poop.kim Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://doodx.pro/e/yaNS0RsXR3u
Effective URL:
https://poop.kim/e/yaNS0RsXR3u
Submission: On January 16 via manual (January 16th 2024, 4:28:46 pm UTC) from MY — Scanned from DE

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 22 domains to perform 43 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is poop.kim.
TLS certificate: Issued by E1 on January 10th 2024. Valid for: 3 months.

This is the only time poop.kim was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::ac43:abf6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
6	45.133.44.53 45.133.44.53	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e0:... 2606:4700:e0::ac40:610e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.90.84.242 157.90.84.242	24940 (HETZNER-AS) (HETZNER-AS)
2 3	2a00:1450:401... 2a00:1450:4013:c06::54	15169 (GOOGLE) (GOOGLE)
8	2a01:4f8:c0:2... 2a01:4f8:c0:2343::2	24940 (HETZNER-AS) (HETZNER-AS)
2	167.235.163.216 167.235.163.216	24940 (HETZNER-AS) (HETZNER-AS)
1	2a01:4f8:c0:2... 2a01:4f8:c0:2306::1	24940 (HETZNER-AS) (HETZNER-AS)
5	45.133.44.24 45.133.44.24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 1	2a00:1d26:877... 2a00:1d26:8771::12	49544 (I3DNET) (I3DNET)
2	5.200.15.240 5.200.15.240	49544 (I3DNET) (I3DNET)
1 1	2606:4700:303... 2606:4700:3030::6815:1352	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.197.244 139.45.197.244	9002 (RETN-AS) (RETN-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
43	16

1 2606:4700:3037::ac43:abf6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

doodx.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

poop.kim	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yu2be.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrolagu.cam	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

499ad88d2d.03eea1b6dd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
87442aa6f2.d473c08307.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e0::ac40:610e (United States)

ASN13335 (CLOUDFLARENET, US)

storage.multstorage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.84.242 (Berlin, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.84.90.157.clients.your-server.de

fp.metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4013:c06::54 (Groningen, Netherlands) 2 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a01:4f8:c0:2343::2 (Ehingen, Germany)

ASN24940 (HETZNER-AS, DE)

276fbbc3fa.b5cecad47f.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.235.163.216 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.216.163.235.167.clients.your-server.de

nereserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:c0:2306::1 (Ehingen, Germany)

ASN24940 (HETZNER-AS, DE)

mcpuwpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.133.44.24 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imdn.pics	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1d26:8771::12 (Atlanta, United States) 1 redirects

ASN49544 (I3DNET, NL)

us.superfasti.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.200.15.240 (Rotterdam, Netherlands)

ASN49544 (I3DNET, NL)

cdn.stgcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:1352 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.a64x.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.244 (United Kingdom)

ASN9002 (RETN-AS, GB)

mordoops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	b5cecad47f.com 276fbbc3fa.b5cecad47f.com	16 KB
5	03eea1b6dd.com 499ad88d2d.03eea1b6dd.com	221 KB
4	yu2be.com yu2be.com — Cisco Umbrella Rank: 128229	21 KB
3	mordoops.com mordoops.com — Cisco Umbrella Rank: 130710	31 KB
3	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 38343	3 KB
3	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 23	2 KB
2	imdn.pics imdn.pics — Cisco Umbrella Rank: 25058	25 KB
2	stgcdn.com cdn.stgcdn.com — Cisco Umbrella Rank: 24964	81 KB
2	nereserv.com nereserv.com — Cisco Umbrella Rank: 35934	401 B
2	metricswpsh.com fp.metricswpsh.com — Cisco Umbrella Rank: 37830	427 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11663	540 B
1	metrolagu.cam metrolagu.cam	627 B
1	a64x.com 1 redirects p.a64x.com — Cisco Umbrella Rank: 28421	496 B
1	superfasti.co 1 redirects us.superfasti.co — Cisco Umbrella Rank: 19097	108 B
1	mcpuwpsh.com mcpuwpsh.com — Cisco Umbrella Rank: 58611	4 KB
1	d473c08307.com 87442aa6f2.d473c08307.com	207 B
1	multstorage.com storage.multstorage.com — Cisco Umbrella Rank: 32053	904 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2029	249 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	92 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	28 KB
1	poop.kim poop.kim	4 KB
1	doodx.pro 1 redirects doodx.pro — Cisco Umbrella Rank: 175216	668 B
43	22

	Domain	Requested by
8	276fbbc3fa.b5cecad47f.com	499ad88d2d.03eea1b6dd.com poop.kim
5	499ad88d2d.03eea1b6dd.com	poop.kim 499ad88d2d.03eea1b6dd.com
4	yu2be.com	poop.kim yu2be.com
3	mordoops.com	yu2be.com mordoops.com
3	static.bookmsg.com	poop.kim
3	accounts.google.com	2 redirects poop.kim
2	imdn.pics	poop.kim
2	cdn.stgcdn.com	poop.kim
2	nereserv.com	499ad88d2d.03eea1b6dd.com
2	fp.metricswpsh.com	499ad88d2d.03eea1b6dd.com
1	my.rtmark.net	mordoops.com
1	metrolagu.cam	yu2be.com
1	p.a64x.com	1 redirects
1	us.superfasti.co	1 redirects
1	mcpuwpsh.com	499ad88d2d.03eea1b6dd.com
1	87442aa6f2.d473c08307.com	499ad88d2d.03eea1b6dd.com
1	storage.multstorage.com	499ad88d2d.03eea1b6dd.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	poop.kim
1	cdnjs.cloudflare.com	poop.kim
1	poop.kim
1	doodx.pro	1 redirects
43	22

This site contains no links.

Subject Issuer	Validity	Valid
poop.kim E1	`2024-01-10` - `2024-04-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
yu2be.com E1	`2023-12-17` - `2024-03-16`	3 months	crt.sh
499ad88d2d.03eea1b6dd.com R3	`2024-01-13` - `2024-04-12`	3 months	crt.sh
multstorage.com GTS CA 1P5	`2023-11-20` - `2024-02-18`	3 months	crt.sh
87442aa6f2.d473c08307.com R3	`2024-01-13` - `2024-04-12`	3 months	crt.sh
notification.tubecup.net R3	`2024-01-03` - `2024-04-02`	3 months	crt.sh
b5cecad47f.com R3	`2024-01-12` - `2024-04-11`	3 months	crt.sh
puwpush.com R3	`2023-12-14` - `2024-03-13`	3 months	crt.sh
static.bookmsg.com R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
*.stgcdn.com R3	`2024-01-03` - `2024-04-02`	3 months	crt.sh
imdn.pics R3	`2024-01-12` - `2024-04-11`	3 months	crt.sh
mordoops.com R3	`2023-11-20` - `2024-02-18`	3 months	crt.sh
metrolagu.cam GTS CA 1P5	`2023-12-17` - `2024-03-16`	3 months	crt.sh
rtmark.net R3	`2023-12-23` - `2024-03-22`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://poop.kim/e/yaNS0RsXR3u
Frame ID: 1A22F8AD8C54ED4EAE7E6DB97166FCB9
Requests: 25 HTTP requests in this frame

Frame: https://yu2be.com/video?q=happy+asmara
Frame ID: E354A90667C402BEA866DD2000066B10
Requests: 8 HTTP requests in this frame

Frame: https://storage.multstorage.com/log/count.html
Frame ID: 91B53E4AF998D71BB2720B187DEC2382
Requests: 1 HTTP requests in this frame

Frame: https://cdn.stgcdn.com/3d85e9042642511254da6f6099894ae7.jpg
Frame ID: 51E06453A98DFC5CDFB90307B468E68C
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6A425794055BDADB2F77D1320F681436
Requests: 3 HTTP requests in this frame

Frame: https://metrolagu.cam/watch?v=jQWuyE5jdgI
Frame ID: DF37F29E43D65F542B90435167DF007A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ANAKNYA YANG MASIH DI B4W4H UMUR.mp4 - PoopHD

