301 Moved Permanently 178 B URL User Request GET HTTP/1.1 IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.com
Fingerprint08:1E:AE:CE:75:4F:CD:44:3F:22:79:1C:EB:2A:62:11:C8:1F:56:2D
ValidityWed, 13 Sep 2023 02:07:35 GMT - Tue, 12 Dec 2023 02:07:34 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
GET /video/351 HTTP/1.1
Host: cabenakal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://cabenakal.site/video/351
200 OK 1.9 kB URL User Request GET HTTP/1.1 IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2696)
Hash cf992a4135ecd18c64378dd6d8d69505
d59a475a15da5f43a62bf7f0632e8e6794ad9146
da76b23bc65fd447af75bfcd6bfac4b8a9df76c627ff206cf30d73aeb37b3cfa
GET /video/351 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
ETag: W/"174e-1ZpHWhXaX0OmK/fwYy6OZ5StkUY"
Set-Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc; Path=/; HttpOnly
Content-Encoding: gzip
cabenakal.site/vendor/simple-lightbox/simple-lightbox.min.css
200 OK 3.8 kB URL GET HTTP/1.1 cabenakal.site/vendor/simple-lightbox/simple-lightbox.min.css
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Unicode text, UTF-8 text, with very long lines (3698)
Hash 6c85d4204ebac9911da09eca8e74db46
0af1a510012145a38db150b1c5d73f635ada29f5
a3a6bfa21acb85b688c0c86de398769c7caed6f9a1fe5883a270b3bcb33e21fa
GET /vendor/simple-lightbox/simple-lightbox.min.css HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 3837
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"efd-18a78e81606"
cabenakal.site/css/loader.css
200 OK 757 B URL GET HTTP/1.1 cabenakal.site/css/loader.css
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Hash 5bc566d1aca7068d2033a19b48cdc208
d5f86b6b58abc6189659d8630fc51cbd31fe341d
d52ff1ea1dadd23bfbb54b1e01cdc16f60ca182932042d6ccfc8d6bc4c0204cb
GET /css/loader.css HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 757
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"2f5-18a78e81572"
cabenakal.site/css/master.css
200 OK 4.7 kB URL GET HTTP/1.1 cabenakal.site/css/master.css
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Hash 680cd4d276b4ac19e168f082ea072268
59e46a46dd6317ff6226c843b51282391d7acca7
01e97705a7400b4a44385e16ebba6d62149f5f7ae1159a9648077ef70a8fc3c0
GET /css/master.css HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 4678
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 25 Sep 2023 13:39:54 GMT
ETag: W/"1246-18acc916164"
cabenakal.site/js/pages/video.js
200 OK 1.9 kB URL GET HTTP/1.1 cabenakal.site/js/pages/video.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Hash eb5d43848f790654aad708eae6b83ad0
3720962f1f068b2b083462411b53179070747569
6b350215d9e5c2443aaa092b5545b6ce19800b866669e2ae156362c7a93d220c
GET /js/pages/video.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:10 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 1922
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 23 Sep 2023 20:23:04 GMT
ETag: W/"782-18ac3b5c64a"
cabenakal.site/vendor/numeral.min.js
11 kB URL cabenakal.site/vendor/numeral.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (11307)
Hash 9a47e71ab1b7f7dd9100b32acc36f8d5
26f6e589446163bb46e4eeeb3a50bc45951c86cd
2e51d5239ad46aeb9d33965c65a0fa8473c72ab03b09279f1c79ca82afbf0197
GET /vendor/numeral.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:10 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 11444
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"2cb4-18a78e81602"
cabenakal.site/js/codebase.app.min.js
200 OK 140 kB URL GET HTTP/1.1 cabenakal.site/js/codebase.app.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (65379)
Size 140 kB (140365 bytes)
Hash f78a9a293acc3d759040b86ececa415f
616700171767884d20e9bd059712f09bd301495a
de2dfb97241f044eddf0ea5a80b38f75e1a7a101f2a68f833edc0652c4a35262
GET /js/codebase.app.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 140365
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"2244d-18a78e81586"
cabenakal.site/vendor/jquery.min.js
200 OK 88 kB URL GET HTTP/1.1 cabenakal.site/vendor/jquery.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (65447)
Hash e6c2415c0ace414e5153670314ce99a9
5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
GET /vendor/jquery.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 87462
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"155a6-18a78e815fe"
cabenakal.site/vendor/imagesloaded.pkgd.min.js
200 OK 5.5 kB URL GET HTTP/1.1 cabenakal.site/vendor/imagesloaded.pkgd.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (4358)
Hash 919bcd36ba45f4ae408e47ad200e0cc9
de12adeba034b0e200f9a13623852f1e2cdadb4a
86dacb15f649eafe6e74e1bede434b20d20a87682fa0aab01211d87d34cc2027
GET /vendor/imagesloaded.pkgd.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:10 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 5485
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"156d-18a78e815fe"
cabenakal.site/vendor/masonry.pkgd.min.js
200 OK 24 kB URL GET HTTP/1.1 cabenakal.site/vendor/masonry.pkgd.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (23966)
Hash 520e46df77727aaf3d5e799ef241be02
d20252cf76c3be8af37a8415d13ad368c762b4d8
367d6afdfc741fb48d2d9310e47c3924b693459a74c882c0fc545ec5ed7d55d2
GET /vendor/masonry.pkgd.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:10 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 24103
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"5e27-18a78e815fe"
cabenakal.site/vendor/simple-lightbox/simple-lightbox.min.js
200 OK 46 kB URL GET HTTP/1.1 cabenakal.site/vendor/simple-lightbox/simple-lightbox.min.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type ASCII text, with very long lines (46254), with no line terminators
Hash 2366f1599e29055581ebb2d2501c056e
2b4293e7a845aa0c7779bf92cca3015826100932
3453a4b33bb54f8be19180d6fe13d7a15a94abfbaeba7ebe5692dffd3aed7cf9
GET /vendor/simple-lightbox/simple-lightbox.min.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 46254
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"b4ae-18a78e8160a"
cabenakal.site/js/select.js
200 OK 726 B URL GET HTTP/1.1 cabenakal.site/js/select.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Hash 806ada06c2c9bc6ad154407aed02c347
4a2da33d8682c560585e901805d81eb3f1fedc4e
2a4a96222c0635ab2b0647d7f17b1e6044a3498ec00f854e8e0d2f1ac32dcb51
GET /js/select.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 726
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"2d6-18a78e81586"
cabenakal.site/js/master.js
200 OK 12 kB URL GET HTTP/1.1 cabenakal.site/js/master.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Hash f8ed4d3e661026aecea33e1faa4858e9
a3aaf3ce850b78b6292d2fb59f1adedc138b6e52
2bbf143047352ea37e3494072e60ead0def547b761d2474fe6c4a874ffe4567f
GET /js/master.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 12174
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 23 Oct 2023 11:10:36 GMT
ETag: W/"2f8e-18b5c3ac0fe"
cabenakal.site/css/codebase.min.css
558 kB URL cabenakal.site/css/codebase.min.css
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Unicode text, UTF-8 text, with very long lines (65437)
Size 558 kB (558064 bytes)
Hash 43403ef64f791d4e0836b7c62425a7d5
ed16b2b06d4fb9d5c69110c4dc6950714521baa0
136264ea3f4e64cffed81e6432e94b9cf5e698d7f89de71884e9941bdf32a298
GET /css/codebase.min.css HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:09 GMT
Content-Type: text/css; charset=UTF-8
Content-Length: 558064
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"883f0-18a78e81572"
cabenakal.site/vendor/lodash.js
200 OK 540 kB URL GET HTTP/1.1 cabenakal.site/vendor/lodash.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
Size 540 kB (540512 bytes)
Hash 050c900c28ad5d8275ff56f63b05becb
9b8862d749672156a62da0e842c66967ff6cd307
933bfeafa74baa6cfb898b91d8e7705209785f9455b2810d0738a0745e5cc6d5
GET /vendor/lodash.js HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:10 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 540512
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"83f60-18a78e815fe"
cabenakal.site/imgs/logo.png
200 OK 33 kB URL GET HTTP/1.1 cabenakal.site/imgs/logo.png
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type PNG image data, 554 x 116, 8-bit/color RGBA, non-interlaced\012- data
Hash f3966d2522d3f303f3b1d6bc121a958d
3ced1e4c92f467456e5bf900b1cab18f0f7c0298
c9b89dead88786424995c6f5af318bd05b6b54d25b19ba34f472d9ad52d3e636
GET /imgs/logo.png HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: image/png
Content-Length: 33350
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sun, 17 Sep 2023 18:14:04 GMT
ETag: W/"8246-18aa459832d"
cabenakal.site/imgs/bg-desktop.jpg
200 OK 106 kB URL GET HTTP/1.1 cabenakal.site/imgs/bg-desktop.jpg
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type JPEG image data, progressive, precision 8, 1920x1080, components 3\012- data
Size 106 kB (106424 bytes)
Hash ba09465412d4ac4fc8f43f770721797f
3a3bee0e96466e8a31c295db3a982f991fccd018
4969bf487ddc116dbea93d2d204ed83d84345dde6c1cb0ac20c111a274e97e31
GET /imgs/bg-desktop.jpg HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: image/jpeg
Content-Length: 106424
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sun, 17 Sep 2023 18:14:04 GMT
ETag: W/"19fb8-18aa459832d"
cabenakal.site/fonts/inter/inter-v12-latin-regular.woff2
200 OK 17 kB URL GET HTTP/1.1 cabenakal.site/fonts/inter/inter-v12-latin-regular.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 16708, version 1.0\012- data
Hash 68c477c4c76baab3a8d1ef6a55aa986f
4af50379e13514558dd53d123db8ea101ec5e24c
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
GET /fonts/inter/inter-v12-latin-regular.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 16708
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"4144-18a78e8157a"
cabenakal.site/fonts/inter/inter-v12-latin-500.woff2
200 OK 18 kB URL GET HTTP/1.1 cabenakal.site/fonts/inter/inter-v12-latin-500.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 17552, version 1.0\012- data
Hash 0627ec86dfad171ba217bbc765326ed7
d83f8aac9cb272a8825602735e3766f4975d5c68
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a
GET /fonts/inter/inter-v12-latin-500.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 17552
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"4490-18a78e8157a"
www.fajar.co.id/wp-content/uploads/2023/05/IMG_20230501_135556.jpg
200 OK 318 kB URL GET HTTP/2 www.fajar.co.id/wp-content/uploads/2023/05/IMG_20230501_135556.jpg
IP
Requested by https://cabenakal.site/video/351
Certificate IssuerGoogle Trust Services LLC
Subjectfajar.co.id
FingerprintB0:79:13:A7:C3:7C:FF:AB:C0:6E:EB:69:C1:45:4D:6E:58:8C:22:BC
ValidityMon, 16 Oct 2023 15:50:57 GMT - Sun, 14 Jan 2024 15:50:56 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1081, components 3\012- data
Size 318 kB (317949 bytes)
Hash 61ad9885bf4ff7bc2ed002f3dd1aa07b
83b154a4c904b79b82ae3162723c9d7658e8c997
02943f48f60b838fed060bd1f18cb9404df0019c738364969cba85beccaf8c45
GET /wp-content/uploads/2023/05/IMG_20230501_135556.jpg HTTP/1.1
Host: www.fajar.co.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: image/jpeg
content-length: 317949
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=888984, status=webp_bigger
etag: "644f548c-d9098"
expires: Mon, 01 Jan 2024 16:35:09 GMT
last-modified: Mon, 01 May 2023 05:56:28 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HjgsWiwNUxzTPQt41%2BMb%2FvCRDcZmAPVKXmt7S1AfGQs5LN6dgEMAQM1MX48dKxVZkBF4qfEbqwYzsn01HIlX0p%2BXHOUbSg7s1OzZQEUIuKobgR72MpavSjDsvohO5%2BEsmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82f5402a08f456a9-OSL
X-Firefox-Spdy: h2
dood.boo/d/xA80pfz5vAV
301 Moved Permanently 162 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectwww.dood.boo
FingerprintA1:12:B5:B2:47:E6:DC:88:84:AA:59:4D:B6:D1:0D:1B:48:C8:C3:69
ValidityThu, 09 Nov 2023 19:59:51 GMT - Wed, 07 Feb 2024 19:59:50 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d/xA80pfz5vAV HTTP/1.1
Host: dood.boo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html
content-length: 162
location: https://poop.media/d/xA80pfz5vAV
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dood.boo/d/ZqncwCsCIXV
301 Moved Permanently 162 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectwww.dood.boo
FingerprintA1:12:B5:B2:47:E6:DC:88:84:AA:59:4D:B6:D1:0D:1B:48:C8:C3:69
ValidityThu, 09 Nov 2023 19:59:51 GMT - Wed, 07 Feb 2024 19:59:50 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d/ZqncwCsCIXV HTTP/1.1
Host: dood.boo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html
content-length: 162
location: https://poop.media/d/ZqncwCsCIXV
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dood.boo/d/hiOBgwnL7eg
301 Moved Permanently 162 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectwww.dood.boo
FingerprintA1:12:B5:B2:47:E6:DC:88:84:AA:59:4D:B6:D1:0D:1B:48:C8:C3:69
ValidityThu, 09 Nov 2023 19:59:51 GMT - Wed, 07 Feb 2024 19:59:50 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d/hiOBgwnL7eg HTTP/1.1
Host: dood.boo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html
content-length: 162
location: https://poop.media/d/hiOBgwnL7eg
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dood.boo/d/hNjKXEAgIuy
301 Moved Permanently 162 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectwww.dood.boo
FingerprintA1:12:B5:B2:47:E6:DC:88:84:AA:59:4D:B6:D1:0D:1B:48:C8:C3:69
ValidityThu, 09 Nov 2023 19:59:51 GMT - Wed, 07 Feb 2024 19:59:50 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d/hNjKXEAgIuy HTTP/1.1
Host: dood.boo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html
content-length: 162
location: https://poop.media/d/hNjKXEAgIuy
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dood.boo/d/eEPrsKwbEDX
301 Moved Permanently 162 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectwww.dood.boo
FingerprintA1:12:B5:B2:47:E6:DC:88:84:AA:59:4D:B6:D1:0D:1B:48:C8:C3:69
ValidityThu, 09 Nov 2023 19:59:51 GMT - Wed, 07 Feb 2024 19:59:50 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /d/eEPrsKwbEDX HTTP/1.1
Host: dood.boo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html
content-length: 162
location: https://poop.media/d/eEPrsKwbEDX
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cabenakal.site/fonts/inter/inter-v12-latin-regular.woff2
200 OK 17 kB URL GET HTTP/1.1 cabenakal.site/fonts/inter/inter-v12-latin-regular.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 16708, version 1.0\012- data
Hash 68c477c4c76baab3a8d1ef6a55aa986f
4af50379e13514558dd53d123db8ea101ec5e24c
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
GET /fonts/inter/inter-v12-latin-regular.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 16708
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"4144-18a78e8157a"
cabenakal.site/fonts/inter/inter-v12-latin-600.woff2
18 kB URL cabenakal.site/fonts/inter/inter-v12-latin-600.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 17660, version 1.0\012- data
Hash cfdce67a2e07ba6cf05e0292d7f3f9b7
dcad1b9e50f8ef49ec4600fe88c68c165d9b7e61
048d136d592e66896cccc1fe4fada4feb16b7f6af671cd49a2fe6ed6b2276c6c
GET /fonts/inter/inter-v12-latin-600.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 17660
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"44fc-18a78e8157a"
thumb.viva.co.id/media/frontend/thumbs3/2022/10/24/6356a1db87f34-bintang-porno-maria-nagai_663_372.jpg
200 OK 16 kB URL GET HTTP/2 thumb.viva.co.id/media/frontend/thumbs3/2022/10/24/6356a1db87f34-bintang-porno-maria-nagai_663_372.jpg
IP
Requested by https://cabenakal.site/video/351
Certificate IssuerSectigo Limited
Subject*.viva.co.id
FingerprintE8:40:A3:CB:27:F9:6D:47:C1:62:37:8F:97:16:7F:98:4F:7D:F9:DD
ValidityTue, 25 Jul 2023 00:00:00 GMT - Fri, 23 Aug 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 663x372, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash beae2fbfbf34f5b3d83031b9cada9ba5
11e122eae22e349de4d33d5ee41de0deafdcb3cc
05942c70a072afaf28fec5a9bc7cf9f21ba763d10e4aa2cc682b19bd5ea0d490
GET /media/frontend/thumbs3/2022/10/24/6356a1db87f34-bintang-porno-maria-nagai_663_372.jpg HTTP/1.1
Host: thumb.viva.co.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: image/webp
content-length: 15940
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=146684
content-disposition: inline; filename="6356a1db87f34-bintang-porno-maria-nagai_663_372.webp"
vary: Accept
etag: "653a30b2-23cfc"
last-modified: Thu, 26 Oct 2023 09:26:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 82f5402a091e1bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cabenakal.site/fonts/inter/inter-v12-latin-500.woff2
200 OK 18 kB URL GET HTTP/1.1 cabenakal.site/fonts/inter/inter-v12-latin-500.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 17552, version 1.0\012- data
Hash 0627ec86dfad171ba217bbc765326ed7
d83f8aac9cb272a8825602735e3766f4975d5c68
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a
GET /fonts/inter/inter-v12-latin-500.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 17552
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"4490-18a78e8157a"
poop.media/theme_2/css/bootstrap.min.css
200 OK 51 kB URL GET HTTP/3 poop.media/theme_2/css/bootstrap.min.css
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type ASCII text, with very long lines (625)
Hash 3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/ZqncwCsCIXV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/css
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
vary: Accept-Encoding
etag: W/"6522101c-32faa"
expires: Sun, 03 Dec 2023 01:08:37 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 8439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H24j%2FdeXlaOTEt%2FjGKisk9N2Po5UpamJKK9q%2F6z8JNFRisWT7zbc5UHPvGMAIAxKnM3V%2Bbemaya3QgBUK6RvOkUoBvpj1I%2BpcPXvkpD%2BfLOPMJxTRP%2BV%2Ffn5J3rC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f1f1156c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
200 OK 24 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash c25db2422969b38c5838330df64f73a5
ed46523324aae6601d6c70dfc0b5ab31c509689f
1c90407aaaa84705364251aa5cb92d3a7a0c05209872c5ff32c935932ecce125
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 02 Dec 2023 17:22:13 GMT
date: Sat, 02 Dec 2023 17:22:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
poop.media/d/ZqncwCsCIXV
200 OK 66 kB IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6442)
Hash 47cd60d69e379586c32e2db862d494b8
64afb909bc54e4c2375e482df7fd9708a81d794c
41d6618c1a7cbbb6f116f976d66eca8b4ba9dcb929560e2de2bb4465dc92562a
GET /d/ZqncwCsCIXV HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 02 Dec 2023 16:15:39 GMT
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxHPJd%2FvsOTR55G%2B%2BJpuZwk7vSVMKYdPXHfwOASp%2BeWAhGBOGpTZu4s3TDfBr6Mur18QgCiADfXhECtA9WMNs%2Bs2JnJEGtG8I41BcfoMJUmzE0g9OEojz030ij9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBeqTicrG6Sh; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:12 GMT; HttpOnly
server: cloudflare
cf-ray: 82f5402c4804b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 28 kB URL GET HTTP/3 poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type gzip compressed data, from Unix\012- data
Hash 391c4fc0a3903aa715ff1cb922538288
0f72850dbafeeffb72e434fa82e07a50b7c3e590
a37c65cd6345ae481a3a82903dd40ca0f8ed919ea63a67b70b417b751e0552b4
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/eEPrsKwbEDX
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
etag: W/"65660ffd-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPxPvrtg%2BuaTbdN%2Blx89k%2BlviDSEvryqXa6hKJlmaDqsEQ%2BRG952U00wyie4%2BdJYZaP7M3Ni8CW72q97dhn1PyfTzJVzsIZ8MERrrgcU9ExzNPiQYu5rU92C9NWS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5402f2f2656c3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 04 Dec 2023 17:22:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 23812
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5d04"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2109
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e10wCpLRvr3RTmDTs1kJ3VvxxialkkZFHgngR%2BU2FWRLjsViccjhHF9TF2KBKJJfLaXkG0h2SrGX%2FJhJwJUkwoaIyyOiIyg%2BxeQHoELqZYdhO9DccoLRxWDF0usW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5403098fa56c3-OSL
alt-svc: h3=":443"; ma=86400
poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23604, version 1.0\012- data
Hash e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /theme_2/fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 23604
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5c34"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2109
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1amUGF%2F3Co0RQS4k8EJoI2GLn2v5z67rAkTW8fzj%2BuuzNa6w9D%2BsIETHeJeQsqGc5oqPA3FXTgGk%2BN%2FyQlCkN3RBaKAGWo8WqArL0%2BhbaNaRLUV5bIu5tp5wGX6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54030990956c3-OSL
alt-svc: h3=":443"; ma=86400
poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23604, version 1.0\012- data
Hash e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /theme_2/fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 23604
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5c34"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2109
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGwh%2Bu9i398c3HzyJKm7V2tt1jfXhL8P7LfH7R1R0L9Se5jj6Ey04A2J6oygSuNbosVpb9YBV13kdGFNoySAw9wXHIq258PrlWh1XDsLUnKafWzkZ4anwA45%2BpaD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54030b93656c3-OSL
alt-svc: h3=":443"; ma=86400
poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 23812
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5d04"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2109
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZytHTmGrc9P3uA3AzVZ963e7hE9%2FcJDBIbQrNOXUunvIxmWBKwh5FV1PxGWRgYAiVq4Ps%2BxnfiCusq6Oebi%2FviTec9fdUGXl%2BNgxlIDdg%2FDG40cxCd%2BaCl76k%2Fz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54030b93456c3-OSL
alt-svc: h3=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466594
expires: Thu, 21 Nov 2024 17:22:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPxkEgmsVCQK4MIa3uyrCnhEWWa7%2FX1aZQYYbvEkGbXEIWuJUf6Qwyqs544y3UhPToO6TJC7XWlOoIofmQJAuoL76hB%2B7KXvMeFA1WHh%2BsFgI4DpZy6k87f4EyDtowjHbyCu8o5j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f540317846b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466594
expires: Thu, 21 Nov 2024 17:22:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xx3m2GHigxcDp4t1Gj4rfpb6XvvBtvoJdbUVBLF1H3ozldmGbWFQFR%2BvgTZPf1XsPkuTf2XTW0dHSH7D9RJkWBQsDaCZTxdd4jTicw%2FjlhWASRJboZcaK0m0QYLxC449JjjE0Tcw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f540317844b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cabenakal.site/fonts/fontawesome/fa-solid-900.woff2
