.percent_scrolled=90&_et=2&tfd=5729
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poo.phd/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://poo.phd
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 05:17:56 GMT
content-type
text/plain
server
Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
accounts.google.com
URL
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP9-lBk-kAFGyonhHo-KmitT3Mxndwfq6s2VJcZHnFDueJbYzWcXdXSJe0DYSm3L_q0YxIIrH&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-166673758%3A1735103873091746&ddm=1
Domain
poo.phd
URL
blob:https://poo.phd/3d793f3b-2a70-4996-8cc4-0af6d70a4bcf

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| _0x3109 function| _0xa9d9 function| _0x4b01d3 function| _0xeb07 string| iframeId object| iframeSources function| getRandomElement function| setRandomIframeSource function| _0xd607 function| gtag object| dataLayer object| __cfBeacon object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| __adFormats object| __formatsGetters object| _admSptsInVw object| AdManager object| a3klsam object| activesInpages function| __fp-init object| __inpageSkins

5 Cookies

Domain/Path Name / Value
.poo.phd/ Name: _ga
Value: GA1.1.1995777293.1735103872
.poo.phd/ Name: _ga_RRBBHD087X
Value: GS1.1.1735103871.1.0.1735103871.0.0.0
fp.metricswpsh.com/ Name: id
Value: 5196924552626771095
qt.draftedorgany.com/ Name: GL_UI4
Value: eJw9jUFugzAURCFgkrSB9kscoEcIBISyrLrpInewPvhD3Bg7sh3S3r5upXY3b%2FQ0E0XRqnyCeMm2kNywhRc6NgN1zYhVRV0%2FtlUtmkNfd%2B2%2BPiK2ArbScY%2B9Ip%2FCxs1oPfdLCruJNFk58MEIyuE5WH%2FNRZu7ToH1FrXIgc3BUDmse2vujmyZQKpxJijeCYUi597O1gRmM34YC0l1qEKWOuR4DyvjyqR4AHaS%2BvZZ7LKoKLIIHq8K%2FWjszKUIyCaLgiB%2Bhc2AniZjv2AtyF28uQIYJfi%2F%2F%2FvN1M8aZIIWOQQ0%2Fkz2G8ivUcQ%3D
uk.pivotsforints.com/ Name: GL_UI4
Value: eJw9jUFugzAURCFgkrSB9kscoEcIBISyrLrpInewPvhD3Bg7sh3S3r5upXY3b%2FQ0E0XRqnyCeMm2kNywhRc6NgN1zYhVRV0%2FtlUtmkNfd%2B2%2BPiK2ArbScY%2B9Ip%2FCxs1oPfdLCruJNFk58MEIyuE5WH%2FNRZu7ToH1FrXIgc3BUDmse2vujmyZQKpxJijeCYUi597O1gRmM34YC0l1qEKWOuR4DyvjyqR4AHaS%2BvZZ7LKoKLIIHq8K%2FWjszKUIyCaLgiB%2Bhc2AniZjv2AtyF28uQIYJfi%2F%2F%2FvN1M8aZIIWOQQ0%2Fkz2G8ivUcQ%3D

1 Console Messages

Source Level URL
Text
rendering warning URL: https://poo.phd/d/8a5y84ur5bhz
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0201C1F34160000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

054cb3b003.1699bc140d.com
1d36243653.ef1dd1776c.com
4184fdf4c0.46f884ead3.com
accounts.google.com
ax4.poopstream.co
berlagu.com
doood.cc
dx4.poopstream.co
enrtx.com
fonts.googleapis.com
fonts.gstatic.com
fp.metricswpsh.com
gfxdn.pics
nereserv.com
p.a64x.com
poo.phd
poop.skin
poophd.com
region1.google-analytics.com
static.bookmsg.com
static.cloudflareinsights.com
storage.multstorage.com
www.googletagmanager.com
accounts.google.com
poo.phd
104.21.16.1
104.21.80.1
142.250.186.131
157.90.84.242
168.119.25.102
172.67.132.168
172.67.174.51
172.67.185.171
188.114.96.3
2001:4860:4802:34::36
2606:4700:3035::ac43:a8ce
2606:4700:3037::ac43:c87b
2606:4700::6810:5049
2a00:1450:4001:813::200a
2a00:1450:4001:82a::2008
2a01:4f8:1060:13eb::2
2a01:4f8:c0:2306::1
2a02:b48:8300::24
45.133.44.25
45.133.44.52
45.133.44.53
0e669171fb484fa82177d97a60c894910c0920d902c00141603e09d2ae425f39
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
14a070fd10fa3cada36a6037f9925c789311b51510f167eb373b7aeb05912d68
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f
1ab52167b452d86a8ff636b10d5b84bf39154ae713949d161b302bb00dc7a69f
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
2a4ba0bfd05a144b759af1564fae807d80463489344ed2cf2d0f7fb5635e967a
4ca2d870794ea0d5902ed97a4c515f4462b63555a5d4e8a2ccca6e1011dfe4db
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
6f247d24254bc663a4b64c21b7a263c62d4d904df200566e7466902db93cc428
78c30b418896961856ee26e09ac3990b9e790852ad1333a0d30e8ede9f771a6f
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
98a89131ffe2b37e3e5703e95295ca464d8f955411a01abb96af5e0fbc310163
b0b9d8f1d07dd39744ca03c0861d9b6b97621af4d510eb862441e92bb9fd28fa
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
b73b4d6ee085c82805409b10f086d55daeb91acbe912c72e17ff698939909409
bea8fabcda4b37249724a35b7985d5e011e479154596508ef01c6bd21950a601
c2c5ee2d342788e2999ad4d3f7e34393e8e21b6ebf1b97f01c6582e5dbaa09c8
c3482415177813410f604787dd9f27ba54bea4f4eca78f83cc2afaebd7b56392
c7181d6a62501f72fa7ede9ddc24a309b6b06afd67e4996cec5253768f8a1b94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4458185d2dea4139a703f057349fa501847b1c44d6c18409b06d57883a996eb
ee760b58bd5840ef70071acf5e8080ff553ccb2de01326e1115eae4329d5c574
f8424609afcdb42d56d4cb1c9582fe2349bd8bb70cb9647b5782b49a27b41207
fcd9509964217e1ba683bc388c77503b97517a7c700b446544206d3b8d840c64