Page URL History Show full URLs

http://doodx.pro/e/yaNS0RsXR3u HTTP 301
https://poop.kim/e/yaNS0RsXR3u Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

88 %
HTTPS

61 %
IPv6

22
Domains

22
Subdomains

16
IPs

4
Countries

528 kB
Transfer

1543 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://doodx.pro/e/yaNS0RsXR3u HTTP 301
https://poop.kim/e/yaNS0RsXR3u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0el88ugiQALkcOw845vFWyhUMnIdInmv5E5BwW-5ktsMmF-rl6zLXOHPQpCnZwvvko-NU5 HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2LkY8lhH5yxQ_t447aSaSkfAdiHDS3GtyqnG3oVTkmZYZHdZ5-mGO_AnQwzncABwVucw-Y&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-653529815%3A1705422524131432&theme=glif

Request Chain 26

https://us.superfasti.co/nty/metrics/save.img?event=impressions&bid-id=v2-1705422524273-7-12342-1312492-3e1ba013-f64d-ea0b-1987-24236ce9ce73&img=https%3A%2F%2Fcdn.stgcdn.com%2F3d85e9042642511254da6f6099894ae7.jpg&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=1c14b749-8387-40bf-b998-25195e6e76a1&prev_step_diff=593 HTTP 302
https://cdn.stgcdn.com/3d85e9042642511254da6f6099894ae7.jpg

Request Chain 33

https://p.a64x.com/in/tip_shows/?katds_ep=MGeupB4aP_blOFL-U2jA8JHUMWCFXYJXo87vd7-jDM0CS5oWTqX8LHwlmOUULyKwLT4LN14Gp0KaMRxVACSSSnDeTUYVf0I_PXi9NRHes3DHH9WxcJ8A1EThrctuGYsqcuFGF_X0ksrRnGcB8skqAlNuXKUMGrsos8EobRkC2VCBeBcutHElsgquP5ax3z4YN4IZb_j6TY9YuTXlEWIqs2M6zqyRdHmNmvgbT0leC5lF9eEl2mCdoTMVXWxfIipgkRCP-K1DoOlwYZej5Qrpwq6auyh7QU09V1Ahv974enpZDpRXzglXZZrM7VyfPM18cDd4ndb9vsDe1lGbs6P2hfdd1Cy7OXejjUUCb7j8Z89wxaxqgCaT4vZZSWdCyr0QJG4IM9uyq_uOwm7YQF3jMzNw-FY4JzBEiH2oIhEpmfB6F_ctYJM0ysaovoZuxZrNmuVToQZ1awieyzvnwpNDfe0py1l9nLlDA2iBLkjqp0h_BbKgBIFR_8HqtnId80cOHbPcGUz1kMy_nWXSsWYtzLrDcBLqI3ywF96cSZ10k6KQrvxGE7Q-kuDHdryrFfeQcZAvNZmTO-0vJIv9VV47vL5lytYX7pNFZetSeSFwZ87IDQP4HgSwCucne5sFY7M-GUfAw-vo_zd5mKHvFZdgBkDsZPwF0mhWrE3BSKg-q9I56a66EmMSRdKvv2GkX_eTDkYlsFRRv4AeYwFnwY0f7LhBT_SHsd9726rl5i58Q_2wJxAFCeiF1OTI44bvXQj8w8ibV0lObLzce7SsIuwQsd06_1ZqK0C35w6E6xsqbcmAJvUnRpYgpj6CvPYNd86ptO1Wky5aHZJ0z1BJmXK0ut5qz3Fy3eosQKojG1c4ls4Nofur3QT7ZplV&bid=0.000381829023461285&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=0ea79034-b299-49d1-8715-19e3104a54b7&prev_step_diff=761 HTTP 302
https://imdn.pics/m/p/0/681/681403/conversions/NtzSlBPR-minify.jpg

43 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request yaNS0RsXR3u Show response
poop.kim/e/
Redirect Chain

http://doodx.pro/e/yaNS0RsXR3u
https://poop.kim/e/yaNS0RsXR3u

9 KB
4 KB

1046ms
984ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47dbd36b602de0f8a08e6da7eef119858df0d5331b9b48a8e61d903b81b162b6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: EXPIRED
cf-ray: 8467bba8edb44d64-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 16:28:42 GMT
last-modified: Tue, 16 Jan 2024 04:12:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZZ19uA%2Byad1CwHeuWhmYfvRU9YQFK%2B%2FwHy%2Fikz8QYoMjwUsiIDx34KW6wd9lrwHgQ5%2FM0kUbvVwCMRNKqjUZZX8L8Gz463RC7IF6MXgz6R9J09JJO7ieNAJ%2FtRJvg5p5YtTOEj2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 8467bba82e4d6f6c-CDG
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 16 Jan 2024 16:28:41 GMT
Expires: Tue, 16 Jan 2024 17:28:41 GMT
Location: https://poop.kim/e/yaNS0RsXR3u
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EtY5pIDZxfQZwjc64ZUlycg%2FyUgnpuLr1i8oV7EkFTJiJNw8IBGn2auojGp1o00H220o5DHWIFzEgs0YMnVf2UXSICOlZbeEjatFnpEQBZWX7QmS4WePyPBZT4kWhzeHuuRH1N%2BzBng%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 77ms
33ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://poop.kim/
Origin: https://poop.kim
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3360657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B01I3Y%2FUVGXJo9l16siGI6RpYwiVcDrlRjMdt93A3VHEqItJCHUpCdPAayy%2BdmNiFr6j3dQJOAihN8qEFHtsHk3L5p5QuIWCgP2cYv4U9IUoDTP%2F2ZpMDvbUMx9Z8xqMqKDuNfll3d4SYpY%2BhGj9Cr1d"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8467bbaf58af901c-FRA
expires: Sun, 05 Jan 2025 16:28:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 276 KB
92 KB 88ms
37ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

Requested by

Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b47787368168e88a5e9659b1e7019bf7d02191ceec4eae003927ea25041c06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 16 Jan 2024 16:28:42 GMT

GET
H2 200 75335258735230534e6179 Show response
yu2be.com/embud/ Frame E354 243 B
627 B 1456ms
1393ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yu2be.com/embud/75335258735230534e6179

Requested by

Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21bebb5bc46ed1b81917140b1f6dcfa58dd1e27fd6cbb918f4bb2d4669f91064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://poop.kim/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8467bbaff83f35f3-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 16:28:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvzQJFmzcF2qQwuzFWQBw1kAqLDGnxCeehgNjq67FtZxKGKxjBTeCCIs3KJvX8f7sy7wXIYUedJzeyJv8y%2BXLCHOlKQv2yhg%2B7Z%2B2nwIuAc%2F6Pm91okSNGtD2yTvq6ObSCZksrIh2gQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 4acb46b5c8a25c28cfaf74e5464874ad.js Show response
499ad88d2d.03eea1b6dd.com/ 102 KB
34 KB 343ms
108ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 70bef0b9b90f224dcce56929057d20668fd82f6a6044195d3655b893657ff11b

Request headers

Referer: https://poop.kim/
Origin: https://poop.kim
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 16 Jan 2024 16:33:43 GMT
date: Tue, 16 Jan 2024 16:28:43 GMT
content-encoding: gzip
last-modified: Tue, 16 Jan 2024 12:25:49 GMT
server: nginx/1.18.0
etag: W/"65a675cd-1986b"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
249 B 130ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RRBBHD087X&gtm=45je41a0v9167878827&_p=1705422522809&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=512491520.1705422523&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705422522&sct=1&seg=0&dl=https%3A%2F%2Fpoop.kim%2Fe%2FyaNS0RsXR3u&dt=ANAKNYA%20YANG%20MASIH%20DI%20B4W4H%20UMUR.mp4%20-%20PoopHD&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1333
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://poop.kim
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 114039 Show response
499ad88d2d.03eea1b6dd.com/a846f4a2091aba9760689e3cad2ffa30/ 3 KB
3 KB 113ms
113ms XHR
application/json 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://499ad88d2d.03eea1b6dd.com/a846f4a2091aba9760689e3cad2ffa30/114039?version_name=d
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 09eebba468108e323031564615deea9304b6774ea53f6e23c0ed1034cc0673bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Jan 2024 16:28:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
server: nginx/1.18.0
content-type: application/json
expires: Tue, 16 Jan 2024 16:33:43 GMT