150 kB URL cabenakal.site/fonts/fontawesome/fa-solid-900.woff2
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type Web Open Font Format (Version 2), TrueType, length 150124, version 772.256\012- data
Size 150 kB (150124 bytes)
Hash c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
GET /fonts/fontawesome/fa-solid-900.woff2 HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:12 GMT
Content-Type: font/woff2
Content-Length: 150124
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"24a6c-18a78e8157a"
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466594
expires: Thu, 21 Nov 2024 17:22:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ow8qzgPEWx9W37Sd58aeVDLdPlv7pPIlJ5jxQ1VS7HL5Ygm1O7XUt7YuYMLgKo%2FByiJsvNZN5zzZKKqAPNM3UHm6rhmHtYdzMj2DwPfcQb72WXgJ1QbIWfg%2F11u9%2Fh7BZdaVWGo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f54031e8e9b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 188 kB URL GET HTTP/3 poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type gzip compressed data, from Unix\012- data
Size 188 kB (188362 bytes)
Hash 57c11069723a5f55fb13bb7f40975e61
fe1a82eb04e17c27d5d1b7552a44b8b3d2c3383b
1df2bd82cfb0d01fdba368a8a6abc45f7d078627e9ad5ce8d9deca9d425d3f1c
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/ZqncwCsCIXV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
etag: W/"65660ffd-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8V4e2tz%2FXZO7rnSDNRDUqTDeWEccr18R5LvQVJll3xtZnm7gmzLMswngGvLKSqvO8XG%2BbdwvZ6Zo48a2Gm0l3TZhq9CsQZtT44GdQ5HfsiE%2BSFnFJjCHxDSg33oo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5402f1f1856c3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 04 Dec 2023 17:22:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
poop.media/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
200 OK 184 kB URL GET HTTP/3 poop.media/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253\012- data
Size 184 kB (184476 bytes)
Hash 2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 184476
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-2d09c"
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BxaEr6G5SCVCeYhmDxuZJL%2BIIwihllVzSPDbcsjSk3BHaH0SxeSm6v34p154Yw00YqJrrMNX2opqFP4CKJ6oAWj7%2BMPd1Z95zCkQUCslYZUahOeQhsNvGc3nUk8K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBpY8jRfkhiD; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:13 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54030990056c3-OSL
alt-svc: h3=":443"; ma=86400
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash 1f1e5d84a5fc25d98b82baf107078e1f
a2a91b6209f0983e1e5666e0c81f43a7f1b42aeb
09472fabced4408c00ba97335ef4a43d335334fa860cbf68066b2072f431b673
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 17:22:13 GMT
expires: Sat, 02 Dec 2023 17:22:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466594
expires: Thu, 21 Nov 2024 17:22:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HXngKshxb76tJfFhaU8WVvUee2eqcltnLHCd8XO%2F7UoWow0n2NKpZJEspxQ0SF2WPyQq6gPLZQIt9xX4FD%2BPdj%2BFjQ3b8h5Jpr8x%2FxHOs3lkucW45w7mezDTs2jCN3bsF3KrGFZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f54031e8f6b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash 1f1e5d84a5fc25d98b82baf107078e1f
a2a91b6209f0983e1e5666e0c81f43a7f1b42aeb
09472fabced4408c00ba97335ef4a43d335334fa860cbf68066b2072f431b673
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 17:22:13 GMT
expires: Sat, 02 Dec 2023 17:22:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash 1f1e5d84a5fc25d98b82baf107078e1f
a2a91b6209f0983e1e5666e0c81f43a7f1b42aeb
09472fabced4408c00ba97335ef4a43d335334fa860cbf68066b2072f431b673
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 17:22:13 GMT
expires: Sat, 02 Dec 2023 17:22:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92981
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash b90f2d6ecdcfb42b6f2ab086960aed9e
f7d921f7a5b9b7e341f9db2ac28687e29ec9959e
3f1456fe7f269290a45c32d0cafa47d13ae76ab6db40f775475f12fcd47a9a27
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 17:22:13 GMT
expires: Sat, 02 Dec 2023 17:22:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92982
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cianjurekspres.disway.id/upload/10b981e96871bb975cca196ed5689705.jpg
200 OK 399 kB URL GET HTTP/2 cianjurekspres.disway.id/upload/10b981e96871bb975cca196ed5689705.jpg
IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectdisway.id
Fingerprint8C:19:6D:A6:CE:E4:E7:B1:30:CD:7E:E1:E5:07:4B:26:17:34:E3:D0
ValidityThu, 26 Oct 2023 23:35:10 GMT - Wed, 24 Jan 2024 23:35:09 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1350, components 3\012- data
Size 399 kB (398685 bytes)
Hash 4e55204654d592f408162e1a5b353d29
e9a7de58875f00f954d5a26e5769e30ed0e3b113
7b47e507fd950ed83a7cc74b1f592be93ee22cf4cc052126f999f2bc0f6d0343
GET /upload/10b981e96871bb975cca196ed5689705.jpg HTTP/1.1
Host: cianjurekspres.disway.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: image/jpeg
content-length: 398685
last-modified: Tue, 25 Oct 2022 12:03:33 GMT
etag: "6357d095-6155d"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X72IRIJ0LS38h4yh%2BWuG%2FqGtrSnV1pr6uGytxoO14zcLj7f6y9A8E2oCfX93xG%2FpWnYclOl4DE9BrNhia71UnU6J5CC4IFr7Q2FMOLwrVFr5DicM7%2FgCkRnu7%2BPfBDuPr2mVCkBr8H5Nrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5402a2bf70b49-OSL
X-Firefox-Spdy: h2
cabenakal.site/favicon.png
200 OK 14 kB URL GET HTTP/1.1 cabenakal.site/favicon.png
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectcabenakal.site
Fingerprint75:AC:2F:82:65:A0:61:1E:CE:BF:75:AF:61:73:5D:44:EA:C0:A7:81
ValidityMon, 23 Oct 2023 09:56:56 GMT - Sun, 21 Jan 2024 09:56:55 GMT
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash ec1efab49c24be248d8ee984df407508
f1290178c68c5570f0c09d9d69f3f39695b10fa7
375cd83e5fb7ea5b3a278bae8ff1b42c748b53da9aa5e6338cef7bb55087e034
GET /favicon.png HTTP/1.1
Host: cabenakal.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: connect.sid=s%3AinE9OvQWwcD5xQqiENCapdsvvxPPQh1o.7HKgj%2BQpknqlM7BvzjmhtFz%2BxSpiDl%2FFEAtGldT0ZLc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 02 Dec 2023 17:22:13 GMT
Content-Type: image/png
Content-Length: 13626
Connection: keep-alive
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 09 Sep 2023 07:46:30 GMT
ETag: W/"353a-18a78e81572"
poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 188 kB URL GET HTTP/3 poop.media/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type gzip compressed data, from Unix\012- data
Size 188 kB (188362 bytes)
Hash 57c11069723a5f55fb13bb7f40975e61
fe1a82eb04e17c27d5d1b7552a44b8b3d2c3383b
1df2bd82cfb0d01fdba368a8a6abc45f7d078627e9ad5ce8d9deca9d425d3f1c
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/xA80pfz5vAV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
etag: W/"65660ffd-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BnalYuj1VZvU68vPy2nqH3kD2KwGQuYdNlNST2jbvyyXc4jRdDi6ukCRSGtKf6gUfFWhCGOP1MZDYLqTYzcTyIL3zIhKdI00e7UBuELIvN%2BuomXLUJ%2BaE333GSSg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5402f2f2056c3-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 04 Dec 2023 17:22:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
poop.media/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
200 OK 184 kB URL GET HTTP/3 poop.media/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253\012- data
Size 184 kB (184476 bytes)
Hash 2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: font/woff2
content-length: 184476
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-2d09c"
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cubhuujurdqFlwto2bimbL2dW4B%2F0M6oB%2BxGyp4ltQ2ztxD%2Fr0v2owwzGAmPUoSDfVL5%2FEF0zyinuAtHe2KYiT7g1pJqGb2weilJHOzRx89ea%2Fi77wuGwJ4Sodmv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBpY8jRfkhiD; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:13 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54030b93556c3-OSL
alt-svc: h3=":443"; ma=86400
itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
200 OK 23 kB URL GET HTTP/1.1 itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectitseagleswig.com
Fingerprint11:78:6F:D4:BC:2F:3A:00:1C:6D:37:97:EE:C0:35:66:FC:5A:6A:74
ValidityFri, 10 Nov 2023 09:03:44 GMT - Thu, 08 Feb 2024 09:03:43 GMT
File type ASCII text, with very long lines (59713), with no line terminators
Hash dad140a341745dd4170cf669023c7e87
d979d53908e6992a523d403d49d870a5b030459b
a96aeb11a1e786bcf894e24454823c6c44fb3c6935c924cde8cbac0fcfd09c6d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /86/13/dd/8613dda341d2145537903a4d9729dfc5.js HTTP/1.1
Host: itseagleswig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0f6bfb3c5b78fbd119342fe5e8c1aee2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
200 OK 23 kB URL GET HTTP/1.1 itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectitseagleswig.com
Fingerprint11:78:6F:D4:BC:2F:3A:00:1C:6D:37:97:EE:C0:35:66:FC:5A:6A:74
ValidityFri, 10 Nov 2023 09:03:44 GMT - Thu, 08 Feb 2024 09:03:43 GMT
File type ASCII text, with very long lines (59746), with no line terminators
Hash c781c990d3fb43e3b59f27aae59cd811
10f5536010800d358de1c23b6d38349be8440dd1
26f1532a24d53e8272a4d009888340bae900dc718b4f26830ce04a301088e54b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /86/13/dd/8613dda341d2145537903a4d9729dfc5.js HTTP/1.1
Host: itseagleswig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a400d5e0942424858ea983786c49c00e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
200 OK 23 kB URL GET HTTP/1.1 itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectitseagleswig.com
Fingerprint11:78:6F:D4:BC:2F:3A:00:1C:6D:37:97:EE:C0:35:66:FC:5A:6A:74
ValidityFri, 10 Nov 2023 09:03:44 GMT - Thu, 08 Feb 2024 09:03:43 GMT
File type ASCII text, with very long lines (59761), with no line terminators
Hash 4cbcbacea54c9b33b05f1c2fcadd7d28
a9f30918acdb4a8e7ddadfc9c04bfe6d58871772
c8b01963e4670b14a4e09343f71e7d2f8face2650730d272ae6c15b2006604ab
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /86/13/dd/8613dda341d2145537903a4d9729dfc5.js HTTP/1.1
Host: itseagleswig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e52411357f19e0f062c28d7e503e561
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
200 OK 23 kB URL GET HTTP/1.1 itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectitseagleswig.com
Fingerprint11:78:6F:D4:BC:2F:3A:00:1C:6D:37:97:EE:C0:35:66:FC:5A:6A:74
ValidityFri, 10 Nov 2023 09:03:44 GMT - Thu, 08 Feb 2024 09:03:43 GMT
File type ASCII text, with very long lines (59740), with no line terminators
Hash 26e140c9e37829fddf0806718cb17cd6
28758d276247e36d9a676fd3153f47f98be70bbe
fc623a3ecff2ed57804db6369ae9c7328f0c8e858d0c29a299df3315999075c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /86/13/dd/8613dda341d2145537903a4d9729dfc5.js HTTP/1.1
Host: itseagleswig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6522a59fc6d029e3e11ab565202d10ce
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-regular-webfont.woff2
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: font/woff2
content-length: 23812
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5d04"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2110
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAKe9VF2TwnhLCjpKrwiWGNPVVhgknasNnzW7LJimL5Mi48FZFA%2BHQ%2BSsGp3nXA46gsrTAwqU9Sue9bDVeWxbeBZ5ntKx5%2BSNkOkLN6yTGe5tccKXFhsP2vY6Y6D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54036bfda56c3-OSL
alt-svc: h3=":443"; ma=86400
poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
200 OK 24 kB URL GET HTTP/3 poop.media/theme_2/fonts/avertastd-bold-webfont.woff2
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type Web Open Font Format (Version 2), TrueType, length 23604, version 1.0\012- data
Hash e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /theme_2/fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.media/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: font/woff2
content-length: 23604
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5c34"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2110
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhCwSn6pc0MHZ96Dm53Slo5DPugGoB3ifKhn9%2BfxzATzZtFMSsrdZHHaGP%2BHeHNRtTceZY%2BBz8sEauMVMDtSppOy%2B5Z2DfoYpBktPTXR8psLiYuX9NyyQQguxc2n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54036bfde56c3-OSL
alt-svc: h3=":443"; ma=86400
mp4skin.com/embud/eEPrsKwbEDX
200 OK 185 kB URL GET HTTP/2 mp4skin.com/embud/eEPrsKwbEDX
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document, ASCII text
Size 185 kB (184620 bytes)
Hash d29258b78d99eda9be0982187918e235
c57dec8857cfd5a8f3e52c128d8c6ce2441a8bb3
c57d9d9dc1b77cc53c58f0bb4db77b4ee5e254760ccb43812be8008a966415b7
GET /embud/eEPrsKwbEDX HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7KPr5XTez9VRuLI40QuNu3G4baeLvp6jgxktyhueZo2aRgk6ubWQ4ZqI4S2NWK7UiQYuj5lxuQ7z%2FrfoC0JRBNZErijX3B9rTHgGtYKPWBYtY19k1xJhbi64u2UzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f8fc756c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466595
expires: Thu, 21 Nov 2024 17:22:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Om3NAEZ8gBC6T0mf4EgrbMYUVATBcBBkU%2Ff5wALjMIBctsA2VSunycCrhl2ePCFIklekCQwhN0HzEvFeA4vNbO4BtCJrb18JCD3Qd%2BTOUrfIGKCTWpQMwyPGGUQFlkIijaA3zSzK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82f54037d9325693-OSL
alt-svc: h3=":443"; ma=86400
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
200 OK 93 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5955)
Hash 28af5d53cd67368a72970f72a0e30f39
32c9748cb8ee891083e4bb377b20eabba7eeb1d7
a2b9630dee1f4c59bc2e606ed31803cc92d97b23e82ea0c1b6f74dea5fba8373
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Dec 2023 17:22:14 GMT
expires: Sat, 02 Dec 2023 17:22:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92985
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash eb126d195ae8c531c032e34219ca30ce
76a90a3b13d27891e5788dd82273cb52fdac5d55
bb2b1c8d4ff4c37791c0692589760035c1ad1e9f91c2b12fdbb3d86c9ffbdb20
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ffb37e23-1e49-4229-9efc-041a53e3675a:3:1; expires=Tue, 29 Nov 2033 17:22:14 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
berlagu.com/jembud/hNjKXEAgIuy
200 OK 189 B URL GET HTTP/2 berlagu.com/jembud/hNjKXEAgIuy
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectberlagu.com
FingerprintE2:7A:A4:CA:1F:E3:C9:FB:E6:3E:C3:66:09:3E:55:34:E1:F2:C6:74
ValiditySun, 05 Nov 2023 13:17:56 GMT - Sat, 03 Feb 2024 13:17:55 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 1dcbd9deb863eca249da2004d2f4c900
26cbf21a3188274a41aadf779bac3f36306955f1
aa746fdd4480d693d018c14e76be59afefc7c827f836a82028b0cb704cee4ab1
GET /jembud/hNjKXEAgIuy HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAacDIMG2dxFQQ293ArSg64zGnE60Mm9%2FTx%2F%2BkCIJ2DM3%2BKkQUZcmg0I6OMzZYwTheSH%2FgpRSMJdvzMc3%2BC4SXJpE9WkTDvh7DtK%2BYIYxrCA7fGzcyOKowlKyGyirA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f9b2b5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
200 OK 23 kB URL GET HTTP/1.1 itseagleswig.com/86/13/dd/8613dda341d2145537903a4d9729dfc5.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectitseagleswig.com
Fingerprint11:78:6F:D4:BC:2F:3A:00:1C:6D:37:97:EE:C0:35:66:FC:5A:6A:74
ValidityFri, 10 Nov 2023 09:03:44 GMT - Thu, 08 Feb 2024 09:03:43 GMT
File type ASCII text, with very long lines (59743), with no line terminators
Hash b7266b1741f335d877efee978c3f5f93
7d06bb4b34f4d1df09297a3881aaef9aba187a2d
4b431b71ea35c989c1d3bf7cdef099426c892b4d61dcfee4741505d170e7e1a6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /86/13/dd/8613dda341d2145537903a4d9729dfc5.js HTTP/1.1
Host: itseagleswig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3d70d840a4d6f46ec3e7023f8eea12f7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dbd390fc66.7df3f71dc4.com/45d98cce31689b0d9efc9af2518b4299/114039?version_name=a
200 OK 3.3 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/45d98cce31689b0d9efc9af2518b4299/114039?version_name=a
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
Hash e70d1093e4d70d603b0be84eff684f3c
252cd54469c907af63cfdfd663fb2bff2ed66ab4
a836e882a3a3d9ad4a51abedcb806ee104ca7df8cf5804c01aa0c45fe712d7cf
GET /45d98cce31689b0d9efc9af2518b4299/114039?version_name=a HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 02 Dec 2023 17:27:14 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
meenetiy.com/5/6678850
200 OK 26 kB IP
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
FingerprintB0:78:1E:CD:78:69:2F:27:B1:FE:A6:02:07:CB:4F:DC:7B:D2:7F:B5
ValidityMon, 20 Nov 2023 05:28:05 GMT - Sun, 18 Feb 2024 05:28:04 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash 3d8a548773aac7c3b294135c3303f0df
111055712da725583b4d73e303809b56d62712ee
2bc8d25d95bcca54a8cd2dd500ebc6ab898b397f85d1d880a1925ea86fef5d6a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: application/javascript
x-trace-id: bf2caa362740168aba48b8b92c05326c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=a49f3add9aed414aab455c2c74ce8141; expires=Sun, 01 Dec 2024 17:22:14 GMT; path=/; secure; SameSite=None
oaidts=1701537734; expires=Sun, 01 Dec 2024 17:22:14 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
wakenssponged.com/rizdGR8ExUj7Bb6T/65101
200 OK 20 B URL GET HTTP/1.1 wakenssponged.com/rizdGR8ExUj7Bb6T/65101
IP
Requested by https://berlagu.com/download/Meltdown-Official-Video
Certificate IssuerLet's Encrypt
Subjectwakenssponged.com
Fingerprint2E:E0:2E:5E:8D:F0:2C:53:28:CF:F9:24:F8:E7:1A:EA:39:15:0B:85
ValidityThu, 28 Sep 2023 00:17:42 GMT - Wed, 27 Dec 2023 00:17:41 GMT
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /rizdGR8ExUj7Bb6T/65101 HTTP/1.1
Host: wakenssponged.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 17:22:14 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://berlagu.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Sun, 03-Dec-2023 17:22:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sun, 03-Dec-2023 17:22:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
dragnag.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
200 OK 15 kB URL GET HTTP/1.1 dragnag.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectdragnag.com
FingerprintDA:4C:92:8F:5C:67:EE:4F:B6:69:E7:5B:1C:66:9F:48:5B:CD:11:FF
ValidityTue, 28 Nov 2023 10:50:07 GMT - Mon, 26 Feb 2024 10:50:06 GMT
File type ASCII text, with very long lines (42845), with no line terminators
Hash f62c150a5844d6284eade8de5ca4f2f1
f81585091b431d616bf69335e2a3a1ca1f860894
fb1c52ddb049dd399922bcc6e3971196fbaa7526ccf202f20c0f944d174f44f8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3eaa660709abfe27dc33ab499b7b6c56
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
edgychancymisuse.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
200 OK 15 kB URL GET HTTP/1.1 edgychancymisuse.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectedgychancymisuse.com
FingerprintF3:06:D5:F6:2E:74:7E:77:AF:D5:87:04:34:00:F1:C2:AE:6C:DB:74
ValidityTue, 28 Nov 2023 10:44:16 GMT - Mon, 26 Feb 2024 10:44:15 GMT
File type ASCII text, with very long lines (42797), with no line terminators
Hash c27060067ca938ab3bb90f7f9afe3e34
b856baa4a94fdf217b9e54e0a8e49da6107d9e9b
6587f3a6374887014e59cc3c704adb45be4af0726eb6a65be8666608ef8330b3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js HTTP/1.1
Host: edgychancymisuse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d369ce4b3252ca5b80389333bf2474f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
berlagu.com/embed.css
411 B IP
Certificate IssuerGoogle Trust Services LLC
Subjectberlagu.com
FingerprintE2:7A:A4:CA:1F:E3:C9:FB:E6:3E:C3:66:09:3E:55:34:E1:F2:C6:74
ValiditySun, 05 Nov 2023 13:17:56 GMT - Sat, 03 Feb 2024 13:17:55 GMT
Hash 1ac57b2fc858076467716fbad9268b05
94b3c1ff894b4cb316dfe90962b64db541bb3c46
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf
GET /embed.css HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/download/Meltdown-Official-Video
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/css
last-modified: Tue, 21 Nov 2023 14:04:59 GMT
vary: Accept-Encoding
etag: W/"655cb90b-446"
expires: Sat, 02 Dec 2023 19:18:45 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 36209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLnRY7Lq%2FuwbTGiAWMbr7kAsZ9c28OmFIVMqruXCtJ1vhx09IV4z5yqejoppHoNeiNkdgZp%2Bji3qf9eJEB4X%2BRmYaitex7D0ClaUVXN6ucgbdJ0WeAqqiBhywvKkvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540399a1c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
meenetiy.com/5/6678850
200 OK 26 kB IP
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
FingerprintB0:78:1E:CD:78:69:2F:27:B1:FE:A6:02:07:CB:4F:DC:7B:D2:7F:B5
ValidityMon, 20 Nov 2023 05:28:05 GMT - Sun, 18 Feb 2024 05:28:04 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash e352cd49eb91e70a1a6e679800b99266
1f6fd3c4cd49ea726bf280b9a24b13e2ae69e946
78385ec0606e7c98cf600e62d916904a18666e95a52b4fa08615bb187012c168
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: application/javascript
x-trace-id: 554a38fcefed3161cc7c278ce60396b3
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=c47fdd0f08e746a499d599e54b201e61; expires=Sun, 01 Dec 2024 17:22:14 GMT; path=/; secure; SameSite=None
oaidts=1701537734; expires=Sun, 01 Dec 2024 17:22:14 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
mp4skin.com/embed.css
200 OK 373 B IP
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type ASCII text, with very long lines (755), with no line terminators
Hash 6234fd750298618c8b71628468aa5f0f
5026def78647896e77b7f65068b2fa31f44213d1
206d526e32959ce92da664b9e30be583c2500a6427800ecf2f8718b16ede188c
GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?v=Ay04zDYuaZA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Sun, 03 Dec 2023 03:03:03 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8350
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xWiLRGddcj8TumphJiTbiVHLm6rYklcyVr4D0GUlOp3CWwCWXRUG%2BMCYctbnCHfFPvHEEqzte9yMNBwk2vW8A9hCtaL15jFauiSJ5CuRcuUSbvJeJh%2Bll7HHcs0Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540385fd9b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ardentlyexposureflushed.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
200 OK 15 kB URL GET HTTP/1.1 ardentlyexposureflushed.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectardentlyexposureflushed.com
FingerprintCB:F3:A7:64:D0:55:AE:83:FE:CD:FA:A4:A8:5E:97:D2:27:E6:2D:01
ValidityTue, 28 Nov 2023 10:50:41 GMT - Mon, 26 Feb 2024 10:50:40 GMT
File type ASCII text, with very long lines (42815), with no line terminators
Hash 73e7a4afb074493ff196ac1b94c05c32
2d5a08e56c1659cca4d91f185a99c55ce92ac631