GET
H2 200 count.html Show response
storage.multstorage.com/log/ Frame 91B5 882 B
904 B 175ms
67ms Document
text/html 2606:4700:e0::ac40:610e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.multstorage.com/log/count.html
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:610e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

Request headers

Referer: https://poop.kim/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8467bbb44cc1f0db-CDG
content-encoding: br
content-type: text/html
date: Tue, 16 Jan 2024 16:28:43 GMT
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WdL%2Bu%2B8vZO7zdQ3MCAnGn9t79A1FJIrR4tluXEKcqaEu5cJa%2FX8tG3xX1gGHvRFhijdhsUSvPKE9fnZRpTg6%2Fc1BlRthnKfgxwk2jU77M9XIcPvVjf66nFNX2EezKIz0NImkeuM1diEddgIe7rPB4zqWgBdJDA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-request-id: 60d47bdd56215c761b04df9fd9fe81f4

GET
H2 200 track Show response
87442aa6f2.d473c08307.com/in/ 0
207 B 652ms
407ms XHR
text/plain 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://87442aa6f2.d473c08307.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIyMzczODIxOTgxNDQwNDk1NjAwIiwidGltZXpvbmUiOjEsInZlciI6IjMuMTAwLjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxNjAweDEyMDAiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IkV1cm9wZS9CZXJsaW4iLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiQU5BS05ZQSUyQ1lBTkclMkNNQVNJSCUyQ0RJJTJDQjRXNEglMkNVTVVSLm1wNCUyQ1Bvb3BIRCJ9
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 edd209391fb78170b7cf0bd215fe32b1.js Show response
499ad88d2d.03eea1b6dd.com/ 193 KB
56 KB 333ms
111ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 264144b306308c8cb685fc239aad46d29b79a848f6a05e9f80233d173e305fcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 16 Jan 2024 16:33:43 GMT
date: Tue, 16 Jan 2024 16:28:43 GMT
content-encoding: gzip
last-modified: Tue, 16 Jan 2024 09:08:41 GMT
server: nginx/1.18.0
etag: W/"65a64799-30317"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 f4e1d349e0ef73d745a1e5804f7541ef.js Show response
499ad88d2d.03eea1b6dd.com/ 90 KB
26 KB 577ms
355ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://499ad88d2d.03eea1b6dd.com/f4e1d349e0ef73d745a1e5804f7541ef.js
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 705cf142875e5aa5c5200682279757d32f648c0ccb201915d0c9ac230416a551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 16 Jan 2024 16:33:43 GMT
date: Tue, 16 Jan 2024 16:28:43 GMT
content-encoding: gzip
last-modified: Fri, 12 Jan 2024 13:30:38 GMT
server: nginx/1.18.0
etag: W/"65a13efe-16957"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

POST
H/1.1 200
OK fp Show response
fp.metricswpsh.com/ 58 B
427 B 83ms
30ms XHR
application/json 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=114039
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/4acb46b5c8a25c28cfaf74e5464874ad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: a8d62b701d7a8f20aa6b02840eac3d2503e3a870da25be1241360585ee821095

Request headers

Referer: https://poop.kim/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Tue, 16 Jan 2024 16:28:43 GMT
Server: nginx/1.20.1
Vary: Origin
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://poop.kim
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 58

OPTIONS
H/1.1 204
No Content fp
fp.metricswpsh.com/ Frame 0
0 92ms
26ms Preflight 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=114039
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 157.90.84.242 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.kim
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.kim
Connection: keep-alive
Date: Tue, 16 Jan 2024 16:28:43 GMT
Server: nginx/1.20.1
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 d64893f30b45d948340d374d6df88e64.js Show response
499ad88d2d.03eea1b6dd.com/ 435 KB
102 KB 122ms
122ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://499ad88d2d.03eea1b6dd.com/d64893f30b45d948340d374d6df88e64.js
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 8cb54d01261cbb9b5503e6021bdb3b090bd4a5aa3b7f8f4dc8a3b414acefe4ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 16 Jan 2024 16:33:44 GMT
date: Tue, 16 Jan 2024 16:28:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Jan 2024 09:37:46 GMT
server: nginx/1.18.0
etag: W/"65a64e6a-6cae3"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300
x-proxy-cache: HIT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0el88ugiQALkcOw845vFWyhUMnIdInmv5E5BwW-5ktsMmF-rl6zLXOH...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2LkY8lhH5yxQ_t447aSaSkfAdiHDS3GtyqnG3oVTkmZYZHdZ5-mGO_AnQwzncABwVucw-Y&passive=t...

0
0

70ms
70ms

Image
text/html

2a00:1450:4013:c06::54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2LkY8lhH5yxQ_t447aSaSkfAdiHDS3GtyqnG3oVTkmZYZHdZ5-mGO_AnQwzncABwVucw-Y&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-653529815%3A1705422524131432&theme=glif
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H3
Server: 2a00:1450:4013:c06::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Redirect headers

date: Tue, 16 Jan 2024 16:28:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-P2kfVfGVSb5HIVtGyajVcA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 402
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2LkY8lhH5yxQ_t447aSaSkfAdiHDS3GtyqnG3oVTkmZYZHdZ5-mGO_AnQwzncABwVucw-Y&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-653529815%3A1705422524131432&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 multy
276fbbc3fa.b5cecad47f.com/in/ Frame 0
0 108ms
32ms Preflight 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://276fbbc3fa.b5cecad47f.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.kim
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Tue, 16 Jan 2024 16:28:44 GMT
pragma: no-cache
server: nginx/1.20.1
vary: Origin

GET
H2 200 dip Show response
nereserv.com/in/ 0
200 B 104ms
45ms XHR
text/plain 167.235.163.216
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?site=native-push&wl=1&event_id=3213ef32-6d10-477e-a675-fadb3a84df89&subid=357529620&sid=1632592278&spot_id=418774&created_at=2024-01-16&timezone=1&ver=8.135.0&is_native=1
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.235.163.216 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.216.163.235.167.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

POST
H2 200 multy Show response
276fbbc3fa.b5cecad47f.com/in/ 51 KB
9 KB 649ms
649ms XHR
application/json 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://276fbbc3fa.b5cecad47f.com/in/multy
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 41bde453d53267f9b0d1fb4eecedca9eba44123c72a5bfe41b9bb6022c45a9d9

Request headers

Referer: https://poop.kim/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
content-encoding: gzip
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 8641

GET
H2 200 dip Show response
nereserv.com/in/ 0
201 B 83ms
25ms XHR
text/plain 167.235.163.216
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?site=native-push&wl=1&event_id=bd4d884e-f5ab-47ed-8fe4-98e042740985&subid=388464194&sid=4245178320&spot_id=418776&created_at=2024-01-16&timezone=1&ver=8.135.0&is_native=1
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 167.235.163.216 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.216.163.235.167.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

OPTIONS
H2 204 multy
276fbbc3fa.b5cecad47f.com/in/ Frame 0
0 107ms
32ms Preflight 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://276fbbc3fa.b5cecad47f.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://poop.kim
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Tue, 16 Jan 2024 16:28:44 GMT
pragma: no-cache
server: nginx/1.20.1
vary: Origin

POST
H2 200 multy Show response
276fbbc3fa.b5cecad47f.com/in/ 38 KB
6 KB 482ms
481ms XHR
application/json 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://276fbbc3fa.b5cecad47f.com/in/multy
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/edd209391fb78170b7cf0bd215fe32b1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 1f7640d6ca3df06198b90cc24921a99ac120af4bf7cb999cc0f027791a9e569b

Request headers

Referer: https://poop.kim/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
content-encoding: gzip
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 6003

GET
BLOB 200
OK 5c83bae9-190a-4659-afaa-fd1b40463677
https://poop.kim/ 204 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://poop.kim/5c83bae9-190a-4659-afaa-fd1b40463677
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 270fb9f71a35c9aac351e9fb4c18d5d8e7d2d40488bfc802b5bae62d3b133bee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length: 204
Content-Type: text/javascript

POST
H2 200 / Show response
mcpuwpsh.com/get/ 4 KB
4 KB 515ms
451ms Fetch
application/json 2a01:4f8:c0:2306::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mcpuwpsh.com/get/
Requested by: Host: 499ad88d2d.03eea1b6dd.com
URL: https://499ad88d2d.03eea1b6dd.com/f4e1d349e0ef73d745a1e5804f7541ef.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2306::1 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e5ff8bcfc43fc29accbaea6fa2ec181d4344737f5db9c10cb4595bfcf243bdef

Request headers

Referer: https://poop.kim/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.16.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 3803

POST
H2 200 video Show response
yu2be.com/ Frame E354 59 KB
19 KB 729ms
728ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yu2be.com/video?q=happy+asmara

Requested by

Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a869e02e6cc2064ef7e35a960c51d68b06547aee6f6906aa733592a695aaed56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://yu2be.com
Referer: https://yu2be.com/embud/75335258735230534e6179
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8467bbb8c8ef35f3-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 16:28:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFFijGpsrLP%2BZZN9i2tRrjhgmM6VCmMMxQwEq7l%2Bq0t1EN71y3tgX225e1L%2BoDpQCRKNj07SXNgxrNCNHWGtOoZ74c1%2FNyNRACxS2x20u5vNoLLftFeNG8pdDb0PLV%2Fh%2F3LwoZVV73I%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
1003 B 385ms
23ms Image
image/webp 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=4a86bc55-74fd-4eba-a50b-01c40d2c5cc4&prev_step_diff=594
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 16:28:44 GMT
date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
server: nginx/1.24.0
etag: "6572ed5b-316"
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 790
x-proxy-cache: HIT

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
1004 B 384ms
22ms Image
image/webp 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 16:28:44 GMT
date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
server: nginx/1.24.0
etag: "6572ed5b-316"
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 790
x-proxy-cache: HIT

GET
H2 200 /
276fbbc3fa.b5cecad47f.com/in/show/ 0
201 B 79ms
31ms Image
text/plain 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://276fbbc3fa.b5cecad47f.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.kim%2Fe%2FyaNS0RsXR3u&refdom=poop.kim&auction_time=1705422524&subid=388464194&sid=4245178320&tcid=0&ver=8.135.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-01-16&iabcat=IAB25-3&keywords=&user_fp=384695933523507122&score=68.0438647616591&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.kim%252Fe%252FyaNS0RsXR3u%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3540488&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYaOWiMEQPjho0WY0KGaUEDxxgzLcLEyIEDZYwxNcLQMANDxpgZYUQ4HONGoY6ZMHA4DFNnzEcbMkLmkCEjhowZNKzOvAGjhlARYtKQeRqVxtSqV7NWzcHV61IydibSuBFDacY6YibKoGHDxlI4F3XMuIFDRkMRc-BI1EFjBkgbOGg4LIOHzpfEi0XUqJEVxw2TX8e0CVwDx2Yakh-SMbPwsBg3bhY6pgGjpd02bjwenUEVhkM4uHXH4ArDr4g6MTCioWNxjo4XL868cYGHTRo7csjIcTHmTZsXc9qEkWNx44swOWyMaWyjxpgbZGYkjT_YRhgzZXrekFGmjAwxfDlW13o0kDEcVDGYgQMMYsBXxhg28GQDgyNBdsMPdcyBUBJk9GAgDDCYAZ8ZMYgxg2mG4ZSDGTKEAcNNZbSHAxlimCEGDmLYkJ5UY1jVI185xGDDTrThICR8NMg0Rhhc1AGiDDbM8UYdcoxRBoc9lHYaDU0-aUMbZbQhxoYd4iBHHS0EoUUUWszwBRExwDEFFnrkEQUUeDCBBBs3zHFHDmtoYQUNasBABRpmtIEGZ28MIQUZObgRRxVBjEGFFUbUZYQSQtgx4RtZwDBEEUOYYYUZZETxhBIt1PCfHkyQAcMdMORAaxA5WIEEEVFccYMQVIixxgxHKFGYFm8cYYcSUXxxRhVJECFFFWl02ZMNcMTQQ2OPRWYtlG688YUYYvSQnENkeIeRHWrg4S536g4VxmJbzBBDF79VuRAMLoDYVQ1DAfcFHPrqwO-JAIsghx2ByTfZGMDt68JmDtVRRxoY0bBXDcPhwBsMX6URmAhV3eBCDDHQ4EJVOKx87nFB6SBCE2_okQYbbITxQg39goDCFWm4ke4dc4DgBBUgxMAvDDuAALQbQzaNx5ApgBAEYGyUcUUZYiyRBh07D-bCDDb4vAQSVDTBBAsgWLdGGSAc8eAab1Q9BBpyeFfGC1Yt7cKEOeTgctlT3DdeGmGbTHZoTslMRBFfvSHHF2M0LsLjX7FhOebolmHHF3KUwcZENdzAcWm0-abwGbHpQFNqB30uhhwL2RX7F228MZYOMhgJe94TOfSGUakR_AYeeSwkA7p5tE7HmWU4NMfCGOVNx7ySt1CHG1-3AJULZLwX-fRx8Y7Vi1e5CrvlB30R_g1f0dHGRG1pLIP6FbUhA_1d2a--kKkxCOjKkJgvzIt_nKEK_kTgOQNmjTxGqRfAhoOvh4ghMwcxA1PYIJHfaG5fQ9ENDPqggIAA%2526s%253Ddb463d73fbf1f7ea89759c78bb3e39565c0bf488ed7ae204f24f0142b54cbd0f1705422524%2526ev%253D0.003955492468649195&icons=A6E6KNIgiKNf0cfN6Jl4C-4Znd9XyZMZY-QaM8QHF_pUSVQRrhYTKTvmy07p9D-Q2qyRUq-nWr4Y9Wi7uvRJj3alU2Thandlr1Z20TB47tVoOYfmYvMri7sMzsM3194q1hKUqwB6aw9CFdGIZLr6JEeXnTywxd-8cSscLuXGVvf3AEAgcg&ext_cid=585544&px_id=55418776&min_cpm=0.02004700345945946&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=5629492212341219705&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01625455874939226&cpm=0&verify_hash=f3c3bffdc83d34b5f1c85776edc9d551&is_native=2&real_bid=0.00030191700488328997&original_bid_usd=0.00038500000000000003&original_bid=0.00038500000000000003&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.216%20Safari%2F537.36&ip_mismatch=2001:1b60:2:240:3247::7&geo=DE&carrier=-&label_ids=4,89,27,93,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_099&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.00038500000000000003&hostname=auc-inpage-hz-9-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0.000000385&ext_campaign_id_str=585544&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=e60abcdc-1b6e-4556-92a7-37adc602314d&prev_step_diff=594
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

3d85e9042642511254da6f6099894ae7.jpg
cdn.stgcdn.com/ Frame 51E0
Redirect Chain

https://us.superfasti.co/nty/metrics/save.img?event=impressions&bid-id=v2-1705422524273-7-12342-1312492-3e1ba013-f64d-ea0b-1987-24236ce9ce73&img=https%3A%2F%2Fcdn.stgcdn.com%2F3d85e9042642511254da6...
https://cdn.stgcdn.com/3d85e9042642511254da6f6099894ae7.jpg