255a95b8c9c7acb877d2aac53955fd3d949ded154fe6042dda34d12ea85e2e63
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js HTTP/1.1
Host: ardentlyexposureflushed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c6771b8d4a1c1b0d5ccb93f78409409
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dbd390fc66.7df3f71dc4.com/dda4a1b9c053f40a4f94e188e138e351.js
200 OK 78 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/dda4a1b9c053f40a4f94e188e138e351.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
File type gzip compressed data, from Unix\012- data
Hash a54837d0eae065f3ab5c309d3991abd3
adc9a05ba4e222927a6e9ff85b7c3342d45b9bb4
6a3acab17196728a69f351f8b0beca5d86a808eb8b336d5a41162fe12c9ff15d
GET /dda4a1b9c053f40a4f94e188e138e351.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 28 Nov 2023 12:01:41 GMT
etag: W/"6565d6a5-288d5"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 8fe0e0fd7e35782adc6e6e3b40f2ba0c
29606072ffcbc9de5d8cf2c8aca4bf1064a177ad
cb9a09c23903de6f56ebb9062ac0ffd81114ef2c9ce2eaec166fe7d2535ff8f3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: uid_id2=fe344b7c-1eea-4ba3-a341-869837727e60:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 8fe0e0fd7e35782adc6e6e3b40f2ba0c
29606072ffcbc9de5d8cf2c8aca4bf1064a177ad
cb9a09c23903de6f56ebb9062ac0ffd81114ef2c9ce2eaec166fe7d2535ff8f3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: uid_id2=fe344b7c-1eea-4ba3-a341-869837727e60:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
barelydresstraitor.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
200 OK 15 kB URL GET HTTP/1.1 barelydresstraitor.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbarelydresstraitor.com
Fingerprint25:97:2B:38:9D:41:66:EF:F8:3D:E9:6C:15:38:E1:4F:3F:37:6E:81
ValidityTue, 28 Nov 2023 10:39:06 GMT - Mon, 26 Feb 2024 10:39:05 GMT
File type ASCII text, with very long lines (42797), with no line terminators
Hash 45cf4dbf9c14c26312c6a620735212ff
93576d7ccbefcc5dc8a47e43a723b2f5a669f979
65d618846eddf4135e88ed891200772334923278bfad3ed340b1b0b420162d01
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js HTTP/1.1
Host: barelydresstraitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 303b83b0dc05be9779c0bff3213d78c0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 8fe0e0fd7e35782adc6e6e3b40f2ba0c
29606072ffcbc9de5d8cf2c8aca4bf1064a177ad
cb9a09c23903de6f56ebb9062ac0ffd81114ef2c9ce2eaec166fe7d2535ff8f3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: uid_id2=fe344b7c-1eea-4ba3-a341-869837727e60:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 8fe0e0fd7e35782adc6e6e3b40f2ba0c
29606072ffcbc9de5d8cf2c8aca4bf1064a177ad
cb9a09c23903de6f56ebb9062ac0ffd81114ef2c9ce2eaec166fe7d2535ff8f3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: uid_id2=fe344b7c-1eea-4ba3-a341-869837727e60:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
dragnag.com/pixel/pure
200 OK 0 B IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectdragnag.com
FingerprintDA:4C:92:8F:5C:67:EE:4F:B6:69:E7:5B:1C:66:9F:48:5B:CD:11:FF
ValidityTue, 28 Nov 2023 10:50:07 GMT - Mon, 26 Feb 2024 10:50:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:15 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
edgychancymisuse.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 edgychancymisuse.com/pixel/pure
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectedgychancymisuse.com
FingerprintF3:06:D5:F6:2E:74:7E:77:AF:D5:87:04:34:00:F1:C2:AE:6C:DB:74
ValidityTue, 28 Nov 2023 10:44:16 GMT - Mon, 26 Feb 2024 10:44:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: edgychancymisuse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:15 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
friendshipmale.com/sfp.js
200 OK 60 kB URL GET HTTP/3 friendshipmale.com/sfp.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ce13fadb0e84d7c53b5e9fb243e158f8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 02 Dec 2023 17:22:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2FVqi0ltEax%2FjedTQlnIEoZrjYpgIkldAcsIkOGG%2FDWQDfL3FOalg9xjyb9MH1QIeF4rwB1B2pEDr%2BVNyfT5BcH7ri%2FI1Z3Ty%2FcYVt8GKWHtpkHUwV8RKNNvu7692grHVsl%2Bgac%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540401a5f23ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
metrolagu.cam/video?q=Marion+Jola+Serious
200 OK 67 kB URL POST HTTP/2 metrolagu.cam/video?q=Marion+Jola+Serious
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=vGuJuW0bDWA
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type gzip compressed data, from Unix\012- data
Hash a98df5571d5f66bd2cdc3eab1d50f6cb
524d0d766470c23a709433173ca7f7012c5ea406
64d2aa01998c9acc32486e3f4261c9a1f985ba8018a574defafe851d5631d7cf
POST /video?q=Marion+Jola+Serious HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/ZqncwCsCIXV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=e7ur85fbe3cp5abstditra484f; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
metrolagu.cam/jembud/hNjKXEAgIuy
200 OK 16 kB URL GET HTTP/2 metrolagu.cam/jembud/hNjKXEAgIuy
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://berlagu.com/download/Meltdown-Official-Video
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (42804)
Hash 049cfe02522336dbf179186ee8ece592
240d4350f16e0943b9ce298458b279af13e2355b
b3a3bb9df26bd1869d85f802f783ea702a188dd9015731c612f77a319f0340dd
GET /jembud/hNjKXEAgIuy HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
metrolagu.cam/jembud/eEPrsKwbEDX
200 OK 27 kB URL GET HTTP/2 metrolagu.cam/jembud/eEPrsKwbEDX
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type gzip compressed data, from Unix\012- data
Hash 4d3016460363e374a52ca23b1bdfc64c
63b5cd90ddae68dbb664a3dfb9cd7c5c935fd2e1
9f63fa0e903d28b0c724f85b6f392763097d137963cc791763cf3c83f0dbb29d
GET /jembud/eEPrsKwbEDX HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
dragnag.com/pixel/pure
200 OK 0 B IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectdragnag.com
FingerprintDA:4C:92:8F:5C:67:EE:4F:B6:69:E7:5B:1C:66:9F:48:5B:CD:11:FF
ValidityTue, 28 Nov 2023 10:50:07 GMT - Mon, 26 Feb 2024 10:50:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
metrolagu.cam/jembud/ZqncwCsCIXV
200 OK 977 B URL GET HTTP/2 metrolagu.cam/jembud/ZqncwCsCIXV
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=vGuJuW0bDWA
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f5560da891ab352f2d1a132e06eb3a91
0343b09a248178ce986a478bfb9f6c58002933e0
527ed57dd99f3cab10184e47666cfd919f583888c4e9260627fc815221752f8c
GET /jembud/ZqncwCsCIXV HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
barelydresstraitor.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 barelydresstraitor.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbarelydresstraitor.com
Fingerprint25:97:2B:38:9D:41:66:EF:F8:3D:E9:6C:15:38:E1:4F:3F:37:6E:81
ValidityTue, 28 Nov 2023 10:39:06 GMT - Mon, 26 Feb 2024 10:39:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: barelydresstraitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
code.jquery.com/jquery-latest.min.js
200 OK 33 kB URL GET HTTP/2 code.jquery.com/jquery-latest.min.js
IP
Requested by https://metrolagu.cam/watch?v=PCyN4TuzZ5M
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (32086)
Hash 8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
GET /jquery-latest.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1762a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 02 Dec 2023 17:22:16 GMT
age: 6735534
x-served-by: cache-lga21983-LGA, cache-bma1627-BMA
x-cache: HIT, HIT
x-cache-hits: 12, 247542
x-timer: S1701537736.183579,VS0,VE0
vary: Accept-Encoding
content-length: 33202
X-Firefox-Spdy: h2
meenetiy.com/?rb=J7wU85twSV10BphuxHo85dMjv2UNgbq2X1NwtpacDa25FYK1gG0xuImxiyfa6zLu5uD2T_R3m6gwQaJ9VR-9S51-MY1LppWCWVT7CJmLkXEm1ncMAxIeu9hcov-MRn8tNmadZ7kYB8X-Pac_ZK4cXdWNLZ4aWOPhghOEp_MOG6AkAPftyf1taVgobW86gRE9Mn514-DUexzFv2N8gKD-OOnyO5svEFWIQvj_NA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3Db7N--n5a2Vw&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FxA80pfz5vAV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=c47fdd0f08e746a499d599e54b201e61&m=link
200 OK 35 kB URL GET HTTP/2 meenetiy.com/?rb=J7wU85twSV10BphuxHo85dMjv2UNgbq2X1NwtpacDa25FYK1gG0xuImxiyfa6zLu5uD2T_R3m6gwQaJ9VR-9S51-MY1LppWCWVT7CJmLkXEm1ncMAxIeu9hcov-MRn8tNmadZ7kYB8X-Pac_ZK4cXdWNLZ4aWOPhghOEp_MOG6AkAPftyf1taVgobW86gRE9Mn514-DUexzFv2N8gKD-OOnyO5svEFWIQvj_NA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3Db7N--n5a2Vw&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FxA80pfz5vAV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=c47fdd0f08e746a499d599e54b201e61&m=link
IP
Requested by https://mp4skin.com/watch?v=b7N--n5a2Vw
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
FingerprintB0:78:1E:CD:78:69:2F:27:B1:FE:A6:02:07:CB:4F:DC:7B:D2:7F:B5
ValidityMon, 20 Nov 2023 05:28:05 GMT - Sun, 18 Feb 2024 05:28:04 GMT
File type JSON data\012- , ASCII text, with very long lines (32086)
Hash f4b2ab3847764b7b36e186056c024576
d1cbd17b4d677fc72835d9a40e2a3a8346dba889
a1ec0855d716c1f6906b8c2f4eb16555a6d4e0c6f4f7e5604f72211c9b2a85fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?rb=J7wU85twSV10BphuxHo85dMjv2UNgbq2X1NwtpacDa25FYK1gG0xuImxiyfa6zLu5uD2T_R3m6gwQaJ9VR-9S51-MY1LppWCWVT7CJmLkXEm1ncMAxIeu9hcov-MRn8tNmadZ7kYB8X-Pac_ZK4cXdWNLZ4aWOPhghOEp_MOG6AkAPftyf1taVgobW86gRE9Mn514-DUexzFv2N8gKD-OOnyO5svEFWIQvj_NA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3Db7N--n5a2Vw&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FxA80pfz5vAV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=c47fdd0f08e746a499d599e54b201e61&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=a49f3add9aed414aab455c2c74ce8141; oaidts=1701537734
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/json
x-trace-id: ba33e9cf8b3612206a6a8b246bf9d44f
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=c47fdd0f08e746a499d599e54b201e61; expires=Sun, 01 Dec 2024 17:22:15 GMT; path=/; secure; SameSite=None
oaidts=1701537735; expires=Sun, 01 Dec 2024 17:22:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 09 Dec 2023 17:22:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ardentlyexposureflushed.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 ardentlyexposureflushed.com/pixel/pure
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectardentlyexposureflushed.com
FingerprintCB:F3:A7:64:D0:55:AE:83:FE:CD:FA:A4:A8:5E:97:D2:27:E6:2D:01
ValidityTue, 28 Nov 2023 10:50:41 GMT - Mon, 26 Feb 2024 10:50:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: ardentlyexposureflushed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img.doodcdn.co/snaps/km983mpf1sd3366p.jpg
200 OK 24 kB URL GET HTTP/3 img.doodcdn.co/snaps/km983mpf1sd3366p.jpg
IP
Requested by https://metrolagu.cam/watch?v=PCyN4TuzZ5M
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 404x405, segment length 16, progressive, precision 8, 720x404, components 3\012- data
Hash 87c368e30b30458d60494950db0b110e
1a2829c7c88ab80425538a2ebc6bc1ee363e6b22
8904eed3a09a6cb324570021f7cc770b94008d27a13f5c53a05c931e1e7d821c
GET /snaps/km983mpf1sd3366p.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: image/jpeg
content-length: 23468
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=23648
etag: "651c09d2-5c60"
expires: Fri, 15 Dec 2023 23:17:24 GMT
last-modified: Tue, 03 Oct 2023 12:32:18 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zd%2FSuWWfd5XlRD8mpObW8YZCmYSMXXp4h0Y%2FweefpNBLNAmRJkAvWzHc2vHfqQZnW771TfwUj%2FMXlnIJONG%2BKMq%2FGgKc9RzAQk12Lq%2BD6pk3HwIMtLhEDcwB4uQBEvsB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54043281e5685-OSL
alt-svc: h3=":443"; ma=86400
img.doodcdn.co/snaps/o425cxstaf9l9p6j.jpg
200 OK 22 kB URL GET HTTP/3 img.doodcdn.co/snaps/o425cxstaf9l9p6j.jpg
IP
Requested by https://metrolagu.cam/video?q=ice+cold+film
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x405, components 3\012- data
Hash 6a4bf66f0edc94e1ce16f8f2145b603d
489473e535a887e785666ad973b8b61275e9a29e
c74fc55324c637f055a83ee15f3e7ff3e3ec4872e41ff0939b54873fc7cd4ead
GET /snaps/o425cxstaf9l9p6j.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: image/jpeg
content-length: 21484
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21758
etag: "64a2c343-54fe"
expires: Sat, 16 Dec 2023 02:49:15 GMT
last-modified: Mon, 03 Jul 2023 12:46:59 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTWGtZ%2BwBRWiPYaNu1KIdpXR3T4y1z5hAznmrGUh%2BHVNkJS1fzG%2F5LqKUKWSNfWoK6XlFHx3Lvj8XldlGzfRcnow%2F1gj06gLjBekR24ue3RWL%2BGuh2Pv78v3ygDB2TBI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5404338325685-OSL
alt-svc: h3=":443"; ma=86400
code.jquery.com/jquery-latest.min.js
200 OK 33 kB URL GET HTTP/2 code.jquery.com/jquery-latest.min.js
IP
Requested by https://metrolagu.cam/watch?v=PCyN4TuzZ5M
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (32086)
Hash 8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
GET /jquery-latest.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1762a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 02 Dec 2023 17:22:16 GMT
age: 6735534
x-served-by: cache-lga21983-LGA, cache-bma1627-BMA
x-cache: HIT, HIT
x-cache-hits: 12, 247544
x-timer: S1701537736.289918,VS0,VE0
vary: Accept-Encoding
content-length: 33202
X-Firefox-Spdy: h2
barelydresstraitor.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 barelydresstraitor.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbarelydresstraitor.com
Fingerprint25:97:2B:38:9D:41:66:EF:F8:3D:E9:6C:15:38:E1:4F:3F:37:6E:81
ValidityTue, 28 Nov 2023 10:39:06 GMT - Mon, 26 Feb 2024 10:39:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: barelydresstraitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img.doodcdn.co/snaps/obehb8bao0dlk3nf.jpg
200 OK 33 kB URL GET HTTP/3 img.doodcdn.co/snaps/obehb8bao0dlk3nf.jpg
IP
Requested by https://metrolagu.cam/video?q=txt-audio
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x405, components 3\012- data
Hash 16fbf50c191af6a80520954737d62bcb
c23bd4555dbbb65304756633374ccc67e31ef8f4
e1410cce56d07dab10a7975f9e8885bf27240193ebc836fe4e862ae1b16c575b
GET /snaps/obehb8bao0dlk3nf.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: image/jpeg
content-length: 32935
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=33066
etag: "6561c692-812a"
expires: Sat, 16 Dec 2023 16:19:07 GMT
last-modified: Sat, 25 Nov 2023 10:04:02 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ABWmp0RetcHKPTEcYKPio1LufmEShhuCUWBTqnDCTobFN0BJgpBgeOxK719MF%2FUjJQu%2FSkMQbSDQzLA7hoiwtttYRzOaxjZYzrcqkYV9SVru2364aJwSbDXmNp6zP6dr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54043d8e65685-OSL
alt-svc: h3=":443"; ma=86400
friendshipmale.com/sfp.js
200 OK 54 kB URL GET HTTP/3 friendshipmale.com/sfp.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0d9ecfa0579415c81b0c2c4e3397371e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 02 Dec 2023 17:22:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=55jD1jtAOQKibr0iIUicDNJNAaeNt4SH0jO9N8q82eCJvOqMK5HnXf7PctGa5sUI4xOx2XCsNcNLo7niS4rt205ciIaYKVSgaIGHmD90sOOSxebVoXhmRIUH0CI1q6y3L7vkinI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5403eb89d23ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
metrolagu.cam/embed.css
200 OK 27 kB IP
ASN #39674 Yorkshire Tech Limited
Requested by https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type gzip compressed data, from Unix\012- data
Hash 5868ebd36b133b466bb8db51f36a69fa
79752d948b8110837ea580925a2e5e90482df5dc
afb52bcc4e86bbe9b5b44df723e37c88569000ec67070a686270574970effaa7
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=Marion+Jola+Serious
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sun, 03 Dec 2023 05:22:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
metrolagu.cam/video?q=txt-audio
200 OK 796 B URL POST HTTP/2 metrolagu.cam/video?q=txt-audio
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=b7N--n5a2Vw
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ba0194c6fea3fbc91643a5ca12152e67
6adb25c12a81d54a9685dd525753de1509101225
a0938d933a66d03d75d610dd2ebaf26fc411722b627ccd028def33673402ec12
POST /video?q=txt-audio HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/xA80pfz5vAV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
metrolagu.cam/play.svg
200 OK 633 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (633), with no line terminators
Hash 85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: image/svg+xml
content-length: 633
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: "650c2028-279"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
dragnag.com/pixel/pure
200 OK 0 B IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectdragnag.com
FingerprintDA:4C:92:8F:5C:67:EE:4F:B6:69:E7:5B:1C:66:9F:48:5B:CD:11:FF
ValidityTue, 28 Nov 2023 10:50:07 GMT - Mon, 26 Feb 2024 10:50:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: dragnag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ardentlyexposureflushed.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 ardentlyexposureflushed.com/pixel/pure
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectardentlyexposureflushed.com
FingerprintCB:F3:A7:64:D0:55:AE:83:FE:CD:FA:A4:A8:5E:97:D2:27:E6:2D:01
ValidityTue, 28 Nov 2023 10:50:41 GMT - Mon, 26 Feb 2024 10:50:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: ardentlyexposureflushed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
edgychancymisuse.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 edgychancymisuse.com/pixel/pure
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectedgychancymisuse.com
FingerprintF3:06:D5:F6:2E:74:7E:77:AF:D5:87:04:34:00:F1:C2:AE:6C:DB:74
ValidityTue, 28 Nov 2023 10:44:16 GMT - Mon, 26 Feb 2024 10:44:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: edgychancymisuse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fikedaquabib.com/rotaInGRWQGA24/64343
200 OK 20 B URL GET HTTP/1.1 fikedaquabib.com/rotaInGRWQGA24/64343
IP
Requested by https://metrolagu.cam/video?q=Marion+Jola+Serious
Certificate IssuerLet's Encrypt
Subjectfikedaquabib.com
FingerprintF4:08:72:98:1C:B0:81:F0:17:C1:66:60:A7:4E:B2:9A:70:25:75:54
ValiditySat, 11 Nov 2023 23:42:59 GMT - Fri, 09 Feb 2024 23:42:58 GMT
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Sun, 03-Dec-2023 17:22:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sun, 03-Dec-2023 17:22:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
fikedaquabib.com/rotaInGRWQGA24/64343
200 OK 20 B URL GET HTTP/1.1 fikedaquabib.com/rotaInGRWQGA24/64343
IP
Requested by https://metrolagu.cam/video?q=Marion+Jola+Serious
Certificate IssuerLet's Encrypt
Subjectfikedaquabib.com
FingerprintF4:08:72:98:1C:B0:81:F0:17:C1:66:60:A7:4E:B2:9A:70:25:75:54
ValiditySat, 11 Nov 2023 23:42:59 GMT - Fri, 09 Feb 2024 23:42:58 GMT
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Sun, 03-Dec-2023 17:22:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sun, 03-Dec-2023 17:22:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:16 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:16 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:16 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
proftrafficcounter.com/stats
200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 8fe0e0fd7e35782adc6e6e3b40f2ba0c
29606072ffcbc9de5d8cf2c8aca4bf1064a177ad
cb9a09c23903de6f56ebb9062ac0ffd81114ef2c9ce2eaec166fe7d2535ff8f3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: uid_id2=fe344b7c-1eea-4ba3-a341-869837727e60:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://poop.media
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:16 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
barelydresstraitor.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 barelydresstraitor.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbarelydresstraitor.com
Fingerprint25:97:2B:38:9D:41:66:EF:F8:3D:E9:6C:15:38:E1:4F:3F:37:6E:81
ValidityTue, 28 Nov 2023 10:39:06 GMT - Mon, 26 Feb 2024 10:39:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: barelydresstraitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkFETi0yNDUlMkNQZW51bGlzJTJDTm92ZWwlMkNFcm90aXMlMkMlRTIlODAlOTMlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0=
200 OK 0 B URL GET HTTP/2 aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkFETi0yNDUlMkNQZW51bGlzJTJDTm92ZWwlMkNFcm90aXMlMkMlRTIlODAlOTMlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectaba744c125.df4a3bc10a.com
Fingerprint00:DB:99:EF:9E:F9:25:63:DC:E2:3D:B5:B4:08:55:1A:9B:88:2A:2E
ValidityWed, 29 Nov 2023 02:50:21 GMT - Tue, 27 Feb 2024 02:50:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkFETi0yNDUlMkNQZW51bGlzJTJDTm92ZWwlMkNFcm90aXMlMkMlRTIlODAlOTMlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0= HTTP/1.1
Host: aba744c125.df4a3bc10a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVRkUtMDc1JTJDUG9vcEhEIn0=
200 OK 0 B URL GET HTTP/2 aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVRkUtMDc1JTJDUG9vcEhEIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectaba744c125.df4a3bc10a.com
Fingerprint00:DB:99:EF:9E:F9:25:63:DC:E2:3D:B5:B4:08:55:1A:9B:88:2A:2E
ValidityWed, 29 Nov 2023 02:50:21 GMT - Tue, 27 Feb 2024 02:50:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVRkUtMDc1JTJDUG9vcEhEIn0= HTTP/1.1
Host: aba744c125.df4a3bc10a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMTMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZFTlgtMDIzJTJDTWVuaWttYXRpJTJDTW9udG9rbnlhJTJDVHVidWglMkNNZXJ0dWFrdSUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNEb29kU3RyZWFtJTJDUG9vcEhEIn0=
200 OK 0 B URL GET HTTP/2 aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMTMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZFTlgtMDIzJTJDTWVuaWttYXRpJTJDTW9udG9rbnlhJTJDVHVidWglMkNNZXJ0dWFrdSUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNEb29kU3RyZWFtJTJDUG9vcEhEIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectaba744c125.df4a3bc10a.com
Fingerprint00:DB:99:EF:9E:F9:25:63:DC:E2:3D:B5:B4:08:55:1A:9B:88:2A:2E
ValidityWed, 29 Nov 2023 02:50:21 GMT - Tue, 27 Feb 2024 02:50:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMTMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZFTlgtMDIzJTJDTWVuaWttYXRpJTJDTW9udG9rbnlhJTJDVHVidWglMkNNZXJ0dWFrdSUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNEb29kU3RyZWFtJTJDUG9vcEhEIn0= HTTP/1.1
Host: aba744c125.df4a3bc10a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:17 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.media
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 60 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash 11ef28febd84a9b383637787c3583019
4edd6cb0f09f3f737e012e417569ffad7d7c5de3