7 KB
8 KB

30ms
30ms

Image
image/jpeg

5.200.15.240
I3DNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.stgcdn.com/3d85e9042642511254da6f6099894ae7.jpg
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Server: 5.200.15.240 Rotterdam, Netherlands, ASN49544 (I3DNET, NL),
Reverse DNS
Software: openresty/1.21.4.1 /
Resource Hash: dbad4093dbfb565370b930e8c9785130c0e09ae7da91ef773ec38928e5aa2bbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
last-modified: Sat, 13 Jan 2024 15:25:07 GMT
server: openresty/1.21.4.1
etag: "65a2ab53-1dfc"
content-type: image/jpeg
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 7676
expires: Sat, 27 Jan 2024 15:35:34 GMT

Redirect headers

location: https://cdn.stgcdn.com/3d85e9042642511254da6f6099894ae7.jpg
date: Tue, 16 Jan 2024 16:28:45 GMT
server: openresty/1.21.4.1
content-length: 0

GET
H2 200 /
276fbbc3fa.b5cecad47f.com/in/show/ 0
200 B 73ms
31ms Image
text/plain 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://276fbbc3fa.b5cecad47f.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.kim%2Fe%2FyaNS0RsXR3u&refdom=poop.kim&auction_time=1705422524&subid=388464194&sid=4245178320&tcid=0&ver=8.135.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-01-16&iabcat=IAB25-3&keywords=&user_fp=384695933523507122&score=68.0438647616591&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.kim%252Fe%252FyaNS0RsXR3u%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=25585d66b9082a1dd61f149ea239e5e8&url=https%3A%2F%2Fus.superfasti.co%2Fnty%2Fpostback%2Fclick%3Fkey%3Dv2-1705422524273-7-12342-1312492-3e1ba013-f64d-ea0b-1987-24236ce9ce73&icons=gW0y6dwr6TsvG8lL8e1rHskLm7AmvoxZGR9ktiPGd3kjOJV0eOQSYEWP3lCzg7dGoKvN5CcAy5slxNgqsIZMZxroFxRwc9aOLHhzJb-X8m2mWPB6bJThkwiLrm46jZU-iWqW4qeJAaenRUUC3Y7Sgp33_aRlXiku04FNTKjQRznsEiarZGFTRy4Ai_P5wr59ri3fJpjFXw7aCHS_Y1r6WLRTYbq9ZMX94jVTOpvriZ4VVZx70P9XgmyhdwAwssWHwEahCrnGr4Ru3X6hNaPLwQ7w3yjM6HDLLDhUh-205KKf8C-OFjsVl4DPlaZ--QgsDfblT8hArX5iCYyd&ext_cid=0&px_id=73418776&min_cpm=0.00043783425781549547&out_id=0&campaign_type=hq&aid=3774&cid=16048&uniq=78514c9b0d6340f228a7b0e96e79121cc5518bc4612d290d4d167a7fd29f68ff&mid=5629492212341219705&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.009700578206078577&cpm=0&verify_hash=3a2361d8284ec7e92241e73775d1c913&is_native=1&real_bid=0.00824992&original_bid_usd=0.00824992&original_bid=0.00824992&exp=720&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.216%20Safari%2F537.36&ip_mismatch=2001:1b60:2:240:3247::7&geo=DE&carrier=-&label_ids=93,4,90,11&need_redirect_show=0&applied_features=main-skins-settings,coef_099&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fcdn.stgcdn.com%2Fb1a43a546e6fad39263a070aaa6a9136.png&site=native-push-adult&price=0.00824992&hostname=auc-inpage-hz-9-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0.00000824992&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=f27f07b2-dc61-4bb9-82e7-bd8fe948b5fe&prev_step_diff=593
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H2 200 b1a43a546e6fad39263a070aaa6a9136.png
cdn.stgcdn.com/ Frame 51E0 73 KB
73 KB 125ms
30ms Image
image/png 5.200.15.240
I3DNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.stgcdn.com/b1a43a546e6fad39263a070aaa6a9136.png
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.200.15.240 Rotterdam, Netherlands, ASN49544 (I3DNET, NL),
Reverse DNS
Software: openresty/1.21.4.1 /
Resource Hash: 043634411cafe0ec7db2c92100a8049283feafbfa4d1236cc32a2bbaf5c3735c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Sat, 13 Jan 2024 15:25:06 GMT
server: openresty/1.21.4.1
etag: "65a2ab52-12330"
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 74544
expires: Sat, 27 Jan 2024 15:35:56 GMT

GET
H2 200 IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
static.bookmsg.com/creatives/IN/ 790 B
1003 B 221ms
24ms Image
image/webp 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=a0826f09-fbb1-4cd2-ab06-15416cc831e7&prev_step_diff=761
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 16:28:44 GMT
date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
server: nginx/1.24.0
etag: "6572ed5b-316"
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 790
x-proxy-cache: HIT

GET
H2 200 /
276fbbc3fa.b5cecad47f.com/in/show/ 0
200 B 25ms
25ms Image
text/plain 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://276fbbc3fa.b5cecad47f.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.kim%2Fe%2FyaNS0RsXR3u&refdom=poop.kim&auction_time=1705422524&subid=357529620&sid=1632592278&tcid=0&ver=8.135.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-01-16&iabcat=IAB25-3&keywords=&user_fp=384695933523507122&score=73.75821677132788&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.kim%252Fe%252FyaNS0RsXR3u%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3540488&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYxNsbkIEMGh5gWZsjMOEkDRg4YLcSYgTGmRY4ZM8LMgEFGBgwaNcyIcDjGjUIdMV7icBimzhiMNWrMuGGjRg4cNqbmkJHjRo2sOYaKEJOGDFSpVK1i1crVK1ixBu1MpHEjxtKMdcRMlEHDhg2mcC7qmIpDRkMRc-BI1EFjhlUaMmY4LIOHzpfEi0VEpWH3xg0aYse0EVwDx2YaTMkIZehQjBs3Cx23pIHjbhs3HpHOkOHTIZzbuWPcgAHjr4g6MTCioWNxjo4XL868cYGHTRo7csjIcTHmTZsXc9qEkWNx44swOUI2rjrmhkoYOFROtRHGTBkYhmWUKSNDTF_Hdo1BAw1kCGeDDDGYgQMMYrhXBkgz2cDgGGLYgMMNP9QxB0JJkNFDgcSZ4Z4ZMYgxg2mGjWGVGTKEAUMMY5RRVXwyiWGSDenlQEMOY8QgQ4995RCDDTSY0RIOQ7pHQxgwhsFFHcTJYMMcb9QhR4wd9lDaaU9GaUMbZbQhBoceEoGFDFCwEUMaerjRwhRTnIEHE3mgMYUaFT5xhRYtzBGDHDBcUccVTkChBxnXOVGEHUpgUYQSMkQhBG1XzGCTiUNMEUMbUkxhhhgdZoFHFXMM8cYUadDxRhhIxBhFHEZgccMVR1zRRlB4xIBGGkvkkUYVM8RhQxFLmCHFGEdUEcUXZ1SRBBFSVJFGl_jZAEcMPTT2WGTUSunGG1-IIUYPyTlEhncY2aEGHuxyhy5RYSy2xQwxdOHblQvB4AJxMNQQGVG_fQEHvjroO4NfFIkghx2C7TTZGL_l64K_kh1XRxoYDbmbVbzdgINYaQgmAoI3uBBDDDS4gCAOKpd7XBgYNfGGHmmwwUYYL9SwLwgoXJGGG-feMQcITlABQgz6wrADCD67QeTSeBCZAghBBMZGGVeUIcYSqeY8lQsH87wEElQ0wQQLIFi3RhkgHPHgGm9MPQQacnhXxgs-Ju2ChDnk0LINIExR33hpeF3ywaE9pYMIRBQh1htyfDGG4ow77hAblDcu1kF2fCFHGWxMVINXMZTWEgwOyXEGbDpchZoInIcrx0J3xd7GG2bpIAOSr2v3xkQOvXHU6wO_gUceC8lgbh6s0yFHHWU4NMfCGNVNR7yQt1CHG6m2gKALZLT3-PRyIdXXgFjdwJu5lB_0Rfg3iEVHGxMNVwNkMvj7-vwy1N8v_vrji3EM4rkyJOYL8fLf_Xijv8l0LgxXI89R5lUDFgjHXg8RQ2YOYoamsEEivsFcvoiSGxj0QQEBAQ%25253D%25253D%2526s%253Df4b4fc8bd799e1ce849d44acf9c4517819adc205085edc8cfbda93161bab62731705422524%2526ev%253D0.0038721334532628377&icons=sg7eEeXlrgsKRsFvbwUBCXU2jYQnkj5iIe9MZqPx5AP0yW_gcHFTx0DxpUcUFU8todE47OoBNevZoaO5BzCpgBnA6qts8x5LE--TRbtLZHyWB3bX9JJMs5QeSvNe2swTBX4kISamOkZLC6BWSl0xkXisTVlrsVJWl-xPK65YoFNwd2Yg-g&ext_cid=585544&px_id=55418774&min_cpm=0.021903470588235295&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=5537659863792975639&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.01688797792020969&cpm=0&verify_hash=188e52cb8825b0d28968d71c12333b58&is_native=2&real_bid=0.00028709562464356475&original_bid_usd=0.00036609999999999995&original_bid=0.00036609999999999995&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.216%20Safari%2F537.36&ip_mismatch=2001:1b60:2:240:3247::7&geo=DE&carrier=-&label_ids=108,0,4,89,27,93&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.00036609999999999995&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0.0000003661&ext_campaign_id_str=585544&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e5c3036e-eca6-4a83-ab15-7a20350f1dd7&prev_step_diff=761
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
DATA 200
OK truncated
/ Frame 6A42 483 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fB6qhDzO-minify.jpg
imdn.pics/m/p/0/681/681405/conversions/ Frame 6A42 21 KB
21 KB 81ms
23ms Image
image/jpeg 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imdn.pics/m/p/0/681/681405/conversions/fB6qhDzO-minify.jpg
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e06d6259001c8a686db75ef2dda491480f6d611bdf0c70dca8bcc97d43174612