49efe1a2f9b41446ca7028289dda1b7a22a56c1f55fa3f466b51364cdd9be3d9
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23169
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.media
Set-Cookie: id=15691782774315821293; Expires=Sun, 01 Dec 2024 17:22:17 GMT; Secure; SameSite=None
Vary: Origin
omitpollenending.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
3.5 kB URL omitpollenending.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5671), with no line terminators
Hash 326a6fda41ba4f5cce2dae13feee6106
09737dece342e78eb115976cb293aa569d22abb5
7a32baf63db4061df83b7c7d5225207f71654cae09084bb513140afe668294c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc HTTP/1.1
Host: omitpollenending.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://poop.media
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21379104; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
slec3588e7c3f5b48aac06ae83e5126f8dcc=[4690994]; expires=Sat, 02 Dec 2023 17:22:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cba58095159ebfc510ad26685a3a0a7c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pronedynastyimpertinence.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
200 OK 3.5 kB URL GET HTTP/1.1 pronedynastyimpertinence.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectpronedynastyimpertinence.com
Fingerprint5B:76:FB:DD:60:B4:7A:A2:03:07:FC:6C:A0:6A:FA:99:13:E4:63:75
ValidityTue, 28 Nov 2023 08:14:49 GMT - Mon, 26 Feb 2024 08:14:48 GMT
File type JSON data\012- , ASCII text, with very long lines (5655), with no line terminators
Hash 00ac7aaca2af31b85d75fa5730eef949
0eb59e5c14142eb7ac4a1f01f6708f017b9e79a9
fcd5fc595c220905485a6df74910cbec31c3b0905567e78d427874dce5c8e6b7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://poop.media
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21379104; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
slec3588e7c3f5b48aac06ae83e5126f8dcc=[4690994]; expires=Sat, 02 Dec 2023 17:22:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 891a9307cc8cf1fb89f169675dd1b623
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
accordancespotted.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 accordancespotted.com/pixel/pure
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectaccordancespotted.com
FingerprintD8:3A:F2:F4:A3:CF:57:5C:BB:EF:B6:7D:9B:80:F2:A0:8B:81:BB:AA
ValidityTue, 28 Nov 2023 10:41:23 GMT - Mon, 26 Feb 2024 10:41:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 60 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash f52eb4093616c9d80cf14b52f893f82c
d0a5f520ed422eb2d6c69006fda6b8e8b7381144
9a5ee58e2f0665e3810ef94dfe12ead3c9670eafe900075e3e27dc96e2d4c3fe
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23170
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.media
Set-Cookie: id=8854166654117156777; Expires=Sun, 01 Dec 2024 17:22:17 GMT; Secure; SameSite=None
Vary: Origin
accordancespotted.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 accordancespotted.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectaccordancespotted.com
FingerprintD8:3A:F2:F4:A3:CF:57:5C:BB:EF:B6:7D:9B:80:F2:A0:8B:81:BB:AA
ValidityTue, 28 Nov 2023 10:41:23 GMT - Mon, 26 Feb 2024 10:41:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
metrolagu.cam/jembud/hiOBgwnL7eg
200 OK 258 B URL GET HTTP/2 metrolagu.cam/jembud/hiOBgwnL7eg
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type gzip compressed data, from Unix\012- data
Hash 0617f1c2e4dca7aaa258324fc40fa0b4
41d9961783f2ecdf39f24a4048749005d99efde6
edc5c3c0dce2734af6cd0b78b4f1c8dbdb651546273bcb2f6ad175c3d2bb3d51
GET /jembud/hiOBgwnL7eg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
undertakinghomeyegg.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
200 OK 3.5 kB URL GET HTTP/1.1 undertakinghomeyegg.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectundertakinghomeyegg.com
Fingerprint69:99:4A:A1:A8:2C:4D:27:B7:E7:73:23:6C:ED:8B:DB:98:7C:CB:95
ValidityTue, 28 Nov 2023 10:34:25 GMT - Mon, 26 Feb 2024 10:34:24 GMT
File type JSON data\012- , ASCII text, with very long lines (5655), with no line terminators
Hash 00ac7aaca2af31b85d75fa5730eef949
0eb59e5c14142eb7ac4a1f01f6708f017b9e79a9
fcd5fc595c220905485a6df74910cbec31c3b0905567e78d427874dce5c8e6b7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc HTTP/1.1
Host: undertakinghomeyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://poop.media
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21379104; expires=Sun, 03 Dec 2023 17:22:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
slec3588e7c3f5b48aac06ae83e5126f8dcc=[4690994]; expires=Sat, 02 Dec 2023 17:22:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4eda73b6a0ed4cf45267f3391f482f1f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 60 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash 11ef28febd84a9b383637787c3583019
4edd6cb0f09f3f737e012e417569ffad7d7c5de3
49efe1a2f9b41446ca7028289dda1b7a22a56c1f55fa3f466b51364cdd9be3d9
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23168
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.media
Set-Cookie: id=1467981694041088516; Expires=Sun, 01 Dec 2024 17:22:17 GMT; Secure; SameSite=None
Vary: Origin
dbd390fc66.7df3f71dc4.com/b1e17e656cc8d88db1abe0e5d539052d.js
200 OK 26 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/b1e17e656cc8d88db1abe0e5d539052d.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
File type gzip compressed data, from Unix\012- data
Hash 50880d714ac50ac2689efc603ad46a60
f0bb0e7b1ce40e7471e882f15d6382eab34441c5
29d5bd268bae4beab448cc66b710555c71cdd2600800d44ea87c1df7f8d06473
GET /b1e17e656cc8d88db1abe0e5d539052d.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 01 Dec 2023 07:48:53 GMT
etag: W/"65698fe5-162bf"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:16 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlBSRUQtMjI1JTJDSXN0cmklMkNZYW5nJTJDQm9zYW4lMkNUaW5nZ2FsJTJDRGklMkNQZWRlc2FhbiUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNQb29wSEQifQ==
200 OK 0 B URL GET HTTP/2 aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlBSRUQtMjI1JTJDSXN0cmklMkNZYW5nJTJDQm9zYW4lMkNUaW5nZ2FsJTJDRGklMkNQZWRlc2FhbiUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNQb29wSEQifQ==
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectaba744c125.df4a3bc10a.com
Fingerprint00:DB:99:EF:9E:F9:25:63:DC:E2:3D:B5:B4:08:55:1A:9B:88:2A:2E
ValidityWed, 29 Nov 2023 02:50:21 GMT - Tue, 27 Feb 2024 02:50:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjIuMDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlBSRUQtMjI1JTJDSXN0cmklMkNZYW5nJTJDQm9zYW4lMkNUaW5nZ2FsJTJDRGklMkNQZWRlc2FhbiUyQyVFMiU4MCU5MyUyQ01hcmlhJTJDTmFnYWklMkNQb29wSEQifQ== HTTP/1.1
Host: aba744c125.df4a3bc10a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:17 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=114039
204 No Content 60 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash 11ef28febd84a9b383637787c3583019
4edd6cb0f09f3f737e012e417569ffad7d7c5de3
49efe1a2f9b41446ca7028289dda1b7a22a56c1f55fa3f466b51364cdd9be3d9
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23170
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 60
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.media
Set-Cookie: id=9763552704160648716; Expires=Sun, 01 Dec 2024 17:22:17 GMT; Secure; SameSite=None
Vary: Origin
skiofficerdemote.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
200 OK 3.5 kB URL GET HTTP/1.1 skiofficerdemote.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectskiofficerdemote.com
FingerprintB4:6F:3A:BD:FF:FE:15:51:53:8C:D2:EB:9B:13:BE:14:D1:BC:BD:EE
ValidityTue, 28 Nov 2023 11:02:22 GMT - Mon, 26 Feb 2024 11:02:21 GMT
File type JSON data\012- , ASCII text, with very long lines (5655), with no line terminators
Hash 00ac7aaca2af31b85d75fa5730eef949
0eb59e5c14142eb7ac4a1f01f6708f017b9e79a9
fcd5fc595c220905485a6df74910cbec31c3b0905567e78d427874dce5c8e6b7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://poop.media
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21379104; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 17:22:17 GMT; secure; SameSite=None
slec3588e7c3f5b48aac06ae83e5126f8dcc=[4690994]; expires=Sat, 02 Dec 2023 17:22:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f808be73b53253ffe2502fe8f9afe498
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
nereserv.com/in/dip?site=native-push&wl=1&event_id=4a9f68e1-a395-4994-9f6f-cf11eb425553&subid=357529620&sid=3006084107&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=4a9f68e1-a395-4994-9f6f-cf11eb425553&subid=357529620&sid=3006084107&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=4a9f68e1-a395-4994-9f6f-cf11eb425553&subid=357529620&sid=3006084107&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
accordancespotted.com/pixel/pure
200 OK 0 B URL POST HTTP/1.1 accordancespotted.com/pixel/pure
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectaccordancespotted.com
FingerprintD8:3A:F2:F4:A3:CF:57:5C:BB:EF:B6:7D:9B:80:F2:A0:8B:81:BB:AA
ValidityTue, 28 Nov 2023 10:41:23 GMT - Mon, 26 Feb 2024 10:41:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
nereserv.com/in/dip?site=native-push&wl=1&event_id=99001bf4-a598-441b-b948-d0edd57eecbb&subid=388464194&sid=1210775973&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
0 B URL nereserv.com/in/dip?site=native-push&wl=1&event_id=99001bf4-a598-441b-b948-d0edd57eecbb&subid=388464194&sid=1210775973&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=99001bf4-a598-441b-b948-d0edd57eecbb&subid=388464194&sid=1210775973&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 27 kB URL GET HTTP/3 friendshipmale.com/sfp.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9a31bad896bd28bc869a734d40d7e2e6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 02 Dec 2023 17:22:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xJP%2BkYOb1SP3IynZ3gR7zsUtgGK4qrUdmHrOPIupOvp2Krk6vRuCAa6O%2Bm3oTYauxE1w%2B6dsRNRG7iu72zhcl86dHPKefsbWLuSVnn8OKe205DUrMU38htsVpcIQZ%2FfXYgY2Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540467bd823ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
nereserv.com/in/dip?site=native-push&wl=1&event_id=c5444521-235f-42ee-81ec-bd414019cc78&subid=357529620&sid=3695565071&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=c5444521-235f-42ee-81ec-bd414019cc78&subid=357529620&sid=3695565071&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=c5444521-235f-42ee-81ec-bd414019cc78&subid=357529620&sid=3695565071&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVUS0xMTQlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0=
200 OK 0 B URL GET HTTP/2 aba744c125.df4a3bc10a.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVUS0xMTQlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectaba744c125.df4a3bc10a.com
Fingerprint00:DB:99:EF:9E:F9:25:63:DC:E2:3D:B5:B4:08:55:1A:9B:88:2A:2E
ValidityWed, 29 Nov 2023 02:50:21 GMT - Tue, 27 Feb 2024 02:50:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI4MzMxMzE3MTAwODUxMDczMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOTMuMSIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkpVUS0xMTQlMkNNYXJpYSUyQ05hZ2FpJTJDUG9vcEhEIn0= HTTP/1.1
Host: aba744c125.df4a3bc10a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:17 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
pronedynastyimpertinence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
200 OK 7 B URL GET HTTP/1.1 pronedynastyimpertinence.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectpronedynastyimpertinence.com
Fingerprint5B:76:FB:DD:60:B4:7A:A2:03:07:FC:6C:A0:6A:FA:99:13:E4:63:75
ValidityTue, 28 Nov 2023 08:14:49 GMT - Mon, 26 Feb 2024 08:14:48 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08f415ae947d9a48b3abad012ea3c0ce
Strict-Transport-Security: max-age=0; includeSubdomains
omitpollenending.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFACwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36qu9%2FIKEyOn55iemL5Wi841K4L%2BzJTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbvvhUGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyBiQfv7z921NINoJOfrwrXCcz6bsfJbmimbHo8qPPdEebQiO5KmPrIdZHs2kYNybk22sw%2BmimAKa7P1GASI6J92eISB%2FNaCLqHlwyjRSERsSvo%2BiOINQIko7AzENI%2FowAjGN9Azo5XDe2oDuXKJ2gYzL34l%2FIYkzm%2Fr4BnRwvKdnz7xuVZ9Joh15cQvZGkO0R0vwUWd%2BDLE7Bsi8h%2Be9k%2FsUadLK%2F4ZSB5OVUvZQjyHgEJQagzkM%2BOdJDHnvIUw8JP%2FdpoxUHwWIcxbVas84Yq9UYazQXeIPX6s04QM4m9AbI0gGYGoDZXaR2Fx05gM1%2Fhtsu4bgHl42J9%2BkuurxEIQgKR1BQgkISFBlB0S0PuHJVVx5y5fIonOXqLNfKocnae%2FTAZG2hCagd7KUX5PWJN95y00dHnPu1RrMpFlktbkT1JqUsWKCiWRONsLoQNzljcLKEdNemcvtyTMJbN5HKMXnlrxNE9BROnYLJ10Dzt0CL4WI1AN0e1psB%2BvpxakxaSQSXFNyUSLM5ZDvenrogb043tPJNFYKd3Xn7%2Bcrxjf5zMFsitSW%2BkL8QtNWj4T1TkP17pnDk6UaayUT26WR79zOaibnHH4udwli%2BetcNvv%2BATYBJ%2BeSBcNka1VzqtiM%2FLEnOhV02lgny06rbEtFm7raXcqvzdG3zw%2BXVJLXCOWn0CFQ%2B%2B%2FwETI7Jq4fz039587sE0o5g8xJJfkZmAWlOwdJduPTszvUJ95VjOENg1dVMlHoo8nJoq9HVo5IESlz1NCrhxJUFkTg7%2BecS23OP0LYeaPYQOinRtSW6qgRVA7j8pWGW2rP3%2F6hNA5HyhpGy3n6krPr60lonz33RiINYBFURxa0oXqQBb8X1VkRboViMGjRE5sai0%2F71PwAAAP%2F%2FAQAA%2F%2F%2BOT5zFbwQAAA%3D%3D
7 B URL omitpollenending.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFACwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36qu9%2FIKEyOn55iemL5Wi841K4L%2BzJTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbvvhUGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyBiQfv7z921NINoJOfrwrXCcz6bsfJbmimbHo8qPPdEebQiO5KmPrIdZHs2kYNybk22sw%2BmimAKa7P1GASI6J92eISB%2FNaCLqHlwyjRSERsSvo%2BiOINQIko7AzENI%2FowAjGN9Azo5XDe2oDuXKJ2gYzL34l%2FIYkzm%2Fr4BnRwvKdnz7xuVZ9Joh15cQvZGkO0R0vwUWd%2BDLE7Bsi8h%2Be9k%2FsUadLK%2F4ZSB5OVUvZQjyHgEJQagzkM%2BOdJDHnvIUw8JP%2FdpoxUHwWIcxbVas84Yq9UYazQXeIPX6s04QM4m9AbI0gGYGoDZXaR2Fx05gM1%2Fhtsu4bgHl42J9%2BkuurxEIQgKR1BQgkISFBlB0S0PuHJVVx5y5fIonOXqLNfKocnae%2FTAZG2hCagd7KUX5PWJN95y00dHnPu1RrMpFlktbkT1JqUsWKCiWRONsLoQNzljcLKEdNemcvtyTMJbN5HKMXnlrxNE9BROnYLJ10Dzt0CL4WI1AN0e1psB%2BvpxakxaSQSXFNyUSLM5ZDvenrogb043tPJNFYKd3Xn7%2Bcrxjf5zMFsitSW%2BkL8QtNWj4T1TkP17pnDk6UaayUT26WR79zOaibnHH4udwli%2BetcNvv%2BATYBJ%2BeSBcNka1VzqtiM%2FLEnOhV02lgny06rbEtFm7raXcqvzdG3zw%2BXVJLXCOWn0CFQ%2B%2B%2FwETI7Jq4fz039587sE0o5g8xJJfkZmAWlOwdJduPTszvUJ95VjOENg1dVMlHoo8nJoq9HVo5IESlz1NCrhxJUFkTg7%2BecS23OP0LYeaPYQOinRtSW6qgRVA7j8pWGW2rP3%2F6hNA5HyhpGy3n6krPr60lonz33RiINYBFURxa0oXqQBb8X1VkRboViMGjRE5sai0%2F71PwAAAP%2F%2FAQAA%2F%2F%2BOT5zFbwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFACwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36qu9%2FIKEyOn55iemL5Wi841K4L%2BzJTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbvvhUGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyBiQfv7z921NINoJOfrwrXCcz6bsfJbmimbHo8qPPdEebQiO5KmPrIdZHs2kYNybk22sw%2BmimAKa7P1GASI6J92eISB%2FNaCLqHlwyjRSERsSvo%2BiOINQIko7AzENI%2FowAjGN9Azo5XDe2oDuXKJ2gYzL34l%2FIYkzm%2Fr4BnRwvKdnz7xuVZ9Joh15cQvZGkO0R0vwUWd%2BDLE7Bsi8h%2Be9k%2FsUadLK%2F4ZSB5OVUvZQjyHgEJQagzkM%2BOdJDHnvIUw8JP%2FdpoxUHwWIcxbVas84Yq9UYazQXeIPX6s04QM4m9AbI0gGYGoDZXaR2Fx05gM1%2Fhtsu4bgHl42J9%2BkuurxEIQgKR1BQgkISFBlB0S0PuHJVVx5y5fIonOXqLNfKocnae%2FTAZG2hCagd7KUX5PWJN95y00dHnPu1RrMpFlktbkT1JqUsWKCiWRONsLoQNzljcLKEdNemcvtyTMJbN5HKMXnlrxNE9BROnYLJ10Dzt0CL4WI1AN0e1psB%2BvpxakxaSQSXFNyUSLM5ZDvenrogb043tPJNFYKd3Xn7%2Bcrxjf5zMFsitSW%2BkL8QtNWj4T1TkP17pnDk6UaayUT26WR79zOaibnHH4udwli%2BetcNvv%2BATYBJ%2BeSBcNka1VzqtiM%2FLEnOhV02lgny06rbEtFm7raXcqvzdG3zw%2BXVJLXCOWn0CFQ%2B%2B%2FwETI7Jq4fz039587sE0o5g8xJJfkZmAWlOwdJduPTszvUJ95VjOENg1dVMlHoo8nJoq9HVo5IESlz1NCrhxJUFkTg7%2BecS23OP0LYeaPYQOinRtSW6qgRVA7j8pWGW2rP3%2F6hNA5HyhpGy3n6krPr60lonz33RiINYBFURxa0oXqQBb8X1VkRboViMGjRE5sai0%2F71PwAAAP%2F%2FAQAA%2F%2F%2BOT5zFbwQAAA%3D%3D HTTP/1.1
Host: omitpollenending.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87449b3a0eb150951ebdb957c0970020
Strict-Transport-Security: max-age=0; includeSubdomains
storage.multstorage.com/log/count.html
200 OK 390 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint1F:90:8C:BB:6B:B0:99:41:3A:23:DF:A4:57:1A:25:0F:88:BA:C6:DE
ValidityMon, 20 Nov 2023 10:07:51 GMT - Sun, 18 Feb 2024 10:07:50 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (700)
Hash b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: b74a3c84e0f28023810dce9a5c468c73
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKpG9YygXYTTii%2BAT1QDfBV85UjF8ki5KOQ33q%2BtCos1dpuiDz6PoGw9xXSUqtmkDyU2C%2FM1cCSuNKQdhHw63cmNKZrWHGfuUobzb%2BgWiixB6MbrT2Acfv2tsXhkuXzCM2l%2FDZ7Viz8CEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540431f335697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:17 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
undertakinghomeyegg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
200 OK 7 B URL GET HTTP/1.1 undertakinghomeyegg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectundertakinghomeyegg.com
Fingerprint69:99:4A:A1:A8:2C:4D:27:B7:E7:73:23:6C:ED:8B:DB:98:7C:CB:95
ValidityTue, 28 Nov 2023 10:34:25 GMT - Mon, 26 Feb 2024 10:34:24 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA HTTP/1.1
Host: undertakinghomeyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 898d279218d3aec92612f9e321118487
Strict-Transport-Security: max-age=0; includeSubdomains
skiofficerdemote.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
200 OK 7 B URL GET HTTP/1.1 skiofficerdemote.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectskiofficerdemote.com
FingerprintB4:6F:3A:BD:FF:FE:15:51:53:8C:D2:EB:9B:13:BE:14:D1:BC:BD:EE
ValidityTue, 28 Nov 2023 11:02:22 GMT - Mon, 26 Feb 2024 11:02:21 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeFkCwo4HCWhg%2FwNB2LPMZCD4oOq9V987fN%2F36pu9%2FIKEyOn55memL5Wi841K4L%2B3JTU3hfPXH%2FhhUAlu%2B1tSL9Rv%2B73JZbsfhEGjEtzyVwTrmPlqEAZBGIT%2BsrQiNr35KQqZPmmFlVZQqVcrYaOOnv1%2F73IPjnrg3QvyFiQfv7r97CkkG0EnP98VrpOZ9P1PklzRzFh0%2BdEXuqNNoZFclbH1EOuj2TSMGxPy%2FTUYfTRTANPdnyhAJMfE%2BzNEpI9mNBF1Dy6ZRgpCI%2BLXUXRHEGoESUdg5iEkf04AxrG%2BAZ0crhtb0J1LlE7QMZl7%2BS9kMSZzf9%2BATo6XlOz5943KM2m0Qy8uIXsjyPYIaX6KrO9BFqdg2deQ%2FHcy%2F3INOtnfcMpA8nKqXsoRZDyCEgNQ5yGfHOkhjz3kqYeEn%2Fu00YqDYDGO4lqtWWeM1WqMNZoLvMFr9WYcIGcTegNk6QBMDcDsLlK7i44cwOa%2Fwm2XcNyDy8bE%2B3wXXV6iEASFIygoQSEJioyg6JYHXLmqKw%2B5cnkUznJ1lmvl0GTtPXpgsrbQBNQO9tIL8ubEG2%2B56aMjzv1ao9kUi6wWN6J6k1IWLFDRrIlGWF2Im5wxOFlCumtTuX05JuGtm0jlmLz21wkiegqnTsHkG6D5O6DFcLEagG4P680Aff04NSatJIJLCm5KpNkcsh1vT12Qt6cbWvmuCsHO7rz7YuX4Rv8FmC2R2hJfyd8I2urR8J4pyP49UzjydCPNZCL7dLK9%2BxnNxNzjT8VOYSxfvesGP37EJsCkfPJAuGyNai5125GfliTnwi4bywT5ZdVtiWgzd9tLudV5urb58fJqklrhnDR6BCqff3kCJsfk9cP56b%2B8%2BUMCaUeweYkkPyOzgDSnYOkuXHp25%2FqE%2B8oxnCGw6momSj0UeTm01ejqUUkCJa56GpVw4sqCSJyd%2FHOJ7blHaFsPNHsInZTo2hJdVYKqAVz%2ByjBL7dmHf9SmgUh5w0hZbz9SVn17aa2T575oxEEsgqqI4lYUL9KAt%2BJ6K6KtUCxGDRoic2PRaT%2F7DwAA%2F%2F8BAAD%2F%2Fxh%2Fm7JvBAAA HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08e89c68b6a66b74b2b15d2696418c74
Strict-Transport-Security: max-age=0; includeSubdomains
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.media/
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
code.jquery.com/jquery-latest.min.js
200 OK 33 kB URL GET HTTP/2 code.jquery.com/jquery-latest.min.js
IP
Requested by https://metrolagu.cam/watch?v=PCyN4TuzZ5M
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (32086)
Hash 8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
GET /jquery-latest.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1762a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 02 Dec 2023 17:22:18 GMT
age: 6735536
x-served-by: cache-lga21983-LGA, cache-bma1627-BMA
x-cache: HIT, HIT
x-cache-hits: 12, 247545
x-timer: S1701537738.223490,VS0,VE0
vary: Accept-Encoding
content-length: 33202
X-Firefox-Spdy: h2
fikedaquabib.com/rotaInGRWQGA24/64343
200 OK 20 B URL GET HTTP/1.1 fikedaquabib.com/rotaInGRWQGA24/64343
IP
Requested by https://metrolagu.cam/video?q=Marion+Jola+Serious
Certificate IssuerLet's Encrypt
Subjectfikedaquabib.com
FingerprintF4:08:72:98:1C:B0:81:F0:17:C1:66:60:A7:4E:B2:9A:70:25:75:54
ValiditySat, 11 Nov 2023 23:42:59 GMT - Fri, 09 Feb 2024 23:42:58 GMT
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 02 Dec 2023 17:22:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
200 OK 9.9 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Hash 820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd
GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 290219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aaWCEX3mxwsnAm1dyOWTEozJs9XvspwQ0mNU4%2BYUEc%2F5Z5BeI757ufNlnE5yU5HDt3OaX1Y%2BTEZZ0QiMt3y8fVx0gQSFlPovlmh4WYbGar%2FIgD1VIUCklubBhQoKUAwvDo9CBIlwOudU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405018324177-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
200 OK 9.9 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Hash 820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd
GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2127470
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLqI790sO%2FaxWZug9jvEZbp5UTxURmbSsWyqns%2BR63RUJjKIVjGFW19NDiubHQ4SojwddeSWx2hi%2FK%2FhzNP7tYsybYQ02UpvWTrxZaIyqO0EXDFq1Nc4OiTQIz68G434To3144seZdGI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540504aa1653b-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
200 OK 9.9 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Hash 820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd
GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2127470
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFCwjISMdDv0T2XLtfKfKzanmZkz4IPDNgvOM8QgNbaTucQ6md170mHeBJ67PzNUZd6n0nhrxtOkVg2EM%2BIJLng2aba4XGGkvXnp%2FHf3psuaUgstlXdOELPz%2FPEModvKnIhsdNMrx%2BUt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540505ace653b-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.doodcdn.co/snaps/oikmsdd3ta5ygjlm.jpg
200 OK 40 kB URL GET HTTP/3 img.doodcdn.co/snaps/oikmsdd3ta5ygjlm.jpg
IP
Requested by https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 404x405, segment length 16, progressive, precision 8, 720x404, components 3\012- data
Hash b47c1edbc1e3d0198c0527e521c8d0b3
2a59013fedf07807613a83bed6e97c0d8b43aef2
03e69e9c5b88b07e59f5a3ef358f9060079ef3319ac20b598dadcec159c931fb
GET /snaps/oikmsdd3ta5ygjlm.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/jpeg
content-length: 40240
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=40583
etag: "6561fa86-9e87"
expires: Sat, 16 Dec 2023 16:19:07 GMT
last-modified: Sat, 25 Nov 2023 13:45:42 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAu4foGyEWT8AAGfsKAYZbCk8iNwyY62wWt%2FVWs9M%2Fd9ByU8wBDMr8VCjsniMwtoHQCwqOKOWYe6B0QCZcSE48%2FuodazFAAwd%2Btlw9K%2F%2BT8KCVypBHMfHovysbgDlauE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5404fff8a5685-OSL
alt-svc: h3=":443"; ma=86400