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Wed, 20 Dec 2023 09:23:59 GMT
server: nginx/1.20.1
etag: "6582b2af-54c0"
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 21696
x-request-id: 6199cc7e7d073283ca4b99c1ffe1bf08
x-proxy-cache: HIT

GET
H2

200

NtzSlBPR-minify.jpg
imdn.pics/m/p/0/681/681403/conversions/ Frame 6A42
Redirect Chain

https://p.a64x.com/in/tip_shows/?katds_ep=MGeupB4aP_blOFL-U2jA8JHUMWCFXYJXo87vd7-jDM0CS5oWTqX8LHwlmOUULyKwLT4LN14Gp0KaMRxVACSSSnDeTUYVf0I_PXi9NRHes3DHH9WxcJ8A1EThrctuGYsqcuFGF_X0ksrRnGcB8skqAlNuXKU...
https://imdn.pics/m/p/0/681/681403/conversions/NtzSlBPR-minify.jpg

4 KB
4 KB

22ms
22ms

Image
image/jpeg

45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imdn.pics/m/p/0/681/681403/conversions/NtzSlBPR-minify.jpg
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 28c909a34a66e2e0ff9fca3115b71db4e628e50657953aa0a85a6b452bb92f7a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: 0
pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
last-modified: Wed, 20 Dec 2023 09:23:52 GMT
server: nginx/1.20.1
etag: "6582b2a8-e5b"
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 3675
x-request-id: 704194a9ef0a7b0beb3edd71d92dc95d
x-proxy-cache: HIT