rollerstrayprawn.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
200 OK 3.5 kB URL GET HTTP/1.1 rollerstrayprawn.com/sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectrollerstrayprawn.com
Fingerprint9E:74:D1:93:DF:47:C6:06:84:EA:02:9E:E8:F3:B5:CF:52:D3:9F:D0
ValidityTue, 28 Nov 2023 10:59:19 GMT - Mon, 26 Feb 2024 10:59:18 GMT
File type JSON data\012- , ASCII text, with very long lines (5675), with no line terminators
Hash 3f12d0bc23740c15106e03e24625897f
804aef3c0038b0993679141f8a875b08ffd38f4d
7ceb1a5e0d2811da8553874c84a5b23d2f2b43d2066006287109d0c25ba2360e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=3588e7c3f5b48aac06ae83e5126f8dcc HTTP/1.1
Host: rollerstrayprawn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://poop.media
Access-Control-Allow-Origin: https://poop.media
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21379104; expires=Sun, 03 Dec 2023 17:22:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 03 Dec 2023 17:22:18 GMT; secure; SameSite=None
uncs=1; expires=Sun, 03 Dec 2023 17:22:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 03 Dec 2023 17:22:18 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 03 Dec 2023 17:22:18 GMT; secure; SameSite=None
slec3588e7c3f5b48aac06ae83e5126f8dcc=[4690994]; expires=Sat, 02 Dec 2023 17:22:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 02c91499238f39e96e774d9df7bb1571
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
yu2be.com/watch?v=ZyY71Ps5xRk
200 OK 0 B URL HEAD HTTP/2 yu2be.com/watch?v=ZyY71Ps5xRk
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectwww.yu2be.com
Fingerprint8D:36:15:EF:E6:E5:71:F4:C8:8A:92:73:75:5C:99:FC:20:A4:5D:33
ValiditySun, 22 Oct 2023 23:10:41 GMT - Sat, 20 Jan 2024 23:10:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /watch?v=ZyY71Ps5xRk HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 4.8 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (36613), with no line terminators
Hash 2ef7b9dd3c33c8d4ac16c2efad19ffb8
c19d895f2de5c66ff0a9ab9141d5226f291b920a
8c6a0202f56a9286732b0a9a347c321b6bde9a02a6e474c0904279b414ab39c5
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1576
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 4821
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/3 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:51ne6nb2R0MqzCi2CxC8KYvEQlsMoA:vPK6FfFgWG_dh9GQ; Expires=Mon, 01-Dec-2025 17:22:18 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:18 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1ohWGRNnYz0tvroDxv64m5AFcGKu-roUxApbNMHIzo_zDxqjD6Qfsll3Dh1zCkzt9jGUkmEw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-BfIKLOhidy1pa2vp44eiRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 4.8 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (36593), with no line terminators
Hash 8af749a6667f3d1a643a6295f7f16a8b
797adb449ba080d723a30a7c5cbd807fd5d0440a
4f2ed65876034e6da09ce0b86ae96d3b32729dfaa0cef4ae3cf61bd5185c3322
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1643
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 4812
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 3.3 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (36343), with no line terminators
Hash a8c0208984db9c8d7dd7bde24ad1dd98
08055aba45b78d8ae26573825c2c834a58797afd
306af5503fc37df7a11b9ccffcf64d17bd096df762cd2808f973202a5515961c
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1576
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 3276
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 4.8 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (36603), with no line terminators
Hash 0f0161796c65cd1d6ff7378d0f835bc6
97c4546e50c93e7c38ab3db72c0af894d692bf9a
c4558688974369e0cdb2341ff4a378d5beba116f0e462439a27063c2a4ce7e88
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1644
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 4814
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
storage.multstorage.com/log/count.html
200 OK 390 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint1F:90:8C:BB:6B:B0:99:41:3A:23:DF:A4:57:1A:25:0F:88:BA:C6:DE
ValidityMon, 20 Nov 2023 10:07:51 GMT - Sun, 18 Feb 2024 10:07:50 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (700)
Hash b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: efa4a615d986a874ef9e600c29b0f0c0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=abCrG1BLwRjE07PqelGHH%2B3BJcSEZ%2Fw4wc8Uiq0chsy4v%2FrGJ9mK0w8NxTe1%2FdlBJHnSz9gFQJ52YEA%2BNGIM7Vz0sKY2muzzLddcugLbHT7FuNkUwfOAKUnWRKvtQe33I2bgIAwtaiVDLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540431f3f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 5.7 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (41701), with no line terminators
Hash 94fc2e9d1b16a0bc24215b1382e54586
165a089894a0fae1f83b8ef6f634d56a7e9badae
0a9c12ee4d6da99575e03201d5c3c13bf6154217cd3da30304201c5e30d71b6a
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1637
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 5725
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
200 OK 9.9 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Hash 820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd
GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2127470
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcLk1IYqEsQzHtGtzTaCXLl%2Bl7uBUJOE4TzIugdE2z%2F6YK77D75EoiwE3SGYD81sG100JoF%2FJ5JzM44h3%2FFwq7d4JVWTQ9dbKA95MNMghSZyO7TMDDvFMTeiP5NTqD1RJyInMKNy1fOJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54052bb7263b3-LHR
alt-svc: h3=":443"; ma=86400
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/3 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:3KW1-AYQ-eMiGnjvf_RmPb3T3wRQcA:Gv_fR3GgzZcCYWXm; Expires=Mon, 01-Dec-2025 17:22:18 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:18 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2PvMkmUVm1upXxVW7RS9gd9CXHkExYIJYRFa6lyLurA9COegvSvjCtk_m8DGddRVg45GtIvA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-i7qUZ6KhztSdCi_SZ5Yc9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 5.3 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (57805), with no line terminators
Hash 3a2a81805032379aaab58e269599dbf5
3219727685ed1b6cf0ebcb2e4a9e363aa867f908
d03e1322ba9981d6714c37a8d4d867551041d7e1619c702f2157976a8f2e2d80
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1615
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 5252
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 5.3 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (57981), with no line terminators
Hash 44e4ee27f0432d79ea828de6bfea295d
414adbf396b64c1994c5a1f094462a9db07c5dcd
57f4a85c730a6fc94d3649648cb98c35b09bb2cff08583e155df8363fd2a5313
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1615
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 5263
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 4.8 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (36613), with no line terminators
Hash a748fbfb21cfcc9b98c918b3ed478a3c
6b0a1cada2da21fce3e04a1121670ef25caeff2f
62caf31bccce4d4334d6bc2396436decc914536d2e558f1055770bf25728df1e
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1561
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 4822
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 3.8 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (30527), with no line terminators
Hash 7c9998adcbe14c4f73ad6742b4ae239c
c4ef3f75b791819b2c059c031e5de3dbf7ee5d44
799d25dcff9e0ec0859ec0b864e41714a95d436c00cd8090b7302d375cbf0cb7
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1638
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 3835
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
undertakinghomeyegg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 undertakinghomeyegg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectundertakinghomeyegg.com
Fingerprint69:99:4A:A1:A8:2C:4D:27:B7:E7:73:23:6C:ED:8B:DB:98:7C:CB:95
ValidityTue, 28 Nov 2023 10:34:25 GMT - Mon, 26 Feb 2024 10:34:24 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D HTTP/1.1
Host: undertakinghomeyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e14f304395598b37533ca69b337edc3d
Strict-Transport-Security: max-age=0; includeSubdomains
d834c8bfc5.e468aaeee7.com/in/multy
204 No Content 5.2 kB URL OPTIONS HTTP/2 d834c8bfc5.e468aaeee7.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
File type JSON data\012- , ASCII text, with very long lines (57583), with no line terminators
Hash dbf74a2196c016fa7583e48157d11cbd
efc112fd28b9f7b36bb0f219fab744427b36b06c
b0ed4d25d7b0eba90ee7075894aa57df1551948271619f0c74c88d6efd1496bb
POST /in/multy HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1561
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/json
content-length: 5234
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=okpBFc-zwx_vZ-amTHC-VSJCoTKhZIBtzy887cAA5fLvcH1nZ2WPmgTfOv1j9nmCW9CBksLpBKV5Q9UOHypoxmWAL10Z1RdOnrcioG63Jfvwh5Iqlws2ao0nB2L4QsRtiDykLXkGz3PWcWPk6oY8heAYNuVvjBnN-wXYcFdLegUKn180mw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,130,108,5,0,123,83,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=667fbc4c-0091-4bf2-a6c1-eadbe9c4e6e0
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=okpBFc-zwx_vZ-amTHC-VSJCoTKhZIBtzy887cAA5fLvcH1nZ2WPmgTfOv1j9nmCW9CBksLpBKV5Q9UOHypoxmWAL10Z1RdOnrcioG63Jfvwh5Iqlws2ao0nB2L4QsRtiDykLXkGz3PWcWPk6oY8heAYNuVvjBnN-wXYcFdLegUKn180mw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,130,108,5,0,123,83,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=667fbc4c-0091-4bf2-a6c1-eadbe9c4e6e0
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=okpBFc-zwx_vZ-amTHC-VSJCoTKhZIBtzy887cAA5fLvcH1nZ2WPmgTfOv1j9nmCW9CBksLpBKV5Q9UOHypoxmWAL10Z1RdOnrcioG63Jfvwh5Iqlws2ao0nB2L4QsRtiDykLXkGz3PWcWPk6oY8heAYNuVvjBnN-wXYcFdLegUKn180mw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,130,108,5,0,123,83,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=667fbc4c-0091-4bf2-a6c1-eadbe9c4e6e0 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
skiofficerdemote.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 skiofficerdemote.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectskiofficerdemote.com
FingerprintB4:6F:3A:BD:FF:FE:15:51:53:8C:D2:EB:9B:13:BE:14:D1:BC:BD:EE
ValidityTue, 28 Nov 2023 11:02:22 GMT - Mon, 26 Feb 2024 11:02:21 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3ad0d81f619493fd26c65ae913c39246
Strict-Transport-Security: max-age=0; includeSubdomains
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=EMtTZ4Urg8Uyl88eGE5DyEnd8hsPHNNgbgSW_DDRLmpnKkBDDFDqqQmj8XbKyNSKCwVIMUABfXEodlcJL71BpAWW86At9kh4664clvRIdv9ipKUMyHR6VloO2fiST6dremkUvMUa7CWwX4RtIQiR_5pnIRiW5uOYAOivXJHLht2_WfUbYw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,129,130,108,0,83,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=f17df2f9-e2cb-4de2-9e82-699024e4e250
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=EMtTZ4Urg8Uyl88eGE5DyEnd8hsPHNNgbgSW_DDRLmpnKkBDDFDqqQmj8XbKyNSKCwVIMUABfXEodlcJL71BpAWW86At9kh4664clvRIdv9ipKUMyHR6VloO2fiST6dremkUvMUa7CWwX4RtIQiR_5pnIRiW5uOYAOivXJHLht2_WfUbYw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,129,130,108,0,83,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=f17df2f9-e2cb-4de2-9e82-699024e4e250
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=3757530870&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3D-xXfCj7zHmTDU48PXxevj7qYo-A2Q9D7xvR-Ya5FW041FaJXyGtcQZDsB1PrGerD2CHhesRz8a5Tw6tTKF0GsjNvNYxEGWYxIqizdV4Z7SNrwibn-L2lCcHuWwJl-hGyN1zk31_nsgTMABytacgoBhDvVb66os7RsaerLQPN53mxXez7Y1P6DW4vt4Z9Y8Udvv435Ftr13_HY-yZelPQDMzd7DIFVEkjyxo6sJca3IMwnPM524mu14pTehshTqZcJ9z8wLGZMtYb7qEBh_MmgBthXtot_C2tNfrrZY2GQcHKThEo1DyRtLNRWJN88_aPwBgyIFXTCCeIarXpo0WhXq8d3VwmL7dS9G4wAFbu-uunJWBcK3EmiZMkHsIjdPDiYwlRqmHW93DGUvrH_7ThTOGHmCG-nBAgZ2Hh-D-u2M33GYWXf9YyeCa1fMAtq2QQyBHmFwM9vWETY9AlxjKPFXwH8BjjtJPrkFTfEv5Ypkx-GPZ9IfXgcj_w-BealJ8rDyKY_N3RFR1UIIokbi5y_mo765ATmOIpgH0sD4OVHO8A9ZT1NnQJVkk9ouJKf3skZAWIm9cpOr7CL7kf1nF8x8HFYuGR4t2L5l7Cw8DeHZxOHd_CAm3jbIt_8NM6iizVt2_WO02nwP8JetiCBvRpfun5dtSyS6gCEqoxpcL1HgfkD7G-X0PsJZJDz8GI44th6WW53W_o87Kql8xT&icons=EMtTZ4Urg8Uyl88eGE5DyEnd8hsPHNNgbgSW_DDRLmpnKkBDDFDqqQmj8XbKyNSKCwVIMUABfXEodlcJL71BpAWW86At9kh4664clvRIdv9ipKUMyHR6VloO2fiST6dremkUvMUa7CWwX4RtIQiR_5pnIRiW5uOYAOivXJHLht2_WfUbYw&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8947420396790586468&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=763e0bf64059e329bd7156f7c7f9871f&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,129,130,108,0,83,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=f17df2f9-e2cb-4de2-9e82-699024e4e250 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
rollerstrayprawn.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeNGAsONBAhrY%2F0AQ9iwzGQg%2BqHrv1fcO3%2Fe9%2BmovvyAhcnq%2B%2BYnpS6XofKMS%2BO9sSc1N4fz1B34YVILb%2FpbUC%2FXbfm9y2e57YdCoBLf8FcE6Zr4ahEEQBqG%2FLK2ITW9%2BikKmT1phpRVU6tVK2KijZ%2F%2Ffu9yDox5494K8AcnHL2%2F%2F%2BhSSjaCTH%2B8K18lM%2Bu5HSa5oZiy6%2FOgz3dGm0Eiuyth6iPXRbBrGjQn59hqMPpopgOnuTxQgkmPi%2FRki0kczmoi6B5dMIwWhEfHrKLojCDWCpCMw8xCSPyMA41jfgE4O140t6M4lSifomMy9%2BBeyGJO5v29AJ8dLSvb8%2B0blmTTaoReXkL0RZHuEND9F1vcgi1Ow7EtI%2FjuZf7EGnexvOGUgeTlVL%2BUIMh5BiQGo85BPjvSQxx7y1EPCz33aaMVBsBhHca3WrDPGajXGGs0F3uC1ejMOkLMJvQGydACmBmB2F6ndRUcOYPOf4bZLOO7BZWPifbqLLi9RCILCERSUoJAERUZQdMsDrlzVlYdcuTwKZ7k6y7VyaLL2Hj0wWVtoAmoHe%2BkFeX3ijbfc9NER536t0WyKRVaLG1G9SSkLFqho1kQjrC7ETc4YnCwh3bWp3L4ck%2FDWTaRyTF756wQRPYVTp2DyNdD8LdBiuFgNQLeH9WaAvn6cGpNWEsElBTcl0mwO2Y63py7Im9MNrXxThWBnd95%2BvnJ8o%2F8czJZIbYkv5C8EbfVoeM8UZP%2BeKRx5upFmMpF9Otne%2FYxmYu7xx2KnMJav3nWD7z9gE2BSPnkgXLZGNZe67cgPS5JzYZeNZYL8tOq2RLSZu%2B2l3Oo8Xdv8cHk1Sa1wTho9ApXPPj8Bk2Py6uH89F%2Fe%2FC6BtCPYvESSn5FZQJpTsHQXLj27c33CfeUYzhBYdTUTpR6KvBzaanT1qCSBElc9jUo4cWVBJM5O%2FrnE9twjtK0Hmj2ETkp0bYmuKkHVAC5%2FaZil9uz9P2rTQKS8YaSstx8pq76%2BtNbJc1804iAWQVVEcSuKF2nAW3G9FdFWKBajBg2RubHotH%2F7DwAA%2F%2F8BAAD%2F%2F6IukitvBAAA
200 OK 7 B URL GET HTTP/1.1 rollerstrayprawn.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeNGAsONBAhrY%2F0AQ9iwzGQg%2BqHrv1fcO3%2Fe9%2BmovvyAhcnq%2B%2BYnpS6XofKMS%2BO9sSc1N4fz1B34YVILb%2FpbUC%2FXbfm9y2e57YdCoBLf8FcE6Zr4ahEEQBqG%2FLK2ITW9%2BikKmT1phpRVU6tVK2KijZ%2F%2Ffu9yDox5494K8AcnHL2%2F%2F%2BhSSjaCTH%2B8K18lM%2Bu5HSa5oZiy6%2FOgz3dGm0Eiuyth6iPXRbBrGjQn59hqMPpopgOnuTxQgkmPi%2FRki0kczmoi6B5dMIwWhEfHrKLojCDWCpCMw8xCSPyMA41jfgE4O140t6M4lSifomMy9%2BBeyGJO5v29AJ8dLSvb8%2B0blmTTaoReXkL0RZHuEND9F1vcgi1Ow7EtI%2FjuZf7EGnexvOGUgeTlVL%2BUIMh5BiQGo85BPjvSQxx7y1EPCz33aaMVBsBhHca3WrDPGajXGGs0F3uC1ejMOkLMJvQGydACmBmB2F6ndRUcOYPOf4bZLOO7BZWPifbqLLi9RCILCERSUoJAERUZQdMsDrlzVlYdcuTwKZ7k6y7VyaLL2Hj0wWVtoAmoHe%2BkFeX3ijbfc9NER536t0WyKRVaLG1G9SSkLFqho1kQjrC7ETc4YnCwh3bWp3L4ck%2FDWTaRyTF756wQRPYVTp2DyNdD8LdBiuFgNQLeH9WaAvn6cGpNWEsElBTcl0mwO2Y63py7Im9MNrXxThWBnd95%2BvnJ8o%2F8czJZIbYkv5C8EbfVoeM8UZP%2BeKRx5upFmMpF9Otne%2FYxmYu7xx2KnMJav3nWD7z9gE2BSPnkgXLZGNZe67cgPS5JzYZeNZYL8tOq2RLSZu%2B2l3Oo8Xdv8cHk1Sa1wTho9ApXPPj8Bk2Py6uH89F%2Fe%2FC6BtCPYvESSn5FZQJpTsHQXLj27c33CfeUYzhBYdTUTpR6KvBzaanT1qCSBElc9jUo4cWVBJM5O%2FrnE9twjtK0Hmj2ETkp0bYmuKkHVAC5%2FaZil9uz9P2rTQKS8YaSstx8pq76%2BtNbJc1804iAWQVVEcSuKF2nAW3G9FdFWKBajBg2RubHotH%2F7DwAA%2F%2F8BAAD%2F%2F6IukitvBAAA
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectrollerstrayprawn.com
Fingerprint9E:74:D1:93:DF:47:C6:06:84:EA:02:9E:E8:F3:B5:CF:52:D3:9F:D0
ValidityTue, 28 Nov 2023 10:59:19 GMT - Mon, 26 Feb 2024 10:59:18 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLrnRzLjHlzjmhCMSdxdydXqqupJOdVVTVX39GROwQXZ4wgePHa%2ByQ9dl%2BD%2BARKZeNGAsONBAhrY%2F0AQ9iwzGQg%2BqHrv1fcO3%2Fe9%2BmovvyAhcnq%2B%2BYnpS6XofKMS%2BO9sSc1N4fz1B34YVILb%2FpbUC%2FXbfm9y2e57YdCoBLf8FcE6Zr4ahEEQBqG%2FLK2ITW9%2BikKmT1phpRVU6tVK2KijZ%2F%2Ffu9yDox5494K8AcnHL2%2F%2F%2BhSSjaCTH%2B8K18lM%2Bu5HSa5oZiy6%2FOgz3dGm0Eiuyth6iPXRbBrGjQn59hqMPpopgOnuTxQgkmPi%2FRki0kczmoi6B5dMIwWhEfHrKLojCDWCpCMw8xCSPyMA41jfgE4O140t6M4lSifomMy9%2BBeyGJO5v29AJ8dLSvb8%2B0blmTTaoReXkL0RZHuEND9F1vcgi1Ow7EtI%2FjuZf7EGnexvOGUgeTlVL%2BUIMh5BiQGo85BPjvSQxx7y1EPCz33aaMVBsBhHca3WrDPGajXGGs0F3uC1ejMOkLMJvQGydACmBmB2F6ndRUcOYPOf4bZLOO7BZWPifbqLLi9RCILCERSUoJAERUZQdMsDrlzVlYdcuTwKZ7k6y7VyaLL2Hj0wWVtoAmoHe%2BkFeX3ijbfc9NER536t0WyKRVaLG1G9SSkLFqho1kQjrC7ETc4YnCwh3bWp3L4ck%2FDWTaRyTF756wQRPYVTp2DyNdD8LdBiuFgNQLeH9WaAvn6cGpNWEsElBTcl0mwO2Y63py7Im9MNrXxThWBnd95%2BvnJ8o%2F8czJZIbYkv5C8EbfVoeM8UZP%2BeKRx5upFmMpF9Otne%2FYxmYu7xx2KnMJav3nWD7z9gE2BSPnkgXLZGNZe67cgPS5JzYZeNZYL8tOq2RLSZu%2B2l3Oo8Xdv8cHk1Sa1wTho9ApXPPj8Bk2Py6uH89F%2Fe%2FC6BtCPYvESSn5FZQJpTsHQXLj27c33CfeUYzhBYdTUTpR6KvBzaanT1qCSBElc9jUo4cWVBJM5O%2FrnE9twjtK0Hmj2ETkp0bYmuKkHVAC5%2FaZil9uz9P2rTQKS8YaSstx8pq76%2BtNbJc1804iAWQVVEcSuKF2nAW3G9FdFWKBajBg2RubHotH%2F7DwAA%2F%2F8BAAD%2F%2F6IukitvBAAA HTTP/1.1
Host: rollerstrayprawn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:18 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2fe15173b3fa7f7d91623246b262f51d
Strict-Transport-Security: max-age=0; includeSubdomains
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=6ZYKLeHUjGs0iHvBW9E_U25NcJXUz0WjlV-ckCHXVqEZcVrtkvNX6q94VOARqSe04GFWlQVeICESTQB2bUmY0K_9971qC5JoAt3NiH9GwvD6bHLIb-_cEex5ohnIKqJucQiyJ0dQYiNukv3wJGZrdNk6vyk8ybMrJ0NpDtKR0z6CseoPMA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,83,130,108,0,123,4,129,5,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=b7af57f2-16f4-4952-a06c-11579bd1e790
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=6ZYKLeHUjGs0iHvBW9E_U25NcJXUz0WjlV-ckCHXVqEZcVrtkvNX6q94VOARqSe04GFWlQVeICESTQB2bUmY0K_9971qC5JoAt3NiH9GwvD6bHLIb-_cEex5ohnIKqJucQiyJ0dQYiNukv3wJGZrdNk6vyk8ybMrJ0NpDtKR0z6CseoPMA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,83,130,108,0,123,4,129,5,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=b7af57f2-16f4-4952-a06c-11579bd1e790
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=6ZYKLeHUjGs0iHvBW9E_U25NcJXUz0WjlV-ckCHXVqEZcVrtkvNX6q94VOARqSe04GFWlQVeICESTQB2bUmY0K_9971qC5JoAt3NiH9GwvD6bHLIb-_cEex5ohnIKqJucQiyJ0dQYiNukv3wJGZrdNk6vyk8ybMrJ0NpDtKR0z6CseoPMA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,83,130,108,0,123,4,129,5,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=b7af57f2-16f4-4952-a06c-11579bd1e790 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
undertakinghomeyegg.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 undertakinghomeyegg.com/pixel/sbs?c=1
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectundertakinghomeyegg.com
Fingerprint69:99:4A:A1:A8:2C:4D:27:B7:E7:73:23:6C:ED:8B:DB:98:7C:CB:95
ValidityTue, 28 Nov 2023 10:34:25 GMT - Mon, 26 Feb 2024 10:34:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: undertakinghomeyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=jXxAOEFyXDYHOGO4glHIz7IBroMtEMe7s7pSx5_snQAwthbYbyMi4XiHtPChJcAeLl5ADO20lk8Km_O4RNAO5YQ4Abv7BnYyezeJWxb0n7Gq0OejWtQ3U_4hLnRsk5Y4D5e8B2pWFgyAs9jRoBjtctRK5x0lPKup-a2rD1AZm_kfaKKaRg&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,0,4,83,5,108,123,89,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=56382712-5252-493f-b45f-912b7dcb772f
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=jXxAOEFyXDYHOGO4glHIz7IBroMtEMe7s7pSx5_snQAwthbYbyMi4XiHtPChJcAeLl5ADO20lk8Km_O4RNAO5YQ4Abv7BnYyezeJWxb0n7Gq0OejWtQ3U_4hLnRsk5Y4D5e8B2pWFgyAs9jRoBjtctRK5x0lPKup-a2rD1AZm_kfaKKaRg&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,0,4,83,5,108,123,89,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=56382712-5252-493f-b45f-912b7dcb772f
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=54752259&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DCN29aVrSKe6KTXysiSwggjGJlzkCBTKm9SD_3Heea6IdqfFST5fKglNwIlKJvbWwgN7JfskxSoMLLGEkId25BOlpdQeu4ek4QL2LaJ81j75aU4RSZ6a67Vv72LAITlC3RdBzHR9_gOzAdGx-RU8l7EH23dUP_BD0x2lPsGuf62jud0dmbf61zoRHvC-qp6k2l2ec9ZQg04N052q_eyg1P9Xng1-ONygvX0fSJ1dW02cELwpC3fsL-atUoIdb0wOwkJYHfB2Um1vF49f6JYXwynHDpSl2UBv2mDLSddb6_veYOkIG5tX9Q8SquSYFFR2SngjMXW5VvAPh6hX-lgh7TXoSWJ_ky8b_JkryKWctkd6QbSmGIzH3ityAXEIvo6E7xvI5B0LBmrB1X7vXAtR_owAyEG676X9xSDcueJD1wZzP1pjB4YoufROW8I3T1jLpLRV1_WzWWh5-60rdVIZmwshjBImoHIUQNrwti67VABpLdbIaWjNHWQ6ItZwPgR7XrXKDrjb-l2aYBc0NGsFXilt8DZteTWmVIOXNMMks0dzKCEAK7zMtnDmbAHJao3bxhIfCmaD_L0fqR-lr3n3nRVzsRJp71K4COdqCcFDCDbFyyu3LtshAt9gsA1Tqs8b6BVWvihdE2E_SIS3oBDqeCY_esW66j_eA4P-eyfff-Xiz5H8DJBJFOK3GcPSDjBfkfbN4yhoc139zF4EZ&icons=jXxAOEFyXDYHOGO4glHIz7IBroMtEMe7s7pSx5_snQAwthbYbyMi4XiHtPChJcAeLl5ADO20lk8Km_O4RNAO5YQ4Abv7BnYyezeJWxb0n7Gq0OejWtQ3U_4hLnRsk5Y4D5e8B2pWFgyAs9jRoBjtctRK5x0lPKup-a2rD1AZm_kfaKKaRg&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=4477245370949523140&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=0c278ddd179888073a853ed2b521c4bf&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,0,4,83,5,108,123,89,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=56382712-5252-493f-b45f-912b7dcb772f HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
metrolagu.cam/embed.css
200 OK 376 kB IP
ASN #39674 Yorkshire Tech Limited
Requested by https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type gzip compressed data, from Unix\012- data
Size 376 kB (375853 bytes)
Hash 9d4b0031ad9f428a3a9a083c1fac32b7
b1652d18b974673a4749e815341501afd600793f
bef02e3d7688ded216e67bd3008d1051f66405cff329206e998c00ed24faa043
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sun, 03 Dec 2023 05:22:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
metrolagu.cam/play.svg
200 OK 633 B IP
ASN #39674 Yorkshire Tech Limited
Requested by https://metrolagu.cam/video?q=dj+titkok+terbaru+2023
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (633), with no line terminators
Hash 85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/svg+xml
content-length: 633
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: "650c2028-279"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=7Xtnsy9qZaqT5-ochsLOvDXAu_HduvaedLnzf69dvKv6roHzktveUO01HvxGL10F8jTqlgPV9oXxmqqWZh3AiO4GxojYS6oc0XWetowwk-nZWQdZRYtJxoHbRk20fsaYQxmXkN_94UVOLKBoi_dr7LExnVx-micnDRMKL7RFr-0XXoCIxA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,5,27,129,130,108,0,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=904511d7-ea05-4b24-a0f1-5a9aeb263851
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=7Xtnsy9qZaqT5-ochsLOvDXAu_HduvaedLnzf69dvKv6roHzktveUO01HvxGL10F8jTqlgPV9oXxmqqWZh3AiO4GxojYS6oc0XWetowwk-nZWQdZRYtJxoHbRk20fsaYQxmXkN_94UVOLKBoi_dr7LExnVx-micnDRMKL7RFr-0XXoCIxA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,5,27,129,130,108,0,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=904511d7-ea05-4b24-a0f1-5a9aeb263851