Redirect headers

date: Tue, 16 Jan 2024 16:28:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JX6ph8YquByfLFKnYe7Syn3Tj%2FIL9Oyr9TXTLSn5wqWoBDBv%2FzknX27z9KB%2F564hXrO%2BT%2F70zYoEGc2vm6zJKXddRWiWPyfa5A445TMssC1UVxw4nsxPWQBBxDcmLRhbjO9LI4Bfguq9"}],"group":"cf-nel","max_age":604800}
content-type: application/json
location: https://imdn.pics/m/p/0/681/681403/conversions/NtzSlBPR-minify.jpg
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8467bbbc3e9b3a78-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
276fbbc3fa.b5cecad47f.com/in/show/ 0
200 B 27ms
27ms Image
text/plain 2a01:4f8:c0:2343::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://276fbbc3fa.b5cecad47f.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.kim%2Fe%2FyaNS0RsXR3u&refdom=poop.kim&auction_time=1705422524&subid=357529620&sid=1632592278&tcid=0&ver=8.135.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-01-16&iabcat=IAB25-3&keywords=&user_fp=384695933523507122&score=73.75821677132788&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.kim%252Fe%252FyaNS0RsXR3u%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=12148&crtid=54fb5d1b3db75b4edec69a23bb5e6228&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DvcMqwLy1vP4uaUKer7BzosOOHYGkRTEpoPXM0vd8XD6ZdueZBDCTzIj_ssrQxTfkm_4H9zBZEz72SRvY_zFjTBcCsZ5qNoowQCyJCbXdVeAz27nbYDVGV2jw6JwmghosCJrGaAlYzs5MCDZIAOJ-4c7dEyIHwwtt9ew21wEAMiuDWofURPaOCTCjBtEpgoYHWdVC1_ZCW2kx2ujQixYKS_Ig4n_g8fZkFFoZ-PDITGW8U2W1Z3IFI5x3OAYtHXauxCvEIm8wGXyjggOAfUYPpiPrzlCe5wdBtZ_--FBSQKakHpjQaX61GlzgLbOSjmb7sD3nNTb4byc4GDhkz6ihDVbPF3xhup0C2A8PiVx6-u563mAc29WmMczO6BgMPvogzXs9hDYgSAV7mwfIuBCLeur-lWAOyfVHfVu2YUZKjch35xGS0zMhwx7urnOQvMTTiu6bBDr183QAr-Rw8_7kPKzT8Y1l_6w0J1LZzo9gwdlxrxNUh90fe6Bq20ukz5dGOpXw1zFafoyHJMgFqOYo78V2mk9ijLR55C02Y4mK_HReql8a5ctoI-rKG8Ma1I02JyJuz2fi_-ITQURiAfQ911GH0SyZQS4lFa7jUcCiPml14BG57jnf2xkMly3HmfR3G7VM9UB5MM6pjfXwUx4JDiPkbj7j4DoB_848xp6riMxVHqKGKMoeicIXh0utsW64lM3es361Oakvg6HYF_CbCr7FFiol3dk8ljYDOmO1ZG5Nl1xaSs7QcpIfNDkRXoUBD4UvLFjp-XrUNq0vPGR9dTiuw7foa6MJyGL_qF8n6yaKblQkA92Pm_boa-DYafSQJaA7HqTtX-x32FTdJl8S6xmjUoKfFX0gQuFcN7vnv8KrzHWMJSksBtk7oNT232NZE81H1EA6p-dQGt-KT7O9c9J1qBwUvmYEo6d7-oSNYiqa8PwsKAq3VRXGirp_yXXovIsG0uIws02xnwYfU_Lry-PtkDAvvgWA1OFNjtvkcZN42u3CMv10SxdEvmF2oTGLOfREe73t-7yQPn6jeyzYNyu-3I_3nl4Hcp3689mTl4CCbUXQZPHbfJHVYiVzWRpPSgXPBYYlCKSj_0B_v6xe-yPDnvx_RrJWYFLCAacPGeVnPEx7rtExmA9dK5aSY7NQo3eWQR0zBjPvvQhYSViXKdx9ajTGRNJMywMc2nP6_m00QJmSqLOId3FKBM73Ym_OlHIQGj-HdXzLIPfq61ykgwVptFoPhYk-Xe82YEospjmefVb7_MprLxEFOBqi7tkD_sjFYe_Vyq9KUEenjLhj2NAXwrkJDFSkc5WLtV189dnaAg%26bid%3D0.000381829023461285&icons=9ZIxl459etTMVxgD3sJ47saDbGR9rjx17ezE8qGGud_bHfhJPsSpeEssMHTS6nHGq4L5-KAEdDsvM3OYv_TO7Rca-MsI0j4RaGdZ82OJMUU31_V7BvIwLhPzn0o7HFjG8o3WnX3oXJXHp2qd7cMpdi9S5uFiAN6y0jA8r6kvQNfeVBnC_0NX7obSn0ixtb8wpjQWLyqUxt0zN5PJN5-miE4RE9P9A0slMbEWSP4xnaqWk7233bqfn6sBb7HoHjaKa91t-878brPHseI0eo3DnyNBsWT5iHWkpyvA_CwPe11K4IUqZ6c5NdEA-OqlIWBRYGEJim9_ZHbEYZYNOxJCbJPHkrp4sRpyQP4ITNEd9C1alqYufoBkf2H5yBtVY3MNkAKD7LMM6VCzioFfAklsqYgInArHOGm1PmHh3kAZles4hlQrKzSkLOek4w5XXTihG_h17sE00L0QijaZyvEHY8O1GpY4UgLXicF1bGBmgbrTbJ39tEg_txLFN3uAPqu6s6HbP4RFjnqt3UiZs75AvWy07L9vS5L5ycN05lLIuDaECLYcSx1HiV4EDxfAQzxI5WrPDS-A24BcO3_KFjl9X4LG-L-9lKNvf49UIxLT0S6MaVWlDJbFfU7ZLRdYOAwvpTkgYu3M7K0TB-RJPutao-3hYiIE2CNjQWlv1UagTFhVeXN0w5RNMbbKC7rMu6dT2ZMYMJnb--PIrCxTiOBYKZ7_kAwuGN-OTthgK_II_FGY4pCI93qbcGkcrQJQ6HN96QqDr60Ca8JylbCpEUIALQXTunNeLQuA7ZE6_-lLJY8qBPznOrkqzSlxA3aJg0ocQ3tgoxmGIzVokikI5ZKYC9BDz77eozxGZvgaZ8Or-AyomnNvFKTvetCr6foJyMlnz9Xybkq4-N2Y_N2vNWqkwEd_6ZinBjFpLIYyB0MTaM_yYYINY6Xfp1uWkNDbo98msipazdPZbo8DNjT-EvfwWHj-IEgZ9OGUyI1TVy1aEvB6z2Og8b8fdj0Uu3acfxAJEYPkSkJTCwpKVxXCkJypozmFqwXn_uGp-_xe0YWDN1wbyzFlmfhnbj_9pEBWuFXLlwvlbMMrobAm9IVJaJCXC2IlACM1Ed1th6Xd8jEK6rXW28QVhnIJu56m-9vIrtuBs0p_xjp9NjWXdld3m4-bEJkJq_4WXrRW8kwholpcVgFHExfT4mHJnLCT3uFy3XJ52af41BoVwKtR8mhP4ZeB9P9q3JDVT7fAKPL4-D0HY5to9aXLMV_sW96hwyumV1tiCM0JQd6p3EqYigjKJaIdrawP0I0JJ1_FVmexCrUNSgfMISY&ext_cid=189352&px_id=73418774&min_cpm=0.00038060717266180855&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=38c9d5681fa9a4a8ad4a87982ccde3c293530c665e4d46bba5c45cecdd246a05&mid=5537659863792975639&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.004286240023374542&cpm=0.000381829023461285&verify_hash=017eac24552bd43e1fb168ed84c09c1b&is_native=1&real_bid=0.00038060717266180855&original_bid_usd=0.0043&original_bid=0.0043&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.216%20Safari%2F537.36&ip_mismatch=2001:1b60:2:240:3247::7&geo=DE&carrier=-&label_ids=33,98,108,0,90,4,5&need_redirect_show=0&applied_features=main-skins-settings,coef_099&show_count=1&expiration_timestamp=1705595324&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F681%2F681405%2Fconversions%2FfB6qhDzO-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=189352&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=bafa4321-5dec-4c1b-a7b9-fe4bd86eaf7d&prev_step_diff=761
Requested by: Host: poop.kim
URL: https://poop.kim/e/yaNS0RsXR3u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a01:4f8:c0:2343::2 Ehingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://poop.kim/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 16:28:44 GMT
server: nginx/1.20.1
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type
content-length: 0

GET
H3 200 embed.css
yu2be.com/ Frame E354 1 KB
869 B 28ms
28ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yu2be.com/embed.css

Requested by

Host: yu2be.com
URL: https://yu2be.com/video?q=happy+asmara

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/video?q=happy+asmara
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4607
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
server: cloudflare
etag: W/"655e96c3-446"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2GZpz7r9gfDTrCIoxp4oeBCBWFnOT3VfJkeThS3fjpREnxd6em0r3B2eB4%2BHa%2B0sier2mAtbZX96S6lSFkNBefgYS6rh%2FPpAFsSrQd8rpH%2F%2B4qDnq4ZMKWpK4IJzqlQcCnTuNuPo4U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 8467bbbd5eb29214-FRA
expires: Wed, 17 Jan 2024 03:11:58 GMT

HEAD
H3 200 video Show response
yu2be.com/ Frame E354 0
460 B 31ms
30ms XHR
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yu2be.com/video?q=happy+asmara

Requested by

Host: yu2be.com
URL: https://yu2be.com/video?q=happy+asmara

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/video?q=happy+asmara
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 16 Jan 2024 14:57:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5477
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGMITrNEyzK4jtzf97A7ywJ28vIR%2Bu3HwYaAikXqX%2BgNNNmBUn4XGW%2FQV7u1PPmKRnsNPgcnZSVZL7xZmQrjGRqxB%2FKhqzps7zfkkYXXOzuX7whjArAPVzRJ0GeNkoKUavsjs74jRVk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
cf-ray: 8467bbbdaeec9214-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
mordoops.com/5/6651943/ Frame E354 3 KB
2 KB 97ms
31ms XHR
application/json 139.45.197.244
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mordoops.com/5/6651943/?oo=1&aab=1
Requested by: Host: yu2be.com
URL: https://yu2be.com/video?q=happy+asmara
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: cd35176e3574efea821bc7db8c61dba0726d499937e83fff9996cced5b8af26a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
content-encoding: gzip
x-trace-id: 55be9301b1ea690f72d9dd2498eb3e45
pragma: no-cache, no-cache
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://yu2be.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 tag.min.js Show response
mordoops.com/ Frame E354 80 KB
26 KB 97ms
30ms Script
text/javascript 139.45.197.244
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://mordoops.com/tag.min.js

Requested by

Host: yu2be.com
URL: https://yu2be.com/video?q=happy+asmara

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

5863691e336136e4b03fe108d2b411d9eeb8f1422a8589df6901a7a1a7fea48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=1
content-length: 25826
x-trace-id: 119043bd4c17782d359c434fe92650a7
pragma: no-cache
last-modified: Tue, 16 Jan 2024 13:31:29 GMT
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 75335258735230534e6179 Show response
metrolagu.cam/jembud/ Frame DF37 242 B
627 B 1533ms
1465ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://metrolagu.cam/jembud/75335258735230534e6179

Requested by

Host: yu2be.com
URL: https://yu2be.com/video?q=happy+asmara

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9960ff45eff7f988bce3b7438fbb002af9794895531f24ff5a0f9f2a37c4541