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=7Xtnsy9qZaqT5-ochsLOvDXAu_HduvaedLnzf69dvKv6roHzktveUO01HvxGL10F8jTqlgPV9oXxmqqWZh3AiO4GxojYS6oc0XWetowwk-nZWQdZRYtJxoHbRk20fsaYQxmXkN_94UVOLKBoi_dr7LExnVx-micnDRMKL7RFr-0XXoCIxA&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,5,27,129,130,108,0,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=904511d7-ea05-4b24-a0f1-5a9aeb263851 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=028e2d3d-4ad8-4bdf-84d3-080d0dec003c&subid=357529620&sid=2627075476&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=028e2d3d-4ad8-4bdf-84d3-080d0dec003c&subid=357529620&sid=2627075476&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=028e2d3d-4ad8-4bdf-84d3-080d0dec003c&subid=357529620&sid=2627075476&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css
200 OK 4.8 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/interstitial/games/hentai-heroes/main/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 16:12:56 GMT
etag: W/"65315588-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 115618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kg3%2B5oESkckibpgTCkX684DBnx1P8yFWg2qG0qGM5uX4r8wC257VsRjByPZ0aXaguAbqCQUMhMY%2F9XgGuTUqMuK%2BsC95umCuA4QYoIOOrKxGRtK4Yd2aEE2cudkTThdKUi2sqKi8TBc1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5404fefe84177-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=eyRcS8VR2gUNky45WKWlXgtY_aiaO6l1o2apLt5R-3_lXUJYYgWvCoKCPNysKA-muZ3R29ZaAyKyXA3twLWATMcpvDqTEHCklYSd4Z5Zl3Pgqm72C_s1WD58WAlFUoXLvWVH4Praa2X3Zw61BugdTi4aklnlYGI8ZpiNme_pL7Z4snVXcg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,27,108,0,123,83,89,4,129,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5647700e-caf2-4e6c-946c-fa8c0c3c490d
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=eyRcS8VR2gUNky45WKWlXgtY_aiaO6l1o2apLt5R-3_lXUJYYgWvCoKCPNysKA-muZ3R29ZaAyKyXA3twLWATMcpvDqTEHCklYSd4Z5Zl3Pgqm72C_s1WD58WAlFUoXLvWVH4Praa2X3Zw61BugdTi4aklnlYGI8ZpiNme_pL7Z4snVXcg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,27,108,0,123,83,89,4,129,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5647700e-caf2-4e6c-946c-fa8c0c3c490d
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=eyRcS8VR2gUNky45WKWlXgtY_aiaO6l1o2apLt5R-3_lXUJYYgWvCoKCPNysKA-muZ3R29ZaAyKyXA3twLWATMcpvDqTEHCklYSd4Z5Zl3Pgqm72C_s1WD58WAlFUoXLvWVH4Praa2X3Zw61BugdTi4aklnlYGI8ZpiNme_pL7Z4snVXcg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,27,108,0,123,83,89,4,129,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5647700e-caf2-4e6c-946c-fa8c0c3c490d HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
200 OK 376 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 376 kB (375458 bytes)
Hash 65b98e31f2a22bfc2ae827300f514b93
8d66b3140eaabf1eff5990961d013af5e948df5a
6ea2b64aa9ed05099682f877c6f257d5ebc03814c5910a9dc91a3eae94bf6879
GET /sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/jpeg
content-length: 375458
last-modified: Thu, 19 Oct 2023 16:13:01 GMT
etag: "6531558d-5baa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2646653
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMS7Fs2kcvG3azE41PjBP4nmb8ZpzC%2Bp3JxAmMKny6w0V8Sl%2BKr%2BUr%2BL3bT0TbSTr97xzMYWFrNvcofw%2BkrO5AZy%2FxJBpvzjZZlo7a1ewskQh2tR5FnaDNlrUp6myk6ktkiezvbgdyk5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540544d4d63b3-LHR
alt-svc: h3=":443"; ma=86400
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/3 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:wwoP0XX8Ix8k1DsHYtHnUyhj-uvymQ:ZZGT2SL4EToqe2PN; Expires=Mon, 01-Dec-2025 17:22:19 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:19 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2etQ8XnrNmJucCit0FskQ-00d70VMuyCVRCAdeTf_g7ceOosUWlMn3ND1w7eAzVkwLd49n
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-uPLctfy9hzKMLMwpcb0AvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=Zb-VVtp2USyYudA42ZBjU-G_0OTjfUDfCIivBQpOXJ_NDjlvu19E8IByMeWC9mkERUYB9ruROZxlNOdpM3GZFVo9r6M0AV6zcQ6pjCE1bewb4QmaB-16Rr5qcsft_JS2gD-lkPZIU1drXtfZPeaH-YbcLrx4VeVc1IATRVqJsfsLFKMafg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,129,130,108,83,5,27,0,89&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=fdd62da9-91a0-4f88-a8bc-ccd7627d233d
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=Zb-VVtp2USyYudA42ZBjU-G_0OTjfUDfCIivBQpOXJ_NDjlvu19E8IByMeWC9mkERUYB9ruROZxlNOdpM3GZFVo9r6M0AV6zcQ6pjCE1bewb4QmaB-16Rr5qcsft_JS2gD-lkPZIU1drXtfZPeaH-YbcLrx4VeVc1IATRVqJsfsLFKMafg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,129,130,108,83,5,27,0,89&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=fdd62da9-91a0-4f88-a8bc-ccd7627d233d
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhNjKXEAgIuy&refdom=poop.media&auction_time=1701537737&subid=388464194&sid=809274173&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhNjKXEAgIuy%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3DTpjFEImvHjpq5W1uz3XaeDxuhJrHWggCNk7HmWxFpW3Q-8HGsX-EaeWe6d8hMR8GaE3vNLvXKdR0iPWkLnLwn6SO97ib368vlc396zMLEOMd1T80AXiSvXj1kD0OvQWnLaI8-L26hAvLGMBwr3wbDHCtAyqjJYVJ8KrJWxR1lHiEitbl6Mz75GYXbsM1PbgJIdZaSrRjX4ngLOlOtrJw-AZjKfTHcK6FWMCNC4mkVOblLph4joKfgdQiRSYkHJu4ByDWiJ1ywaxcnpDaguHrPdZvYk1_pgkmzSkBSbavnufdEyLOyIhH9TdTys4Z9aIs31piUcKkOQ2PplL3zkXvgLfMVDkFkJjDG1Bfa3PANYAMdmV8fqXHDs7YRIZMqQFlN62gHQrFmidjhTaKDnZxaJgjVGO96h6zYkuubI1vfstSB-MLUEnSjYNyZ17w3mqZs8cU11IPzmvHhVgWUhZ2YoyC2MgsxZCQT44skN75-uMLR17_zAO6KClFlV5q6tX-aeGDkhFd7DXMHOQ_KZ6kNDm2aa8QvbzPgUM6EeWFPH5FMJ7pUUSMnlGpnm6rA1G7ocK8qSzS-gKpd26g582Po2JujnIKvpFz-NtKwC9jxxBU7NhsJ2y3pG9C8PVfPJ91Vq-BF67HO_CjP8TDWW4gLe9v6V0haoYZDgDVd1DS0VdjvEfaKNDj7WKYazrWH87ZhK-3f8grAUI8RPgC&icons=Zb-VVtp2USyYudA42ZBjU-G_0OTjfUDfCIivBQpOXJ_NDjlvu19E8IByMeWC9mkERUYB9ruROZxlNOdpM3GZFVo9r6M0AV6zcQ6pjCE1bewb4QmaB-16Rr5qcsft_JS2gD-lkPZIU1drXtfZPeaH-YbcLrx4VeVc1IATRVqJsfsLFKMafg&ext_cid=0&px_id=53418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=5807819874380175699&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.22348128934781675&cpm=0&verify_hash=4b19e30763b5aa3827393f94a335c4ff&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,129,130,108,83,5,27,0,89&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=fdd62da9-91a0-4f88-a8bc-ccd7627d233d HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=nfG783DxjGEbNodKTq97st0eS0K-2yXGRd7agh5goUWBDg-JySQoX8VJzaWrVzVZ050NfQubCG6_Ka2dUgqnQHGmlPxGM_nQC3Z35tqDk4cKLGu3xR8xGYqxVxgTGGNVwz7daFXeHhsDKmUmlVZPzL8Fa5MB8b0E-QMyvYVkk1roYPbyUw&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,27,129,130,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=30ab9bb2-00ca-401f-9dac-6d52e7231aae
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=nfG783DxjGEbNodKTq97st0eS0K-2yXGRd7agh5goUWBDg-JySQoX8VJzaWrVzVZ050NfQubCG6_Ka2dUgqnQHGmlPxGM_nQC3Z35tqDk4cKLGu3xR8xGYqxVxgTGGNVwz7daFXeHhsDKmUmlVZPzL8Fa5MB8b0E-QMyvYVkk1roYPbyUw&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,27,129,130,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=30ab9bb2-00ca-401f-9dac-6d52e7231aae
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=nfG783DxjGEbNodKTq97st0eS0K-2yXGRd7agh5goUWBDg-JySQoX8VJzaWrVzVZ050NfQubCG6_Ka2dUgqnQHGmlPxGM_nQC3Z35tqDk4cKLGu3xR8xGYqxVxgTGGNVwz7daFXeHhsDKmUmlVZPzL8Fa5MB8b0E-QMyvYVkk1roYPbyUw&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,5,27,129,130,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=30ab9bb2-00ca-401f-9dac-6d52e7231aae HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=pbRLAhxdmVG6fRJw1YDMwCax3gfmnYIk71XWo5RnKV8HLpxhP_mX5CRLzkwlTNePgf-DLvJDdqVk8rjqFN5QrovuYofDCsTu6kX5fePBVNiuzmkEGFsTHi9GZcKpHZbje6-dTIRZVeYyFk_NOjPuBMPSBFtPUWlGxccOgM8idELwVW6YbA&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,0,4,5,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=af304391-c79c-4d43-b705-74cfed10f8c4
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=pbRLAhxdmVG6fRJw1YDMwCax3gfmnYIk71XWo5RnKV8HLpxhP_mX5CRLzkwlTNePgf-DLvJDdqVk8rjqFN5QrovuYofDCsTu6kX5fePBVNiuzmkEGFsTHi9GZcKpHZbje6-dTIRZVeYyFk_NOjPuBMPSBFtPUWlGxccOgM8idELwVW6YbA&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,0,4,5,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=af304391-c79c-4d43-b705-74cfed10f8c4
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=472540605&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fr-eu.tsyndicate.com%2Fdo2%2Fdirect%3Fc%3DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYyMm6MuUEjR4wWNmrEwNGCBsiTYsbkGNMiTJkYM3DIIDOjRg4zMUQ4nCMmDRmFOraIyImDhg0aMXLQENHF4Rg3SGPAmAHDYZg6YzDewJEDx40bUmHQuBFyLAwZMoI6LEoGYxo6Zdp8kfuQjJ2FNp46dQinjpiFNXrK8Arnog64UG0MhSNRB9QbNmTAwOGwDB46X-ZQxmhQzxs3ZfbWcCpUxJg2jmvIjiGDhlcyZhY2FCHGjZuFM2jIIJtDsog2bjwytDEjhu2MyJXHuAEDhvE6QXUMpGNxjo4XL-ag2eiCzOk1ZfIcDMPGxZg3bV7QkQNxzY84PaijwZLjTBIYTNDQWxqtmdcGRhqR10YZZKQRRmtjhFHZFs1VlZEcYekAgwvVTVfDXLlp6EIOMwSHA2euwaEXHBhO5AINZn0oghx2OBaDjGWMoaKLN8hYRx0EaofWaonJYANJmNWAwww5FHdDa2k4JoJJI24onAs3TuVQHQ9q18QbeqTBBhthvFADhyCgcEUabph3xxwgOEEFCFpxuAMIa7rx1J147AkCjTpodSYMKYBwRI5rvPGCZlrBoFUMIBiRhhxlmPEGHi8IyiGEGYrgxBOtvSHHF2N0-mlrbHRahBMFlmHHF5SyMVENZy1pAw7VOSTHGb89puRuB70qhhwLnehQsF-08UZdj-FgA0UikCHHG8A59AZSz7F4aR6I6VopRmhwB4d34CUIhwsLNlgmGS-UUQQUCS1xhxhFEIFFa3PQiNG0dEgoagt1uHFXC8GVN1Ko-f4VqHCrObdVDsd2etAXZBxc0YGBUnfjDGfldLEME2mcWMc4xIDTbbCWIdoXEobs6Mg3eCyCqyyzgRAdSFFYg4VhiFFZtJV-xYZEhKW6UFeuKQdDHwoEBA%253D%253D%26s%3D12fa3e9ba9b50a7cc8e2e3ddddc8d04b23e6fe9a19671b3e5ecd5d849cdaf89b1701537738&icons=pbRLAhxdmVG6fRJw1YDMwCax3gfmnYIk71XWo5RnKV8HLpxhP_mX5CRLzkwlTNePgf-DLvJDdqVk8rjqFN5QrovuYofDCsTu6kX5fePBVNiuzmkEGFsTHi9GZcKpHZbje6-dTIRZVeYyFk_NOjPuBMPSBFtPUWlGxccOgM8idELwVW6YbA&ext_cid=0&pop_price=0.0014875&pop_ecpm=0.11204049240044876&px_id=418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop-ext&aid=2010&cid=10966&uniq=&mid=7898779404727780221&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.2942737817764214&cpm=0&verify_hash=59cfb3f5e809e74889415cd7c87356f4&is_native=3&real_bid=1.2942737817764214&pop_real_cpm=1.4875&pop_real_bid=0.0012942737817764215&original_bid_usd=1.4875&original_bid=1.4875&exp=0&placement_type_id=325&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,0,4,5,27,129&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=1.4875&hostname=auc-inpage-hz-2-c&auc_type=1&pop_type=1&is_pop_cpc=0&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0014875&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=af304391-c79c-4d43-b705-74cfed10f8c4 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js
200 OK 2.1 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026
GET /sb/interstitial/games/hentai-heroes/main/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 16:13:00 GMT
etag: W/"6531558c-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 115617
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csW%2BAyvibP92JvbhpIdV3%2FLUEI0UFHD0zZihV3C1ja2sZAbdrHrmgeJixJby9Ry7waNSk66Sksu0%2FxcsP80AQ7QxhCmknICU9Xv%2F2ZPhx3raNPmXOq3fih9kFHwx%2FaOQLnWKBoRh9TQa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5404fefe74177-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
assets.ayobandung.com/crop/0x0:0x0/x/photo/2023/05/01/Screenshot_2023_0501_201636-2389291832.png
200 OK 515 kB URL GET HTTP/2 assets.ayobandung.com/crop/0x0:0x0/x/photo/2023/05/01/Screenshot_2023_0501_201636-2389291832.png
IP
Requested by https://cabenakal.site/video/351
Certificate IssuerAmazon
Subjectayobandung.com
Fingerprint13:CA:65:59:1C:50:34:C1:E3:88:AC:43:EC:0E:29:67:13:D9:A6:F4
ValiditySat, 10 Jun 2023 00:00:00 GMT - Mon, 08 Jul 2024 23:59:59 GMT
File type PNG image data, 719 x 882, 8-bit/color RGB, non-interlaced\012- data
Size 515 kB (514854 bytes)
Hash 82a365d45d7b651183f89dc9f169255e
2257f3a0a9e3c09ff5681f5babec4ab45d29b758
729e893cee64185637f7fb6709eb4b4c1fbf32e606b688fe009a3da0bbf9fc9e
GET /crop/0x0:0x0/x/photo/2023/05/01/Screenshot_2023_0501_201636-2389291832.png HTTP/1.1
Host: assets.ayobandung.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 514854
date: Sat, 02 Dec 2023 17:22:18 GMT
server: nginx
expires: Sun, 01 Dec 2024 17:22:18 GMT
etag: "2257f3a0a9e3c09ff5681f5babec4ab45d29b758"
cache-control: max-age=31536000
x-cache-status: MISS
access-control-allow-origin: *
access-control-allow-methods: GET, OPTION
x-cache: Miss from cloudfront
via: 1.1 b58b188f0b591d63a56e49672312d538.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: s5LxKjJbxi9G650STQlPzQP3mZ9Ap_s5MzGvYholbk4LsO3bIIOE6Q==
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
200 OK 1.1 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash 0e2235e70c5d45defff6d4f958efd6c2
a3b54b1d2e285bf511980d1dc920d8831b5eeb3a
9457de0168c27aabaab60abbf72b737625da31f5cafe528ba2e56b57d6b38d1c
GET /sb/interstitial/games/hentai-heroes/main/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Oct 2023 16:12:58 GMT
etag: W/"6531558a-49d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 396953
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vJ5pE2IiAPxepwZMtfncWM8LcShCF191%2FTMZi2mondu5dbatd0xQAaH8%2BY1poc126DEuO5mC%2BgKwxmM5Ka6eXtDPLcFRpWTeB476oJbhKYPzqPVLhlRvPIdHwL5bu6UMfgdRD1kPz4f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54050080c4177-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=90ca08e4-1ce8-473b-85c5-d21f655f1de2
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=90ca08e4-1ce8-473b-85c5-d21f655f1de2
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=90ca08e4-1ce8-473b-85c5-d21f655f1de2 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8dfafca5-ae20-4d70-ac8f-022b84f289ee
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8dfafca5-ae20-4d70-ac8f-022b84f289ee
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8dfafca5-ae20-4d70-ac8f-022b84f289ee HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=127a8f35-0e32-41c9-8c77-37e0631a53c4
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=127a8f35-0e32-41c9-8c77-37e0631a53c4
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=127a8f35-0e32-41c9-8c77-37e0631a53c4 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=5afec970-defd-449d-a466-48b5de6eb058
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=5afec970-defd-449d-a466-48b5de6eb058
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=5afec970-defd-449d-a466-48b5de6eb058 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=0ed79c3b-0f63-48a0-beba-447a2ba4fbcf
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=0ed79c3b-0f63-48a0-beba-447a2ba4fbcf
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.08&cpa=0ed79c3b-0f63-48a0-beba-447a2ba4fbcf HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/8/index.html
200 OK 918 B URL GET HTTP/2 cdn.yourwebbars.com/sb/interstitial/games/hentai-heroes/main/8/index.html
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint84:82:6E:35:03:D4:C4:FC:BA:08:CD:C8:E6:A3:97:A9:20:2F:F5:49
ValiditySun, 23 Jul 2023 00:00:00 GMT - Mon, 22 Jul 2024 23:59:59 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 3ba8c6ee4184fd58396eb4ca22879c0d
3a299ade06247933036e312785d51449d429786d
ae8af8d3ded72e9a7568fa4e7281c9f28e13921a307972a68ff71aee18bc6423
GET /sb/interstitial/games/hentai-heroes/main/8/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: text/html
last-modified: Thu, 19 Oct 2023 16:12:54 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 432753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qxYj5URoDrxaOdsFCUENSJVLfjBj7rXQiCAahbVbMo0q0K125abx4tuT57sb0bhrsCq%2BhqIc%2BOZb1cXA%2BQjIQdlNrrQWU%2BdQnp9BBnuzCUTpM0wOM7b7awLBPjxQ9uJQFtwKNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540544d93b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 1.3 kB URL GET HTTP/3 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 3db091df9626e4eafe4d864842814fc1
a57b73fa6664fa7ce08c66f489e00fd79ec00552
70cb6e1c6a7571656c62f6cae77e7c41914c52b2820e0389ac705e0eb2707def
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 02 Dec 2023 17:22:18 GMT
date: Sat, 02 Dec 2023 17:22:18 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8ff5c492-3dc1-4d1d-832a-07336623db45
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8ff5c492-3dc1-4d1d-832a-07336623db45
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=8ff5c492-3dc1-4d1d-832a-07336623db45 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
skiofficerdemote.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 skiofficerdemote.com/pixel/sbs?c=1
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectskiofficerdemote.com
FingerprintB4:6F:3A:BD:FF:FE:15:51:53:8C:D2:EB:9B:13:BE:14:D1:BC:BD:EE
ValidityTue, 28 Nov 2023 11:02:22 GMT - Mon, 26 Feb 2024 11:02:21 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=cff234ba-3720-44ee-96c8-ccff1557b0c1
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=cff234ba-3720-44ee-96c8-ccff1557b0c1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=cff234ba-3720-44ee-96c8-ccff1557b0c1 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js
200 OK 1.5 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/js/script.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash f06aedc6f9c35062ffcf1d5ad7b6e574
47f1ec30faf80f0958036aea330d22d4ea6bd994
f6ae8744b3f2b2f8865fff018810c62b9bb82ffb3224d0e958ff2cdcec3d2026
GET /sb/interstitial/games/hentai-heroes/main/8/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 16:13:00 GMT
etag: W/"6531558c-f3f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 115617
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNH5B99A3pFYmHeqjm%2FC%2BXJEnPckkNmGxE68RT%2BExQHxfVMAdhJRC%2BorvvmabUvu%2BNNob1T%2FPDYYfS7hrbU2Cez0iteeej63MkgpQEphDQmViZWMhLnPzy01s1M0x%2Fo7UKNuED8Uj4mc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5404feff54177-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=LFavShu0NQXSoMfQujoNtkmD_8UyUIBXC0idQHwnAY217Ouqd7UAM5XJb0nOhCVxaVvJ5mOKqiYFxDCqRORaE8fBMD3JKi3Tq_iO4BJ5eys0iYdP-xpF6NsetIuqffE2_boRgeiz_fn_CWLha9X8RBO-jHR46R_pBx2hXU4mVbe217zV3A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,27,129,108,0,59,89,5,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5a0fa19a-3833-40fe-b5ea-dd4ab88bb5b6
0 B URL d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=LFavShu0NQXSoMfQujoNtkmD_8UyUIBXC0idQHwnAY217Ouqd7UAM5XJb0nOhCVxaVvJ5mOKqiYFxDCqRORaE8fBMD3JKi3Tq_iO4BJ5eys0iYdP-xpF6NsetIuqffE2_boRgeiz_fn_CWLha9X8RBO-jHR46R_pBx2hXU4mVbe217zV3A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,27,129,108,0,59,89,5,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5a0fa19a-3833-40fe-b5ea-dd4ab88bb5b6
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=LFavShu0NQXSoMfQujoNtkmD_8UyUIBXC0idQHwnAY217Ouqd7UAM5XJb0nOhCVxaVvJ5mOKqiYFxDCqRORaE8fBMD3JKi3Tq_iO4BJ5eys0iYdP-xpF6NsetIuqffE2_boRgeiz_fn_CWLha9X8RBO-jHR46R_pBx2hXU4mVbe217zV3A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,27,129,108,0,59,89,5,130&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=5a0fa19a-3833-40fe-b5ea-dd4ab88bb5b6 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
pronedynastyimpertinence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 pronedynastyimpertinence.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectpronedynastyimpertinence.com
Fingerprint5B:76:FB:DD:60:B4:7A:A2:03:07:FC:6C:A0:6A:FA:99:13:E4:63:75
ValidityTue, 28 Nov 2023 08:14:49 GMT - Mon, 26 Feb 2024 08:14:48 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxMsSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV9%2FsFRfER0HPNz%2FTfakUnW%2FWPPe9LZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3A99r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQuSj1%2FdfvYUko2QJj%2FfFbaT6%2Bz9T5JC0VwbdPnRF2kn1WWK5KqMjYM4PZpNQ9sxId9fg06PZgqgu%2FsTBYjkmDh%2F%2BojSoxlNRN2DS6aRgkgR8esouyMINYKkIzD9EJI%2FJwDjWN9Amhyua1PSnUuUTtAxmXv5L2Q5JnN%2F30CaHC8p2XPva1XkUqcWvbiC7I0g2yNkxSnyvgNZnoLlX0Py38n8yzWkyf6GVRqSV1P1Uo4g4xGUGIBaB8XkSAdF7KDIHCT83KXNxdjzWnEUB0HYYIwFAWPNcIE3edAIYw8Fm9AbIM8GYGoAZnaRmV105ACm%2BBV2u4LlDmw%2BJs7nu%2BjyCqUgKC1BSQlKSVDmBGW3OuDK1m11yJUtIn%2BW67McVEOdt%2Ffogc7bIiWgZrCXXZA3J944y6GLjjh3g2YYihYL4mbUCCll3gIVYSCafn0hDjljsLKCtNemcvtyTPxbN5HJMXntrxNE9BRWnYLJN0CLd0DLYavugW4PG6GHfvo40zqrJYJLCq4rZPkc8h1nT12Qt6cbWvmuDsHO7rz7YuX4Rv8FmKmQmQpfyd8I2urR8J4uyf49XVrydCPLZSL7dLK9%2BznNxdzjT8VOqQ1fvWsHP37EJsCkfPJA2HyNplymbUt%2BWpKcC7OsDRPkl1W7JaLNwm4vFSYtsrXNj5dXk8wIa6VOR6Dy%2BZcnYHJMXj%2Bcn%2F7Lmz8kkGYEU1RIijMyC0h9CpbtwmZnd65PuK8cw2oCo65mosxBWVRDU4%2BuHpUkUOKqp1EFK64siMTZyT%2BX2J59hLZxQPOHSJMKXVOhqypQNYAtXhnmmTn78I9gGoiUM4yUcfYjZdS3l9Zaee42%2FYYIo7DFOI8E436rHoSB59U5b7QWhb%2BI3I5Fp%2F3sPwAAAP%2F%2FAQAA%2F%2F8MdxVUbwQAAA%3D%3D HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f0c47fc574a9f8be1e96d493e7d1fdc
Strict-Transport-Security: max-age=0; includeSubdomains
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=a166b21a-7c50-4087-bb0a-25d7125bd7d2
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=a166b21a-7c50-4087-bb0a-25d7125bd7d2
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=a166b21a-7c50-4087-bb0a-25d7125bd7d2 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=fffed3bb-1ffc-4be6-af05-67cd375df1d4&subid=388464194&sid=472540605&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=fffed3bb-1ffc-4be6-af05-67cd375df1d4&subid=388464194&sid=472540605&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=fffed3bb-1ffc-4be6-af05-67cd375df1d4&subid=388464194&sid=472540605&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
omitpollenending.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIMSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV1%2FtFRfER0HPNz%2FRfakUnW%2FWPPedLZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3Pd9r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQOSj1%2Fe%2Fu0pJBshTX68K2wn19m7HyWFork26PKjz9JOqssUyVUZGwdxejSbhrZjQr69Bp0ezRRAd%2FcnChDJMXH%2B9BGlRzOaiLoHl0wjBZEi4tdRdkcQagRJR2D6ISR%2FRgDGsb6BNDlc16akO5conaBjMvfiX8hyTOb%2BvoE0OV5Ssufe16rIpU4tenEF2RtBtkfIilPkfQeyPAXLv4Tkv5P5F2tIk%2F0NqzQkr6bqpRxBxiMoMQC1DorJkQ6K2EGROUj4uUubi7HnteIoDoKwwRgLAsaa4QJv8qARxh4KNqE3QJ4NwNQAzOwiM7voyAFM8TPsdgXLHdh8TJxPd9HlFUpBUFqCkhKUkqDMCcpudcCVrdvqkCtbRP4s12c5qIY6b%2B%2FRA523RUpAzWAvuyCvT7xxlkMXHXHuBs0wFC0WxM2oEVLKvAUqwkA0%2FfpCHHLGYGUFaa9N5fblmPi3biKTY%2FLKXyeI6CmsOgWTr4EWb4GWw1bdA90eNkIP%2FfRxpnVWSwSXFFxXyPI55DvOnrogb043tPJNHYKd3Xn7%2Bcrxjf5zMFMhMxW%2BkL8QtNWj4T1dkv17urTk6UaWy0T26WR793Oai7nHH4udUhu%2BetcOvv%2BATYBJ%2BeSBsPkaTblM25b8sCQ5F2ZZGybIT6t2S0Sbhd1eKkxaZGubHy6vJpkR1kqdjkDls89PwOSYvHo4P%2F2XN79LIM0IpqiQFGdkFpD6FCzbhc3O7lyfcF85htUERl3NRJmDsqiGph5dPSpJoMRVT6MKVlxZEImzk38usT37CG3jgOYPkSYVuqZCV1WgagBbvDTMM3P2%2Fh%2FBNBApZxgp4%2BxHyqivL6218txt%2Bg0RRmGLcR4Jxv1WPQgDz6tz3mgtCn8RuR2LTvvX%2FwAAAP%2F%2FAQAA%2F%2F%2BaRxIjbwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 omitpollenending.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIMSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV1%2FtFRfER0HPNz%2FRfakUnW%2FWPPedLZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3Pd9r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQOSj1%2Fe%2Fu0pJBshTX68K2wn19m7HyWFork26PKjz9JOqssUyVUZGwdxejSbhrZjQr69Bp0ezRRAd%2FcnChDJMXH%2B9BGlRzOaiLoHl0wjBZEi4tdRdkcQagRJR2D6ISR%2FRgDGsb6BNDlc16akO5conaBjMvfiX8hyTOb%2BvoE0OV5Ssufe16rIpU4tenEF2RtBtkfIilPkfQeyPAXLv4Tkv5P5F2tIk%2F0NqzQkr6bqpRxBxiMoMQC1DorJkQ6K2EGROUj4uUubi7HnteIoDoKwwRgLAsaa4QJv8qARxh4KNqE3QJ4NwNQAzOwiM7voyAFM8TPsdgXLHdh8TJxPd9HlFUpBUFqCkhKUkqDMCcpudcCVrdvqkCtbRP4s12c5qIY6b%2B%2FRA523RUpAzWAvuyCvT7xxlkMXHXHuBs0wFC0WxM2oEVLKvAUqwkA0%2FfpCHHLGYGUFaa9N5fblmPi3biKTY%2FLKXyeI6CmsOgWTr4EWb4GWw1bdA90eNkIP%2FfRxpnVWSwSXFFxXyPI55DvOnrogb043tPJNHYKd3Xn7%2Bcrxjf5zMFMhMxW%2BkL8QtNWj4T1dkv17urTk6UaWy0T26WR793Oai7nHH4udUhu%2BetcOvv%2BATYBJ%2BeSBsPkaTblM25b8sCQ5F2ZZGybIT6t2S0Sbhd1eKkxaZGubHy6vJpkR1kqdjkDls89PwOSYvHo4P%2F2XN79LIM0IpqiQFGdkFpD6FCzbhc3O7lyfcF85htUERl3NRJmDsqiGph5dPSpJoMRVT6MKVlxZEImzk38usT37CG3jgOYPkSYVuqZCV1WgagBbvDTMM3P2%2Fh%2FBNBApZxgp4%2BxHyqivL6218txt%2Bg0RRmGLcR4Jxv1WPQgDz6tz3mgtCn8RuR2LTvvX%2FwAAAP%2F%2FAQAA%2F%2F%2BaRxIjbwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectomitpollenending.com
Fingerprint41:41:67:08:03:DF:C6:78:85:C2:46:A8:88:D7:2B:2E:48:A2:91:B2
ValidityTue, 28 Nov 2023 08:10:50 GMT - Mon, 26 Feb 2024 08:10:49 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIMSEHY8SEAD%2Bx8Iwp5lJgPBB1Xvvfre4fu%2BV1%2FtFRfER0HPNz%2FRfakUnW%2FWPPedLZlyXVp3%2FYHrezXvtrsl04XGbbc3uUz3Pd9r1rxb7opgHT1f93zP8z3fXZZGxLo3P0UhsyeLfm3RqzXqNb%2FZQM%2F8v7eFA0sd8O4FeQOSj1%2Fe%2Fu0pJBshTX68K2wn19m7HyWFork26PKjz9JOqssUyVUZGwdxejSbhrZjQr69Bp0ezRRAd%2FcnChDJMXH%2B9BGlRzOaiLoHl0wjBZEi4tdRdkcQagRJR2D6ISR%2FRgDGsb6BNDlc16akO5conaBjMvfiX8hyTOb%2BvoE0OV5Ssufe16rIpU4tenEF2RtBtkfIilPkfQeyPAXLv4Tkv5P5F2tIk%2F0NqzQkr6bqpRxBxiMoMQC1DorJkQ6K2EGROUj4uUubi7HnteIoDoKwwRgLAsaa4QJv8qARxh4KNqE3QJ4NwNQAzOwiM7voyAFM8TPsdgXLHdh8TJxPd9HlFUpBUFqCkhKUkqDMCcpudcCVrdvqkCtbRP4s12c5qIY6b%2B%2FRA523RUpAzWAvuyCvT7xxlkMXHXHuBs0wFC0WxM2oEVLKvAUqwkA0%2FfpCHHLGYGUFaa9N5fblmPi3biKTY%2FLKXyeI6CmsOgWTr4EWb4GWw1bdA90eNkIP%2FfRxpnVWSwSXFFxXyPI55DvOnrogb043tPJNHYKd3Xn7%2Bcrxjf5zMFMhMxW%2BkL8QtNWj4T1dkv17urTk6UaWy0T26WR793Oai7nHH4udUhu%2BetcOvv%2BATYBJ%2BeSBsPkaTblM25b8sCQ5F2ZZGybIT6t2S0Sbhd1eKkxaZGubHy6vJpkR1kqdjkDls89PwOSYvHo4P%2F2XN79LIM0IpqiQFGdkFpD6FCzbhc3O7lyfcF85htUERl3NRJmDsqiGph5dPSpJoMRVT6MKVlxZEImzk38usT37CG3jgOYPkSYVuqZCV1WgagBbvDTMM3P2%2Fh%2FBNBApZxgp4%2BxHyqivL6218txt%2Bg0RRmGLcR4Jxv1WPQgDz6tz3mgtCn8RuR2LTvvX%2FwAAAP%2F%2FAQAA%2F%2F%2BaRxIjbwQAAA%3D%3D HTTP/1.1
Host: omitpollenending.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4cc748818b700691208abdd676422def
Strict-Transport-Security: max-age=0; includeSubdomains
nereserv.com/in/dip?site=native-push&wl=1&event_id=22753668-4586-4f7d-9b77-020708cdacb0&subid=357529620&sid=54752259&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=22753668-4586-4f7d-9b77-020708cdacb0&subid=357529620&sid=54752259&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=22753668-4586-4f7d-9b77-020708cdacb0&subid=357529620&sid=54752259&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
pronedynastyimpertinence.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 pronedynastyimpertinence.com/pixel/sbs?c=1
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectpronedynastyimpertinence.com
Fingerprint5B:76:FB:DD:60:B4:7A:A2:03:07:FC:6C:A0:6A:FA:99:13:E4:63:75
ValidityTue, 28 Nov 2023 08:14:49 GMT - Mon, 26 Feb 2024 08:14:48 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: pronedynastyimpertinence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
200 OK 376 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 376 kB (375458 bytes)
Hash 65b98e31f2a22bfc2ae827300f514b93
8d66b3140eaabf1eff5990961d013af5e948df5a
6ea2b64aa9ed05099682f877c6f257d5ebc03814c5910a9dc91a3eae94bf6879
GET /sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/jpeg
content-length: 375458
last-modified: Thu, 19 Oct 2023 16:13:01 GMT
etag: "6531558d-5baa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2646654
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7i0reIc7gf9A%2BshqFfQYbb9CJZq8NtwdWl1wV75ChEfxhFh0BGPfQ68CIu9TIo%2Fsr%2BC6vV%2BXq4Nu6NeNWsJ5cx%2BNyaMa4044p0fISfkMIKKJ2OO0h09vX5IX1D%2BhB70m1mj0Rr8AX1d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540599bd563b3-LHR
alt-svc: h3=":443"; ma=86400
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=18f8bbf1-0a40-4a69-9620-d926998523d4
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=18f8bbf1-0a40-4a69-9620-d926998523d4
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=18f8bbf1-0a40-4a69-9620-d926998523d4 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=jLaRZ7PEcglNJDZ-jAX6BHn3_t-DDHJsDgAptskr46oGscPknx2pcCWGbruI-HuulHjzyiz5gogn23BisfoboMnDeDCG2wMNrj9KS1dX3JTUVxVN_dZljVzXSM13CV14nO41x185Za4FhOR8yst4KghInZZC-EpEd7sYEzq49CVxnpB2iw&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,0,4,59,27,130,5,108,123,89&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=f342199c-1422-481d-9bb5-02eb286fa3e9
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=jLaRZ7PEcglNJDZ-jAX6BHn3_t-DDHJsDgAptskr46oGscPknx2pcCWGbruI-HuulHjzyiz5gogn23BisfoboMnDeDCG2wMNrj9KS1dX3JTUVxVN_dZljVzXSM13CV14nO41x185Za4FhOR8yst4KghInZZC-EpEd7sYEzq49CVxnpB2iw&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,0,4,59,27,130,5,108,123,89&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=f342199c-1422-481d-9bb5-02eb286fa3e9
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=jLaRZ7PEcglNJDZ-jAX6BHn3_t-DDHJsDgAptskr46oGscPknx2pcCWGbruI-HuulHjzyiz5gogn23BisfoboMnDeDCG2wMNrj9KS1dX3JTUVxVN_dZljVzXSM13CV14nO41x185Za4FhOR8yst4KghInZZC-EpEd7sYEzq49CVxnpB2iw&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,0,4,59,27,130,5,108,123,89&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=f342199c-1422-481d-9bb5-02eb286fa3e9 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=b3Y88FRg3O6-KUw_UYhROtfGNQqJO9cmf9rSMeD1g_oLzvNYNEVBtdZDH-eL9-1LaW0AdB9q6_sK6s_R7466euDUUo3yshusHU71sPIXN8V8TjmCe4NC3S2WFYg2MqW3ou67VAPAPlkrZcPPLk6672uaz3KBomkt1Qi3wege_HhtRCu1cg&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,27,108,4,59,5,129,130,89,123&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=834480a9-835a-4d9a-b6b4-2c479574e03b
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=b3Y88FRg3O6-KUw_UYhROtfGNQqJO9cmf9rSMeD1g_oLzvNYNEVBtdZDH-eL9-1LaW0AdB9q6_sK6s_R7466euDUUo3yshusHU71sPIXN8V8TjmCe4NC3S2WFYg2MqW3ou67VAPAPlkrZcPPLk6672uaz3KBomkt1Qi3wege_HhtRCu1cg&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,27,108,4,59,5,129,130,89,123&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=834480a9-835a-4d9a-b6b4-2c479574e03b
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=3695565071&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DSE96SEU%26eid%3D722%26n%3D679d5044f19fda4887c56399%26nid%3D1%26sid%3DKBvQ6KNdGatCwjkmIB7mimvRuXBcu0I%252Bc8nEueJRxBQ%252FTpVnSYWH%252FODFTgGl%252FmwH%252FZvkpGpwmVf9mqPrf7%252BEfoS8N2ZYR7yOm%252BhNARsTx9cUDvX%252BzlYUM5Fb9xXeccqeNyWk7MQdFlk6iKXJNkKfi4li04jZmVAT5Bqo4cQm%252F7wYexdNVyOcVkwkqc%252BdV33hwVcB8k96sKePcmMkYK9Kj2sJXYJ7fhfj%252BOtc7VcJwJsbJlrp3JEFImE86Io63aCKCmDnExOqJCGw8j91Z9l4EW%252FjhSbgi3IwA8o6lFs5CptgnhTvu2zwbAoCaxg4HsUAde%252FZq1mxbSjEcIY%252FiprxS8MgI0HuRceEDQTr8Yz8Ny7tYO0kNeW2ho9imk4FT09AQNcIKx6BqS9AW5klAa9sKojgpLRs9AZyGwaX7XxPIb4iVi9NclQEKKYqJqeiYZCt1711QNEn0zqJXLPnFW%252Foueduijg3F9ruoJw2wQOAUpGlv3PwmNRkSTimo5AaS8O0NAzNMIAxlEzKoQgA%252BbS6vAYA7YlPvT47sXs69b3vIBt1n8wHaNRLo0hYOCgWdKxVf1OyKKKGmQm7t3HOSQeavvLPcwqtMw5EnkAvjkxgOfjsP%252FSeuvAjCXpOebDpKbPIv%252Bdvdk3N28pIyHVufcYVVJQ%252F7wuf3%252FmOQ8y2%252BtyU8DBimZeb2hqKcY1bizxz7SSDXh8cS%252BA45%252FDDrlc5SxsKESI9SQZdlgPB6z%252Fb8e6GJXKYN4emzT4wtQ1DexHxut5bTAz5gHZs1Q25oCyU8e%252BfxFw%252BiyIqDQYSmfZzSzRJzwQeSbRiFjawisEFj%252Fa1o%252F2%252BCnJHudQwKs%252BV4MvxBbnSfAxpzwYgybzEpfQ3b9lVchczaH8UF27kgvWRC4JEM%252BaR0KRA%252BAT8QBE%252B%252BzJ%252BliVpPKThgtoFU857DriO6CUyCKiExI1DOLn1DYgiTT%252BUpacgRIfcnfXWeuXqG9pJpuT3vYuiBjVi6zx0iuu8VVeZoaBzq6koMGZA9PSZuu5wyUecGFczY4c1LeuvKBrK6uq9LsudnNc1D5FOLQsgp%252FFj5wvtDORwEz5EKJ%252Fp6u7thojGUt%252BV34gW8SU2Ip4gWxnj27qCwWtpErq1Eqq2Z%252Bbzdym6vahFBinb8Q0AoVWZoerz1hINNKYw%252FeVozwfLka%252Fj%252Be1B9sVo8CBrSxzaOF2O9MuMex%252FKOhAD3nh%252Bi4bJX%252FxolJ%252BToW9GyLMzTeGxxfT07lg8apP3BHSacwSm%252B9wXGcOIArPKNTMm01InjmuBefWQXig9pgZeoapO9YSnl6lTqgNnPtNSoGvHde%252B56rch8fe9Q8LDcqkgnUxXuMK%252F62FNOfSsgQGckqlXeoDpQXjuSi5m436Stxdvxlv3u0E%252FNc7RSJo9Jy9Pz%252FID1t8bIAfBBlyY0Asqinfl9BkyqPL2f%252BVt2%252BMBxVHUt%252BPoWhuNWisz4tz0PpKlSK7Dq6sedWcyfEqxdA3bebDhicNHy%252FVD5AJfrNTEBifgsTIm05zTb21BAKTzCNQ4FRNiCrzi4SIhTcye24u1H4fLecdvpwz%252FC8noGGnPLJpRVT6xCo0VugZ2c3DJD4eqOQpTbmGDRWWJsGmDC%252BhfGZGLtEroEXQWSKeogLDxeN8MMB%252Fd1j1J0qSwpSIss1WFMdhqNGNBxLfVgpexVom5cZhq3tKe1%252FFOsSX0QO3C0%252FsFMkTvXYzmQxEM%252Btn9uMNudCAPgfvVPsqK8gD%252BphkusWNcJpzHgJNn2FPMqIsv9QMl0TYxkq8xTMO1VzdHTsngQq0MibfXusxjSUuNp9Wd3R1tSRkYAP5Q6x1LlxHLd6%252BW5mECxoQ6R%252FlvphZPP8mmoDsC8XutSJXpMIr0f5ZdP9R5JBhmynEQtDXLET2z19gGVUoVH5Nf8x41jI2QujzZJp4g%252BAOlJ0dutL2KnDbxKHSqzMCU3Zeff3KKspe7Np3Uib4FxrQVsML80tAoivTerxk8sSluJjmkSG9XEwSoUhhFQBa%252B68M5IcV5TNDq8AL6XynbANrjbysLtSuH2zw5LWeUC6tndZ8H7XHD%252Br9m68N0CjHgQwJSrt8L%252FagOd2xWmPeyyg8TfTjwiCc4hCanbqC3fLbkPMpprZE%252BpCXH2jOEKN2P13EO%252BUGLJBPquOFuU064OoHzI97pTFe63gyKQ9WRlj8HdGp6DL7RxvSwehBsrQOig4rNH1OaJ0lKxbDbs0O7EDRwPQF76ulZ810sZsu76lzcrrCkJ3q8tnDDSvWqrBlwy3keV0AI4mu59473UDp9j030oeiUmCQVCy7upZNf2NV16C8JRyu4R6OXdVlAAirMhOhCC3%252BSe%252F%252BB244m79eTEXBXo5ls%252BvQ%252B%252BVcP5M6vJTERbWuylOYoBcvalOJSYvy%252B%252FaLJ1Mr0PFALxNlbkSRR%252FfSqkTuTRpk%26ssid%3D3298447862chxADzKF%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=b3Y88FRg3O6-KUw_UYhROtfGNQqJO9cmf9rSMeD1g_oLzvNYNEVBtdZDH-eL9-1LaW0AdB9q6_sK6s_R7466euDUUo3yshusHU71sPIXN8V8TjmCe4NC3S2WFYg2MqW3ou67VAPAPlkrZcPPLk6672uaz3KBomkt1Qi3wege_HhtRCu1cg&ext_cid=0&px_id=31418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=7110847628788039376&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.06543254014164014&cpm=0&verify_hash=2cf1c7c4327ae8ee3ca656279e1735e3&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,27,108,4,59,5,129,130,89,123&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=834480a9-835a-4d9a-b6b4-2c479574e03b HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
omitpollenending.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 omitpollenending.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectomitpollenending.com
Fingerprint41:41:67:08:03:DF:C6:78:85:C2:46:A8:88:D7:2B:2E:48:A2:91:B2
ValidityTue, 28 Nov 2023 08:10:50 GMT - Mon, 26 Feb 2024 08:10:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: omitpollenending.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=cf994a27-7359-414f-8333-e70b612f71f3
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=cf994a27-7359-414f-8333-e70b612f71f3
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=cf994a27-7359-414f-8333-e70b612f71f3 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=GSeBMVpdfWSdlEXj8N5HNRYCgN3BjFTmSavTeArbpqUQKX4n0YWlT8S2Gj4IntypjRXr7ttuNgBwyljR76_Bv6NzI0805XjLcVkCG_ZlvFMygCBlQYXONcfGoMqCkavzAdXVmCqkDLQnsy5rgOLA0No5t8MxHrWVQ-XPX-ASxvoRqTsaCQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,89,5,27,129,108,123,4,83,130&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=e51ced89-f1f5-40b4-95c0-05fa233a38ce
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=GSeBMVpdfWSdlEXj8N5HNRYCgN3BjFTmSavTeArbpqUQKX4n0YWlT8S2Gj4IntypjRXr7ttuNgBwyljR76_Bv6NzI0805XjLcVkCG_ZlvFMygCBlQYXONcfGoMqCkavzAdXVmCqkDLQnsy5rgOLA0No5t8MxHrWVQ-XPX-ASxvoRqTsaCQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,89,5,27,129,108,123,4,83,130&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=e51ced89-f1f5-40b4-95c0-05fa233a38ce
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=GSeBMVpdfWSdlEXj8N5HNRYCgN3BjFTmSavTeArbpqUQKX4n0YWlT8S2Gj4IntypjRXr7ttuNgBwyljR76_Bv6NzI0805XjLcVkCG_ZlvFMygCBlQYXONcfGoMqCkavzAdXVmCqkDLQnsy5rgOLA0No5t8MxHrWVQ-XPX-ASxvoRqTsaCQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,89,5,27,129,108,123,4,83,130&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=e51ced89-f1f5-40b4-95c0-05fa233a38ce HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=L0WsYBpikpUOMmjlZ5X8a2bAKXdWeUQ4EeVUTs5tZfkhDMewAey-yGo-TC-voFUHD_1hAkDg9ly8GFNoKP7yGa5FsCCCOyp5X7md8F5AJ6RfGR5-Zlt4yHhFazzoyRhAjzOqCi5T1tsGnDf_DZpu-CvrXBCafvvHwe8CPzKijt7um0fhaQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,89,129,130,83,5,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=ccf08c01-d38e-473d-97b1-2a610a9d524c
0 B URL d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=L0WsYBpikpUOMmjlZ5X8a2bAKXdWeUQ4EeVUTs5tZfkhDMewAey-yGo-TC-voFUHD_1hAkDg9ly8GFNoKP7yGa5FsCCCOyp5X7md8F5AJ6RfGR5-Zlt4yHhFazzoyRhAjzOqCi5T1tsGnDf_DZpu-CvrXBCafvvHwe8CPzKijt7um0fhaQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,89,129,130,83,5,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=ccf08c01-d38e-473d-97b1-2a610a9d524c
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=3006084107&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3D9e2uqx%26c%3Dl2aUoswO4GBjUF8xkSYTQgAe5lPdy8hDsVZBoOIfo2eXeLT_vNDPQ1zTIV_gRF63pfnjM20Upi9KzQoN1y04MKDZqcctZkMHqnLtyM8Km09f7BBvYSRYvnNpnIMitEy2mFbUKqzGvF0-c7a_CmMsH_oOpGWdk5z0LOainqOC7JxSSDTGKLv1yrxVRO9mrFU0vGyAVSHKAg8OUzHl87JwMFdTgyUjLWlYvTh6lDtyreSfeV_KKlKY3yzYDfdovmWtxtxQvUUZFM9V-SSsQelnGK3xBvkSE_xJz6TZsMrGVHRUFrK648aXQZ6rDtwok3J0v5htI6G1zoX5DkJaxmgLj-rjj49hT80qbGBHTtv15Zlcfx3KrmA6yBiA3b2muUFeqEjGQaYVct0xlrdRkpu6EVbmhPGQpkQohvWfD9dc4-CoMPEYflPxhp7RvEyAr3v6HHl_mMiVmChJaHYZ1UL6POjmEqqUMwzgzKJh__L9-HYMtN-nK4f9jLIQh-_2575IoW2JPKPd7-Th_dMC3NwnWRVw9MfFRPdidtpmbyybnQsWI1lkQHANMr3kvhUItKVvD9UqxoT5ljz6Wu-Xyo0S5IzzTBOqf1Gi1Yvop4PpqiQWOWvxkj5U3R0qmJl-5Bkf1JNU-hG5-80WZ2Cizn_hUNGueIz5uu2amtObIKRGnlIJYofNuwb0Kumr0FNy3_cUeHY5Zo95Wtyd-kGG&icons=L0WsYBpikpUOMmjlZ5X8a2bAKXdWeUQ4EeVUTs5tZfkhDMewAey-yGo-TC-voFUHD_1hAkDg9ly8GFNoKP7yGa5FsCCCOyp5X7md8F5AJ6RfGR5-Zlt4yHhFazzoyRhAjzOqCi5T1tsGnDf_DZpu-CvrXBCafvvHwe8CPzKijt7um0fhaQ&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=3335&cid=13433&uniq=&mid=8217780327782478071&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09576079852524928&cpm=0&verify_hash=a1c0b77d96a4d54ae2dce8921363aa58&is_native=2&real_bid=0.002581619977951034&original_bid_usd=0.0034&original_bid=0.0034&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=123,4,89,129,130,83,5,27,108,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701710537&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.0034&hostname=auc-inpage-hz-3-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000033999999999999996&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=ccf08c01-d38e-473d-97b1-2a610a9d524c HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0bab6c9e-ee39-4cb4-953b-d297aa354cd1
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0bab6c9e-ee39-4cb4-953b-d297aa354cd1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0bab6c9e-ee39-4cb4-953b-d297aa354cd1 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=fb0e7929-fe1e-496c-ab52-153d205a4d97
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=fb0e7929-fe1e-496c-ab52-153d205a4d97
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=fb0e7929-fe1e-496c-ab52-153d205a4d97 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F746%2Fm2quuqo2xr7fvofrqpji3lgjwktuk55ts27pfdgfzn5hqgd2nj7hyeduafrcpj4f4x6u4kqnzm32oxpmk2pi44wsgogoc6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfy4jzptffw2lmpow6sagdh4eaw46gsajjcdksnzxjerqoofhuwhqjgrkvu2rynfkxg6sjoeflfom2t2tjh23ibpk723wxiy3rv4ftj22u3ojn24eqserorwmute4q7x5qvngjfm6mu2zibbfea2hifhwoq3slv2v2ytzpbleox35prtha52cmkdeswm6kndhb4ddtbzza7cs5bdj4qtnvbhvtylsntbe2uwyi5zpgm6xskwzct3d5zrtvrvk4njwbygnnv2fc23bhf6q3l2ah2qulw2s23avb5cwt2hhfcrtsl7hbudsjptejwei2bfps5lz65fed74tjoldjgf52bxzm43c2xruvat2xc5iheums2voat4doqtcepbchayus7azhe3tiojmaulauvqtayit4f3ediury7znfmlr4cjpe54xon2ohuahqlzmeazfogs7kmiqohlfir7eqmsrdmhrmnq6amxcoij3duydwrbcguqu27l3p5jqorsejfqeo7cyof6jvyozu7rnrq4vtrewv44h32lv2bsrsgdhfm6fourpzw57znur53ho4t3gwf5k6gb3jmv5rswmstbqi52vs6pnnyugagqmeqahaqljdq7siokpdiec4ijxo5zjuva6j5ui5gho3jzvqb32onqlb7ccj2nzgv3gaj7e3v37c4y3c62kkm3e2ofncqcm4nfby5nj5e34j52smur4iqrv2edj5cqrt3sws5ga%3D%3D%3D%3D%3Fu%3D&icons=-YTpR3n9f1HLRxXFD51_xe8G8eG9yQJgn2X4yv_9WNAUmOYySu27ZYaPc-5APwu-57nIGkuWX2tKvtg2pjcPoR7A_TJrZH88NqUKUNq4aE948ensxb5Bf4HLNxc0X_TYaBEx5HPdHu0VmsY4qpUyycEEZ5NjEh7EvoP-2jcQzLqAuuWNkg&ext_cid=0&px_id=65106408&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=2766&uniq=&mid=7680315957225668597&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.016337016568880893&cpm=0&verify_hash=bfc86b16e61cdaaccc810ffbed189ce8&is_native=2&real_bid=0.00044043041624406895&original_bid_usd=0.000473632025718689&original_bid=0.000473632025718689&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,108,0,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701624138&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.000473632025718689&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000047363202571868895&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=4b101352-10cc-4d79-af7f-e2af6889b383
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F746%2Fm2quuqo2xr7fvofrqpji3lgjwktuk55ts27pfdgfzn5hqgd2nj7hyeduafrcpj4f4x6u4kqnzm32oxpmk2pi44wsgogoc6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfy4jzptffw2lmpow6sagdh4eaw46gsajjcdksnzxjerqoofhuwhqjgrkvu2rynfkxg6sjoeflfom2t2tjh23ibpk723wxiy3rv4ftj22u3ojn24eqserorwmute4q7x5qvngjfm6mu2zibbfea2hifhwoq3slv2v2ytzpbleox35prtha52cmkdeswm6kndhb4ddtbzza7cs5bdj4qtnvbhvtylsntbe2uwyi5zpgm6xskwzct3d5zrtvrvk4njwbygnnv2fc23bhf6q3l2ah2qulw2s23avb5cwt2hhfcrtsl7hbudsjptejwei2bfps5lz65fed74tjoldjgf52bxzm43c2xruvat2xc5iheums2voat4doqtcepbchayus7azhe3tiojmaulauvqtayit4f3ediury7znfmlr4cjpe54xon2ohuahqlzmeazfogs7kmiqohlfir7eqmsrdmhrmnq6amxcoij3duydwrbcguqu27l3p5jqorsejfqeo7cyof6jvyozu7rnrq4vtrewv44h32lv2bsrsgdhfm6fourpzw57znur53ho4t3gwf5k6gb3jmv5rswmstbqi52vs6pnnyugagqmeqahaqljdq7siokpdiec4ijxo5zjuva6j5ui5gho3jzvqb32onqlb7ccj2nzgv3gaj7e3v37c4y3c62kkm3e2ofncqcm4nfby5nj5e34j52smur4iqrv2edj5cqrt3sws5ga%3D%3D%3D%3D%3Fu%3D&icons=-YTpR3n9f1HLRxXFD51_xe8G8eG9yQJgn2X4yv_9WNAUmOYySu27ZYaPc-5APwu-57nIGkuWX2tKvtg2pjcPoR7A_TJrZH88NqUKUNq4aE948ensxb5Bf4HLNxc0X_TYaBEx5HPdHu0VmsY4qpUyycEEZ5NjEh7EvoP-2jcQzLqAuuWNkg&ext_cid=0&px_id=65106408&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=2766&uniq=&mid=7680315957225668597&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.016337016568880893&cpm=0&verify_hash=bfc86b16e61cdaaccc810ffbed189ce8&is_native=2&real_bid=0.00044043041624406895&original_bid_usd=0.000473632025718689&original_bid=0.000473632025718689&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,108,0,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701624138&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.000473632025718689&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000047363202571868895&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=4b101352-10cc-4d79-af7f-e2af6889b383
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F746%2Fm2quuqo2xr7fvofrqpji3lgjwktuk55ts27pfdgfzn5hqgd2nj7hyeduafrcpj4f4x6u4kqnzm32oxpmk2pi44wsgogoc6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfy4jzptffw2lmpow6sagdh4eaw46gsajjcdksnzxjerqoofhuwhqjgrkvu2rynfkxg6sjoeflfom2t2tjh23ibpk723wxiy3rv4ftj22u3ojn24eqserorwmute4q7x5qvngjfm6mu2zibbfea2hifhwoq3slv2v2ytzpbleox35prtha52cmkdeswm6kndhb4ddtbzza7cs5bdj4qtnvbhvtylsntbe2uwyi5zpgm6xskwzct3d5zrtvrvk4njwbygnnv2fc23bhf6q3l2ah2qulw2s23avb5cwt2hhfcrtsl7hbudsjptejwei2bfps5lz65fed74tjoldjgf52bxzm43c2xruvat2xc5iheums2voat4doqtcepbchayus7azhe3tiojmaulauvqtayit4f3ediury7znfmlr4cjpe54xon2ohuahqlzmeazfogs7kmiqohlfir7eqmsrdmhrmnq6amxcoij3duydwrbcguqu27l3p5jqorsejfqeo7cyof6jvyozu7rnrq4vtrewv44h32lv2bsrsgdhfm6fourpzw57znur53ho4t3gwf5k6gb3jmv5rswmstbqi52vs6pnnyugagqmeqahaqljdq7siokpdiec4ijxo5zjuva6j5ui5gho3jzvqb32onqlb7ccj2nzgv3gaj7e3v37c4y3c62kkm3e2ofncqcm4nfby5nj5e34j52smur4iqrv2edj5cqrt3sws5ga%3D%3D%3D%3D%3Fu%3D&icons=-YTpR3n9f1HLRxXFD51_xe8G8eG9yQJgn2X4yv_9WNAUmOYySu27ZYaPc-5APwu-57nIGkuWX2tKvtg2pjcPoR7A_TJrZH88NqUKUNq4aE948ensxb5Bf4HLNxc0X_TYaBEx5HPdHu0VmsY4qpUyycEEZ5NjEh7EvoP-2jcQzLqAuuWNkg&ext_cid=0&px_id=65106408&min_cpm=0.03462614833213589&out_id=1&campaign_type=lq-pop&aid=412&cid=2766&uniq=&mid=7680315957225668597&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.016337016568880893&cpm=0&verify_hash=bfc86b16e61cdaaccc810ffbed189ce8&is_native=2&real_bid=0.00044043041624406895&original_bid_usd=0.000473632025718689&original_bid=0.000473632025718689&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=129,130,108,0,89,4,5,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701624138&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.000473632025718689&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000047363202571868895&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&mlc=1&st=0.09&cpa=4b101352-10cc-4d79-af7f-e2af6889b383 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=5a9b82ef664f233d038c5b891561cc91&url=https%3A%2F%2Feu.histi.co%2Fnty%2Fpostback%2Fclick%3Fkey%3Dv2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&icons=H1gJyOWAl6shEQ4HqqGRx15GpaotH-ws-0zMbgbGHBzzvdSK2nI3-A2rw2rUcuQbGAu4MwLX_0c3VZE6Z9ltJJWFq1w0Vhhua9UE0Y02GEt6oy1cDBvfOTa7gtVWr5huuqrD7BTzRjOu5Z973Tya8HWV4Uv4f-WKo27qaXwvRO6xs-ZGRE1j9dhqTESmMcU9RzL3TSLwuXinIgkkkyCmf_KgMVzdxb-Pijqm0b6cXWnatJcZrsZ1PZhXTfwi-_bAY_8XpUvd-Qogx48b9w0AZDwbJU2sNMXunhLoCcH799dKNUjJ4raWQWWZIDOakm5yOKMx&ext_cid=0&px_id=31418774&min_cpm=0.008573967770730561&out_id=0&campaign_type=mq&aid=3251&cid=12822&uniq=ce907f2c394b3ec9a5c6a06f6f7c0895f4699e55a1cbe1cab376ca739bd37c49&mid=7680315957225668597&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.005085424985996506&cpm=0&verify_hash=d0908d46fe003d1b3ec07b8162762b47&is_native=1&real_bid=0.0005536740195751182&original_bid_usd=0.00066&original_bid=0.00066&exp=240&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,98,93,5,106,123,76,81,101&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701609738&image_url=https%3A%2F%2Fcdn.amnew.net%2F723b86293ff1abf9cf66c917a39a0f9b.jpeg&site=native-push-adult&price=0.00066&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006599999999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=4b8ab6a4-2e2f-4ae8-9213-b1f2e31ce898