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8467bbbe1ed9365d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 16 Jan 2024 16:28:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYNQksq3Kcycz2xAt0NRa3oHXF7eZygLL6G0t5FrLWkl5eLko%2BrsiJdTLwQFnfLOfhHdqqJV%2B4qZSCx6SX2neSpLCHdyX6jbFpBNDwp%2Fu8ASg%2FBfNK76yr33NOH3pCpysmPyj5LCKRap5NPT"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 gid.js Show response
my.rtmark.net/ Frame E354 65 B
540 B 101ms
29ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=9beec5b7181c4ef6a5a83cd1ca2166d2

Requested by

Host: mordoops.com
URL: https://mordoops.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

f8e79be9bb0075c417c1e74b1adff811d2acfc0eaa324cb8468b5d16587df3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://yu2be.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 / Show response
mordoops.com/ Frame E354 3 KB
3 KB 33ms
33ms Fetch
application/json 139.45.197.244
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://mordoops.com/?rb=ltoJo7AR_djbdYh2stPFoCGggO1VyqBvtOZduTpnxwFUSfmS9t12kDp0FJNUX3wvEXc3J6jRp3BlLBVoHTPFm7WRDx6VU5VufJ5BIqWaRJagiY0JA0FKq8gSYoEzOkyp0njr5rg5QVyBu3FuyRQ1FCthU91wtB_w_i5AX2tsTNyIpo8tvo-Fc8dbfnhRVMZVs5ajQHBdivAEgYRTyspmBQDS08ayhutXJNNlMDd-_P01N6jHWTFX8gMVpe3MdZ5jUkCSfgfMtRnOYvMxv9cyxVs2ucex-rPuHYJYHYROcYEo_8iE6oQza6QTlxnmVBA6&request_ab2=0&zoneid=6651943&js_build=iclick-v1.657.0&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=4000&wih=1200&wiw=4000&wfc=4&pl=https%3A%2F%2Fyu2be.com%2Fvideo%3Fq%3Dhappy%2Basmara&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F75335258735230534e6179&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&btz=Europe%2FBerlin&bto=-60&wgl=Intel%20Iris%20OpenGL%20Engine&js_build=iclick-v1.657.0&bs=f057c8a0-5f7a-404b-aa95-8995e7731fa7&userId=9beec5b7181c4ef6a5a83cd1ca2166d2&m=link

Requested by

Host: mordoops.com
URL: https://mordoops.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

cf154fe82299476e80bee36f67953fda3acdc6d9afa801a77f7582dc51759159

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yu2be.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 16:28:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
x-trace-id: b18d99621d20d3285bba8b8fade47d64
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://yu2be.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST watch
metrolagu.cam/ Frame DF37 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: metrolagu.cam
URL: https://metrolagu.cam/watch?v=jQWuyE5jdgI

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.poop.kim/	1970-01-21 03:19:42	Name: _ga Value: GA1.1.512491520.1705422523
.poop.kim/	1970-01-21 03:19:42	Name: _ga_RRBBHD087X Value: GS1.1.1705422522.1.0.1705422522.0.0.0
fp.metricswpsh.com/	1970-01-21 02:29:18	Name: id Value: 15248478676350607850
mordoops.com/	1970-01-21 02:29:18	Name: OAID Value: 9beec5b7181c4ef6a5a83cd1ca2166d2
mordoops.com/	1970-01-21 02:29:18	Name: oaidts Value: 1705422525
my.rtmark.net/	1970-01-21 02:29:18	Name: ID Value: 9beec5b7181c4ef6a5a83cd1ca2166d2
mordoops.com/	1970-01-20 17:53:47	Name: syncedCookie Value: true

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2LkY8lhH5yxQ_t447aSaSkfAdiHDS3GtyqnG3oVTkmZYZHdZ5-mGO_AnQwzncABwVucw-Y&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-653529815%3A1705422524131432&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

276fbbc3fa.b5cecad47f.com
499ad88d2d.03eea1b6dd.com
87442aa6f2.d473c08307.com
accounts.google.com
cdn.stgcdn.com
cdnjs.cloudflare.com
doodx.pro
fp.metricswpsh.com
imdn.pics
mcpuwpsh.com
metrolagu.cam
mordoops.com
my.rtmark.net
nereserv.com
p.a64x.com
poop.kim
region1.google-analytics.com
static.bookmsg.com
storage.multstorage.com
us.superfasti.co
www.googletagmanager.com
yu2be.com
metrolagu.cam
139.45.195.8
139.45.197.244
157.90.84.242
167.235.163.216
2001:4860:4802:32::36
2606:4700:3030::6815:1352
2606:4700:3037::ac43:abf6
2606:4700::6811:180e
2606:4700:e0::ac40:610e
2a00:1450:4001:810::2008
2a00:1450:4013:c06::54
2a00:1d26:8771::12
2a01:4f8:c0:2306::1
2a01:4f8:c0:2343::2
2a06:98c1:3121::3
45.133.44.24
45.133.44.53
5.200.15.240
043634411cafe0ec7db2c92100a8049283feafbfa4d1236cc32a2bbaf5c3735c
09eebba468108e323031564615deea9304b6774ea53f6e23c0ed1034cc0673bc
1f7640d6ca3df06198b90cc24921a99ac120af4bf7cb999cc0f027791a9e569b
21bebb5bc46ed1b81917140b1f6dcfa58dd1e27fd6cbb918f4bb2d4669f91064
264144b306308c8cb685fc239aad46d29b79a848f6a05e9f80233d173e305fcf
270fb9f71a35c9aac351e9fb4c18d5d8e7d2d40488bfc802b5bae62d3b133bee
28c909a34a66e2e0ff9fca3115b71db4e628e50657953aa0a85a6b452bb92f7a
41bde453d53267f9b0d1fb4eecedca9eba44123c72a5bfe41b9bb6022c45a9d9
444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0
47dbd36b602de0f8a08e6da7eef119858df0d5331b9b48a8e61d903b81b162b6
5863691e336136e4b03fe108d2b411d9eeb8f1422a8589df6901a7a1a7fea48f
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf
705cf142875e5aa5c5200682279757d32f648c0ccb201915d0c9ac230416a551
70bef0b9b90f224dcce56929057d20668fd82f6a6044195d3655b893657ff11b
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
8b47787368168e88a5e9659b1e7019bf7d02191ceec4eae003927ea25041c06e
8cb54d01261cbb9b5503e6021bdb3b090bd4a5aa3b7f8f4dc8a3b414acefe4ed
a869e02e6cc2064ef7e35a960c51d68b06547aee6f6906aa733592a695aaed56
a8d62b701d7a8f20aa6b02840eac3d2503e3a870da25be1241360585ee821095
cd35176e3574efea821bc7db8c61dba0726d499937e83fff9996cced5b8af26a
cf154fe82299476e80bee36f67953fda3acdc6d9afa801a77f7582dc51759159
d9960ff45eff7f988bce3b7438fbb002af9794895531f24ff5a0f9f2a37c4541
dbad4093dbfb565370b930e8c9785130c0e09ae7da91ef773ec38928e5aa2bbc
e06d6259001c8a686db75ef2dda491480f6d611bdf0c70dca8bcc97d43174612
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
e5ff8bcfc43fc29accbaea6fa2ec181d4344737f5db9c10cb4595bfcf243bdef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8e79be9bb0075c417c1e74b1adff811d2acfc0eaa324cb8468b5d16587df3ff

poop.kim Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

88 %HTTPS

61 %IPv6

22 Domains

22 Subdomains

16 IPs

4 Countries

528 kBTransfer

1543 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

poop.kim Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

88 %
HTTPS

61 %
IPv6

22
Domains

22
Subdomains

16
IPs

4
Countries

528 kB
Transfer

1543 kB
Size

7
Cookies

43 HTTP transactions
1 data transactions