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=5a9b82ef664f233d038c5b891561cc91&url=https%3A%2F%2Feu.histi.co%2Fnty%2Fpostback%2Fclick%3Fkey%3Dv2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&icons=H1gJyOWAl6shEQ4HqqGRx15GpaotH-ws-0zMbgbGHBzzvdSK2nI3-A2rw2rUcuQbGAu4MwLX_0c3VZE6Z9ltJJWFq1w0Vhhua9UE0Y02GEt6oy1cDBvfOTa7gtVWr5huuqrD7BTzRjOu5Z973Tya8HWV4Uv4f-WKo27qaXwvRO6xs-ZGRE1j9dhqTESmMcU9RzL3TSLwuXinIgkkkyCmf_KgMVzdxb-Pijqm0b6cXWnatJcZrsZ1PZhXTfwi-_bAY_8XpUvd-Qogx48b9w0AZDwbJU2sNMXunhLoCcH799dKNUjJ4raWQWWZIDOakm5yOKMx&ext_cid=0&px_id=31418774&min_cpm=0.008573967770730561&out_id=0&campaign_type=mq&aid=3251&cid=12822&uniq=ce907f2c394b3ec9a5c6a06f6f7c0895f4699e55a1cbe1cab376ca739bd37c49&mid=7680315957225668597&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.005085424985996506&cpm=0&verify_hash=d0908d46fe003d1b3ec07b8162762b47&is_native=1&real_bid=0.0005536740195751182&original_bid_usd=0.00066&original_bid=0.00066&exp=240&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,98,93,5,106,123,76,81,101&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701609738&image_url=https%3A%2F%2Fcdn.amnew.net%2F723b86293ff1abf9cf66c917a39a0f9b.jpeg&site=native-push-adult&price=0.00066&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006599999999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=4b8ab6a4-2e2f-4ae8-9213-b1f2e31ce898
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FeEPrsKwbEDX&refdom=poop.media&auction_time=1701537738&subid=357529620&sid=1546107667&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FeEPrsKwbEDX%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=5a9b82ef664f233d038c5b891561cc91&url=https%3A%2F%2Feu.histi.co%2Fnty%2Fpostback%2Fclick%3Fkey%3Dv2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&icons=H1gJyOWAl6shEQ4HqqGRx15GpaotH-ws-0zMbgbGHBzzvdSK2nI3-A2rw2rUcuQbGAu4MwLX_0c3VZE6Z9ltJJWFq1w0Vhhua9UE0Y02GEt6oy1cDBvfOTa7gtVWr5huuqrD7BTzRjOu5Z973Tya8HWV4Uv4f-WKo27qaXwvRO6xs-ZGRE1j9dhqTESmMcU9RzL3TSLwuXinIgkkkyCmf_KgMVzdxb-Pijqm0b6cXWnatJcZrsZ1PZhXTfwi-_bAY_8XpUvd-Qogx48b9w0AZDwbJU2sNMXunhLoCcH799dKNUjJ4raWQWWZIDOakm5yOKMx&ext_cid=0&px_id=31418774&min_cpm=0.008573967770730561&out_id=0&campaign_type=mq&aid=3251&cid=12822&uniq=ce907f2c394b3ec9a5c6a06f6f7c0895f4699e55a1cbe1cab376ca739bd37c49&mid=7680315957225668597&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.005085424985996506&cpm=0&verify_hash=d0908d46fe003d1b3ec07b8162762b47&is_native=1&real_bid=0.0005536740195751182&original_bid_usd=0.00066&original_bid=0.00066&exp=240&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,98,93,5,106,123,76,81,101&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701609738&image_url=https%3A%2F%2Fcdn.amnew.net%2F723b86293ff1abf9cf66c917a39a0f9b.jpeg&site=native-push-adult&price=0.00066&hostname=auc-inpage-hz-8-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006599999999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=4b8ab6a4-2e2f-4ae8-9213-b1f2e31ce898 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
200 OK 376 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 376 kB (375458 bytes)
Hash 65b98e31f2a22bfc2ae827300f514b93
8d66b3140eaabf1eff5990961d013af5e948df5a
6ea2b64aa9ed05099682f877c6f257d5ebc03814c5910a9dc91a3eae94bf6879
GET /sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/jpeg
content-length: 375458
last-modified: Thu, 19 Oct 2023 16:13:01 GMT
etag: "6531558d-5baa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2646654
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQiei7h45fuO2Jtv6zR31n9PspXrCl9Jzcy3BtWn3lZv2TDueQsb40ZX8TGVZhYRSFxjO9aotzt8HsWrUFLS07JKmi3e5fP2l8Ed72ddYgHCwzUoGOGWwWzETQ5FHLwMTIRXx1TDxOTV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405add6163b3-LHR
alt-svc: h3=":443"; ma=86400
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=3ade3238-6240-42b7-bef9-fc188031b773
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=3ade3238-6240-42b7-bef9-fc188031b773
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=3ade3238-6240-42b7-bef9-fc188031b773 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
200 OK 9.9 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/button.png
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 374 x 158, 8-bit colormap, non-interlaced\012- data
Hash 820ad88853e09bfa31ecc6dfd93c07ec
c8d408a8618a825a5111c51a6fe2e30f4d53098c
948bc0c4bd13d058c1c64f903453f928ecfdcd87686eebe6f9a73618e24d4bbd
GET /sb/interstitial/games/hentai-heroes/main/8/img/button.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/png
content-length: 9865
last-modified: Thu, 19 Oct 2023 16:12:57 GMT
etag: "65315589-2689"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2127472
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrmqHvJzOdo8W5aOGu8BJUS1roCtcziMoMUpO1UahXUvTqWUDmaI4K0aAucxK9JLYRmpn6MAwKVEHYOn1Pm4Jp%2B9fB8%2FQphOJUOBUDeLcq28rAR%2B5KoqQaalGyIomqThg8hPtNtjsur8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405bce8c63b3-LHR
alt-svc: h3=":443"; ma=86400
cdn.amnew.net/723b86293ff1abf9cf66c917a39a0f9b.jpeg
200 OK 27 kB URL GET HTTP/2 cdn.amnew.net/723b86293ff1abf9cf66c917a39a0f9b.jpeg
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subject*.amnew.net
FingerprintCD:FA:D6:90:CC:92:60:B3:98:F6:3F:6B:31:49:10:90:01:51:A0:DE
ValiditySun, 08 Oct 2023 23:08:29 GMT - Sat, 06 Jan 2024 23:08:28 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash b6adc8fe2c455880dbf98dc6d6dece09
6ffd7007120832c5d3b43dc58cf7d34eeecd017c
6c9fcdc65047551c25d974d66cbe000cba5110baa4f41b453b96a9d1599a8360
GET /723b86293ff1abf9cf66c917a39a0f9b.jpeg HTTP/1.1
Host: cdn.amnew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/jpeg
content-length: 26567
last-modified: Thu, 05 Oct 2023 15:57:10 GMT
etag: "651edcd6-67c7"
expires: Tue, 12 Dec 2023 14:42:41 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/3 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:rM2BS2Um5vYns-Io3FXzXjJH_tUMSg:3o4y0rrZpA71eZZs; Expires=Mon, 01-Dec-2025 17:22:20 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3KvInR1swS9T00mzD6V-nZWDi7vEHaOTDdE-aN4N1Tbx3Qc9G2stDGepH_1szgdcpi9Xic
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-JY37qeF1kjsnrbzRNDa7Wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
eu.histi.co/nty/metrics/save.img?event=impressions&bid-id=v2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&img=https%3A%2F%2Fcdn.amnew.net%2Frichads-icon-pack%2Fdating%2F6.PNG&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=ef15e106-dd0e-4001-9d13-a374dfa1cfa1
302 Found 0 B URL GET HTTP/2 eu.histi.co/nty/metrics/save.img?event=impressions&bid-id=v2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&img=https%3A%2F%2Fcdn.amnew.net%2Frichads-icon-pack%2Fdating%2F6.PNG&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=ef15e106-dd0e-4001-9d13-a374dfa1cfa1
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subject*.histi.co
Fingerprint82:6D:17:16:6F:80:15:D5:8D:45:F1:F8:56:02:25:10:5B:76:7C:28
ValiditySat, 07 Oct 2023 23:09:12 GMT - Fri, 05 Jan 2024 23:09:11 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nty/metrics/save.img?event=impressions&bid-id=v2-1701537738431-7-9306-1244492-ff7561b7-35dc-56ef-d9ed-906af8335295&img=https%3A%2F%2Fcdn.amnew.net%2Frichads-icon-pack%2Fdating%2F6.PNG&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&st=0.09&cpa=ef15e106-dd0e-4001-9d13-a374dfa1cfa1 HTTP/1.1
Host: eu.histi.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: openresty/1.21.4.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-length: 0
location: https://cdn.amnew.net/richads-icon-pack/dating/6.PNG
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 1.1 kB URL GET HTTP/3 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (393)
Hash 38d3a0014cdba7b4dc4fea86de0490a7
06d0b2f7e7894918019e8928e11fd7e8fde4f226
8bb68c182a04387343a285abccbe7440e60fa21d2b496c5ff5e8cf213ec0214c
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 02 Dec 2023 17:22:20 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/3 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:8m1132rqBnwszBu6XrFNW7-7ttOhug:2MFSMh10hWsbmCKs; Expires=Mon, 01-Dec-2025 17:22:20 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3J1m0it0UU7Vt-JKMehYpMj-8Sk8lkIB04a45DxjqdXtqSStgbswE464pAy0YXb2ZP32L9uw
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-8NA13D4pvMttdvuctGN0nA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.amnew.net/richads-icon-pack/dating/6.PNG
200 OK 49 kB URL GET HTTP/2 cdn.amnew.net/richads-icon-pack/dating/6.PNG
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subject*.amnew.net
FingerprintCD:FA:D6:90:CC:92:60:B3:98:F6:3F:6B:31:49:10:90:01:51:A0:DE
ValiditySun, 08 Oct 2023 23:08:29 GMT - Sat, 06 Jan 2024 23:08:28 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c5c17a405f78c153f100bf4bd9b9269
cc11be3a8c4144ba590dbbae4160fe9e5a6b61de
ee2f741dc8c6b0349d8c36d8bd5b4a44c6bb786aa05e87e3ab0c9f2dff7e17e5
GET /richads-icon-pack/dating/6.PNG HTTP/1.1
Host: cdn.amnew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty/1.21.4.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/png
content-length: 49431
last-modified: Tue, 14 Jun 2022 12:09:10 GMT
etag: "62a87a66-c117"
expires: Tue, 12 Dec 2023 14:24:13 GMT
cache-control: max-age=1209600
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3KvInR1swS9T00mzD6V-nZWDi7vEHaOTDdE-aN4N1Tbx3Qc9G2stDGepH_1szgdcpi9Xic
302 Found 400 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3KvInR1swS9T00mzD6V-nZWDi7vEHaOTDdE-aN4N1Tbx3Qc9G2stDGepH_1szgdcpi9Xic
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Hash 21c5f19a61c403948a4c1295c9c1f5de
d5651b6c0ee1d49a0058bfe3350cb7e0a09012ef
61598168b9204029beb2c47a8e595dd1d2a5c6b276fda4d6e4fca2a90d47e0cb
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3KvInR1swS9T00mzD6V-nZWDi7vEHaOTDdE-aN4N1Tbx3Qc9G2stDGepH_1szgdcpi9Xic HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:C9iB354TWjWh1WBEZ4IMBT3gSK1PLg:Q3OY0hj4PxGwbrpX;Path=/;Expires=Mon, 01-Dec-2025 17:22:20 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp28e7bWl154AL9ANqo4lu8fV0ZPv2NOzw-fyRjYNq4xGdGqja-3NhVl2s9ejmuoCqz_v15dSA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436515256%3A1701537740319193&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-NmK-uvO-r40EnN7MWEYpHA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 400
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=lFHXS4IVE7ghCEuzWNn0BmgoafvXtMNK94HsS_JwacQEb4yS_uGbb1a8175tzziv_0lH0gn3uZF4IvCgUoPIcs4T7INPmiEU6qC3FKZlHVMPiHBxmNzjXO3PQs73xHlVZU3_mH4N9DYzxy2_D5gLx6FFjcUB6_5IbODbFT734RlgI_ItvA&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,4,59,5,129,0,123,89,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=f92a7832-7052-4fa9-b7f9-8f317ac7a200
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=lFHXS4IVE7ghCEuzWNn0BmgoafvXtMNK94HsS_JwacQEb4yS_uGbb1a8175tzziv_0lH0gn3uZF4IvCgUoPIcs4T7INPmiEU6qC3FKZlHVMPiHBxmNzjXO3PQs73xHlVZU3_mH4N9DYzxy2_D5gLx6FFjcUB6_5IbODbFT734RlgI_ItvA&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,4,59,5,129,0,123,89,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=f92a7832-7052-4fa9-b7f9-8f317ac7a200
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=lFHXS4IVE7ghCEuzWNn0BmgoafvXtMNK94HsS_JwacQEb4yS_uGbb1a8175tzziv_0lH0gn3uZF4IvCgUoPIcs4T7INPmiEU6qC3FKZlHVMPiHBxmNzjXO3PQs73xHlVZU3_mH4N9DYzxy2_D5gLx6FFjcUB6_5IbODbFT734RlgI_ItvA&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=1&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=130,108,4,59,5,129,0,123,89,27&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.09&cpa=f92a7832-7052-4fa9-b7f9-8f317ac7a200 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3J1m0it0UU7Vt-JKMehYpMj-8Sk8lkIB04a45DxjqdXtqSStgbswE464pAy0YXb2ZP32L9uw
302 Found 406 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3J1m0it0UU7Vt-JKMehYpMj-8Sk8lkIB04a45DxjqdXtqSStgbswE464pAy0YXb2ZP32L9uw
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Hash 37290036bbbc5ef77677dd0a2542ef79
aa48edbeb570e44c99cd2adb93dedcc20495c779
5fc14a069208c3e9d832b2fd3b89aee6f74192fe6d20a5ab27956ce0c4208e8f
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3J1m0it0UU7Vt-JKMehYpMj-8Sk8lkIB04a45DxjqdXtqSStgbswE464pAy0YXb2ZP32L9uw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:_W6a_cDTp1YoevWktzIe3sN0K_06zg:uwKsPYrPO3DsblBE;Path=/;Expires=Mon, 01-Dec-2025 17:22:20 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0PbEScnjCPZLDrXsABlxmN34AOfQfIQu9pZyS7cwAEtrc98SHjiMkJG2GMcyJac_-B6GZW_Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1275600268%3A1701537740403958&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-ahkm3JlSfuyTXUORgQhb1g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 406
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp170TmtE9BLIz1Pknog00ZdGbuknSDSYXGulSMkVRBkQmGQzAncbiUvh0yL9ygpy6fkHcXn&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S84512219%3A1701537740241129&theme=glif
403 Forbidden 1.2 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp170TmtE9BLIz1Pknog00ZdGbuknSDSYXGulSMkVRBkQmGQzAncbiUvh0yL9ygpy6fkHcXn&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S84512219%3A1701537740241129&theme=glif
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1650)
Hash 1ef70e80fdcab1f58e3656fa1d2c0acc
b719f596ce48406c10c15c878537636a7ff9f36f
552b90d5123997564928076c5070e211a492dc2abcab5c95939abe84b4162aeb
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp170TmtE9BLIz1Pknog00ZdGbuknSDSYXGulSMkVRBkQmGQzAncbiUvh0yL9ygpy6fkHcXn&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S84512219%3A1701537740241129&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-hvCFX3VCNQNUEufKxOCKLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css
200 OK 5.4 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/animate.css
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/interstitial/games/hentai-heroes/main/8/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 16:12:56 GMT
etag: W/"65315588-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NO87%2BEJOfLfM68NgFMD%2BH0q5kzXLKtBLuS46zmizd8qkKp%2BHcdVM7ng4h01j7edtU0twYb3piGqitlGK4u9R91pLYirrItjtgyzFt7JBit15ewUjFoy1R%2BuY%2B%2BFA4Tdn967Ey1v9g3hk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405b6e2263b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0490d70d-bbfb-4649-856e-f14eaa434d4c
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0490d70d-bbfb-4649-856e-f14eaa434d4c
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.09&cpa=0490d70d-bbfb-4649-856e-f14eaa434d4c HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/style.css
200 OK 1.1 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/css/style.css
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash 557c0926d0e3e54bc6740f4986353a92
077be1fd5ad2de339c0c121c4a3c30ed91fbbc32
39085561aabf95993548b91b139b647f6e6b4332fd045ada6ff2c075990e8ebe
GET /sb/interstitial/games/hentai-heroes/main/8/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: text/css
last-modified: Thu, 19 Oct 2023 16:12:56 GMT
etag: W/"65315588-958"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22zVV84qjZVeYeiE70JXiRwlIJHZ5ODR0LVWEaM4asrLLj27Mp5BEeOmS1K66YNIKYvwdJNAk62KcBkK9SFINQ%2FDyF8mDEvUjGHTTIvAHoqxcCVOhBZGjsDwPGyGco8bgFPqh6WhtII4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405b6e2563b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=oojWRJ-M76Qsibjtgd0Zk9f7oJXLsn5kLEM1KkBFkgZ_utgWZsOGh_IpY-xfR4CWfS_2BhPj2FK515hn72FELN0Qv_zpL-Qiqn2CoUgJT7EvZnctbSccHjxo6qzMoQfzi5-lhucXne8_l4f3Y4kma4K-0AF419rE2wCjVd9sCe8bADyW-w&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=59,27,129,130,108,0,4,89,123,5&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=f60b4741-c3bc-4973-9a77-000765b2933c
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=oojWRJ-M76Qsibjtgd0Zk9f7oJXLsn5kLEM1KkBFkgZ_utgWZsOGh_IpY-xfR4CWfS_2BhPj2FK515hn72FELN0Qv_zpL-Qiqn2CoUgJT7EvZnctbSccHjxo6qzMoQfzi5-lhucXne8_l4f3Y4kma4K-0AF419rE2wCjVd9sCe8bADyW-w&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=59,27,129,130,108,0,4,89,123,5&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=f60b4741-c3bc-4973-9a77-000765b2933c
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FZqncwCsCIXV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1120762550&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FZqncwCsCIXV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DQnhOVUY%26eid%3D722%26n%3D4c96bb2a8dd9cbadc8b53fea%26nid%3D1%26sid%3DaVnUlec%252F5q0kKozFmH25VpeVEi4RzG404DJJSe08aYZHaVEzo1HWftCvh8sDQoZJo%252B%252FoxHRJDG%252Bno3EwwbEyr8jyy7IfoGu8rTdWo5ypNJdslqpTUeHcqzWcw70SAKZ4UHFSwPUHmE47Z%252Br9wvm8d3dEl8BOxZHteMFY%252BKZcKo40pav8xTXil7JHh3JH8Vfjdwj0o%252BLFNEF6YnhpINpP9I%252BpsFs05nttcivPr%252BWGYFHhDDaO4AWPqrWp1109ezvPl%252BQdYFfb%252FaadIaGZugM6yZIkM0D7iPwpJAEaYqGdFY5EHHWbYP9y4oMzUU1sh%252BKmmsJ4oe6ysGXLVG18o1eJa0mjZY3b66IXp7VEqiqOBTU2xXP6VDn7OgSSJrfOqJQlT1sG9cgB9ZMoiw5mLToSHkTAiw391iBT%252FH9ejn2vWU5c3J%252BlIE66lmtWWKF6JQwgOo2%252Bfeu%252Fcf%252FepWSa7gyd6r%252B1UxwuwwwpCaBtHcHTtdr2iiSCSqm5npav3XhpIE3SYqhNSf0cIyOwEDkki%252FNCWbnbC5cHdiQrvsKxN8egSn3cfXuPCr8xL0JzRJSEko27IQGbT2hwp3RGnwL8ALsQv%252FDDstwtWNlmKeqKOmlOn0%252F%252BkeAV4UCYWkBdJT1Pdli%252FhCxgVImUS0pocyCRJfFTmo3A0fSS6unLvU4OTHVqv0DpeQR5hRCTp03QUtU%252FDkJ5enyzpXkPPqJn4JEKcZC4hUK%252BSVWGFV22yQygyj1U6pD7pakqINUNrGjrRGu29HV6VfTF77PLo3RCxPFejKE32%252BHXCZ8iHN3Qc1FR7EM5lhgfSObAONFvNRZK%252FI3L6lmKmROH4xantTXPqYaq8wuH94tgTBH3iYQKkc159%252Ben4SCWrverR3ds%252FGrhlCB3E5O6Mhu%252FijBRR1X5nUtd5RrOjRsUMWEpemCsjsXz9GMeo%252BHjUk3qyTdCd5rvUNL0L0ryiZfoC8QGLNIOeVI1iJt5mF%252BJZNpzNRakeqrwh9yn23Z9QUWee%252FMZtXRmxZTVcZ5KXZ0vHQque7QoS39h1yKIW3L1dHa%252Fdlt3X7NGLKeoxfrDh091l3cX49zUw4SQnlVG5wkTYiEDe5%252B7HH2rlHqbi0%252FW5uFeWOlzXpJewW2rIfyUOUSKXUXyNx1uBxp6LRDIf4hMlzlBfaNmyDKK6fw78lxXiLhozFk4OrSQu1w84e5%252BRSojNi85O6pFQr60bJ75xL8ustVwhsUOP3VovGWrmzYdhGp0vNDrd10vqVfjViNlUdkJnjG2a4qAZCwVoONtWlmWp0rmLRyBYAosd9ZGZ9zsEOlsPkzbWraNwbyP0nbbzmwNPGE9JkCUBu6dXFl87%252FIlqOJixs5sftwAPoquLBXldYObf70P%252FDYh0pJpDE54LJMNeMcgdxjuFxlfIywMDZC2VYRKf5qnh1r7x8NJ8%252FKLw%252BgKGlMtELYwD1TdpQ0li6UNxEo%252FnjI%252F10Z%252Fbyl4MTraFSv1wsJ6oUQlj6KI3S%252BbD8GEqmTvZE6Nj%252BzKfLNuYzEdFiY4LYK8IcEJpajTrQqwD740JZ9GiEazTtK3YyoOnKAimFRZm%252B4YdQIVe4gzQ4O%252F1me1tBcUhzbE9f7TSzqiCY8ZqDt6rDopFRjru%252Fd1%252FNL4rOK%252Bv9GE%252FrE6f5JzlW%252BbrMqgmlx0S3i9%252FYIdHgEoeHvbYg%252BriSGrgpyKtIcYhiA3Kke4DNQ82KmYUNgziaUPdAx%252BDPYARJYMlEc1M6hFTFqubJYwg90gjCFHO6xBLKwWR2V5l0a8zG8hMZvp%252F4Vav9grfUhGfWrAYntM%252BobGH7x5fPuT81Zi5SLXrpGEyOBwB7CXTuqMcDjQnyGA3fovadtiiM9zhE0I3lCWT8HmWZm8xpqj7BewDoHgA1fxszgUgmraX%252Brp%252B4u2CmEMPaJ4vTMTr10sFoKJbm4x9nZA9Ur%252FdKEMbpzaBwd9wzRax1RtkecpCxPPImS%252FcuJyDhN2SkjIJPGvURUEYJJtQKtgKGJk1OxPSQaOFvpVlXPlxGMz26b8kfcwR4hxjwVUgGYw16og9uGiA%252Ba2%252F2Aq%252Bc7eXDY1cUQ9eG4xNhO6sidAEaE0sBsdLjXa4AIg2PHc78We5JazFnilzSXvJpHA7NOzMlf1JwIzaRLabZQ5w9KVktdLJjhwNaVnozm8HAVo%252B2Kh5x2FKrZ4UeAPEm2JIaAH2NhsPBqsAJceKA2GsMTMqqXBQvQT3QpAv06DvJhVIlKRIArSOqQ%252BbN2Si%252FmIPqbpEiZ0re1qFV7wfh0dMEV1xW9cEJuIY1O2lUNdGwrfh%252FblPwUXHdIoEReYoXhXv8Xhptqz1PFJKjhPj6O1BxRz675SZ6aLBFzu0bxHGBK%252B2E3n627uhvwux1iBRNB1w2HOcqTZi3KngkRW%252BKyQtDvRFgNO2y1od%252Fk8zTDQesIP%26ssid%3D3298447862DdBKsNVE%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=oojWRJ-M76Qsibjtgd0Zk9f7oJXLsn5kLEM1KkBFkgZ_utgWZsOGh_IpY-xfR4CWfS_2BhPj2FK515hn72FELN0Qv_zpL-Qiqn2CoUgJT7EvZnctbSccHjxo6qzMoQfzi5-lhucXne8_l4f3Y4kma4K-0AF419rE2wCjVd9sCe8bADyW-w&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=171722439716247168&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=59,27,129,130,108,0,4,89,123,5&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=f60b4741-c3bc-4973-9a77-000765b2933c HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
rollerstrayprawn.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIsGhB0PEtDA%2FgeCsGeZyUDwQdV7r753%2BL7v1Vd7xQXxUdDzzU90XypF55s1z31nS6Zcl9Zdf%2BD6Xs277W7JdKFx2%2B1NLtN9z%2FeaNe%2BWuyJYR8%2FXPd%2FzfM93l6URse7NT1HI7MmiX1v0ao16zW820DP%2F723hwFIHvHtB3oDk45e3f30KyUZIkx%2FvCtvJdfbuR0mhaK4Nuvzos7ST6jJFclXGxkGcHs2moe2YkG%2BvQadHMwXQ3f2JAkRyTJw%2FfUTp0Ywmou7BJdNIQaSI%2BHWU3RGEGkHSEZh%2BCMmfEYBxrG8gTQ7XtSnpziVKJ%2BiYzL34F7Ick7m%2FbyBNjpeU7Ln3tSpyqVOLXlxB9kaQ7RGy4hR534EsT8HyLyH572T%2BxRrSZH%2FDKg3Jq6l6KUeQ8QhKDECtg2JypIMidlBkDhJ%2B7tLmYux5rTiKgyBsMMaCgLFmuMCbPGiEsYeCTegNkGcDMDUAM7vIzC46cgBT%2FAy7XcFyBzYfE%2BfTXXR5hVIQlJagpASlJChzgrJbHXBl67Y65MoWkT%2FL9VkOqqHO23v0QOdtkRJQM9jLLsjrE2%2Bc5dBFR5y7QTMMRYsFcTNqhJQyb4GKMBBNv74Qh5wxWFlB2mtTuX05Jv6tm8jkmLzy1wkiegqrTsHka6DFW6DlsFX3QLeHjdBDP32caZ3VEsElBdcVsnwO%2BY6zpy7Im9MNrXxTh2Bnd95%2BvnJ8o%2F8czFTITIUv5C8EbfVoeE%2BXZP%2BeLi15upHlMpF9Otne%2FZzmYu7xx2Kn1Iav3rWD7z9gE2BSPnkgbL5GUy7TtiU%2FLEnOhVnWhgny06rdEtFmYbeXCpMW2drmh8urSWaEtVKnI1D57PMTMDkmrx7OT%2F%2Flze8SSDOCKSokxRmZBaQ%2BBct2YbOzO9cn3FeOYTWBUVczUeagLKqhqUdXj0oSKHHV06iCFVcWROLs5J9LbM8%2BQts4oPlDpEmFrqnQVRWoGsAWLw3zzJy9%2F0cwDUTKGUbKOPuRMurrS2utPHebfkOEUdhinEeCcb9VD8LA8%2BqcN1qLwl9Ebsei0%2F7tPwAAAP%2F%2FAQAA%2F%2F%2B2JhzNbwQAAA%3D%3D
200 OK 7 B URL GET HTTP/1.1 rollerstrayprawn.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIsGhB0PEtDA%2FgeCsGeZyUDwQdV7r753%2BL7v1Vd7xQXxUdDzzU90XypF55s1z31nS6Zcl9Zdf%2BD6Xs277W7JdKFx2%2B1NLtN9z%2FeaNe%2BWuyJYR8%2FXPd%2FzfM93l6URse7NT1HI7MmiX1v0ao16zW820DP%2F723hwFIHvHtB3oDk45e3f30KyUZIkx%2FvCtvJdfbuR0mhaK4Nuvzos7ST6jJFclXGxkGcHs2moe2YkG%2BvQadHMwXQ3f2JAkRyTJw%2FfUTp0Ywmou7BJdNIQaSI%2BHWU3RGEGkHSEZh%2BCMmfEYBxrG8gTQ7XtSnpziVKJ%2BiYzL34F7Ick7m%2FbyBNjpeU7Ln3tSpyqVOLXlxB9kaQ7RGy4hR534EsT8HyLyH572T%2BxRrSZH%2FDKg3Jq6l6KUeQ8QhKDECtg2JypIMidlBkDhJ%2B7tLmYux5rTiKgyBsMMaCgLFmuMCbPGiEsYeCTegNkGcDMDUAM7vIzC46cgBT%2FAy7XcFyBzYfE%2BfTXXR5hVIQlJagpASlJChzgrJbHXBl67Y65MoWkT%2FL9VkOqqHO23v0QOdtkRJQM9jLLsjrE2%2Bc5dBFR5y7QTMMRYsFcTNqhJQyb4GKMBBNv74Qh5wxWFlB2mtTuX05Jv6tm8jkmLzy1wkiegqrTsHka6DFW6DlsFX3QLeHjdBDP32caZ3VEsElBdcVsnwO%2BY6zpy7Im9MNrXxTh2Bnd95%2BvnJ8o%2F8czFTITIUv5C8EbfVoeE%2BXZP%2BeLi15upHlMpF9Otne%2FZzmYu7xx2Kn1Iav3rWD7z9gE2BSPnkgbL5GUy7TtiU%2FLEnOhVnWhgny06rdEtFmYbeXCpMW2drmh8urSWaEtVKnI1D57PMTMDkmrx7OT%2F%2Flze8SSDOCKSokxRmZBaQ%2BBct2YbOzO9cn3FeOYTWBUVczUeagLKqhqUdXj0oSKHHV06iCFVcWROLs5J9LbM8%2BQts4oPlDpEmFrqnQVRWoGsAWLw3zzJy9%2F0cwDUTKGUbKOPuRMurrS2utPHebfkOEUdhinEeCcb9VD8LA8%2BqcN1qLwl9Ebsei0%2F7tPwAAAP%2F%2FAQAA%2F%2F%2B2JhzNbwQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectrollerstrayprawn.com
Fingerprint9E:74:D1:93:DF:47:C6:06:84:EA:02:9E:E8:F3:B5:CF:52:D3:9F:D0
ValidityTue, 28 Nov 2023 10:59:19 GMT - Mon, 26 Feb 2024 10:59:18 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXuPFRVDZiwexb%2BuCTLqnZzId9%2BAa14RgTOLuSq5WV1VPyqnuaqq6pydzCi7IHkfw4LHzTX7ougT3D5DIxIsGhB0PEtDA%2FgeCsGeZyUDwQdV7r753%2BL7v1Vd7xQXxUdDzzU90XypF55s1z31nS6Zcl9Zdf%2BD6Xs277W7JdKFx2%2B1NLtN9z%2FeaNe%2BWuyJYR8%2FXPd%2FzfM93l6URse7NT1HI7MmiX1v0ao16zW820DP%2F723hwFIHvHtB3oDk45e3f30KyUZIkx%2FvCtvJdfbuR0mhaK4Nuvzos7ST6jJFclXGxkGcHs2moe2YkG%2BvQadHMwXQ3f2JAkRyTJw%2FfUTp0Ywmou7BJdNIQaSI%2BHWU3RGEGkHSEZh%2BCMmfEYBxrG8gTQ7XtSnpziVKJ%2BiYzL34F7Ick7m%2FbyBNjpeU7Ln3tSpyqVOLXlxB9kaQ7RGy4hR534EsT8HyLyH572T%2BxRrSZH%2FDKg3Jq6l6KUeQ8QhKDECtg2JypIMidlBkDhJ%2B7tLmYux5rTiKgyBsMMaCgLFmuMCbPGiEsYeCTegNkGcDMDUAM7vIzC46cgBT%2FAy7XcFyBzYfE%2BfTXXR5hVIQlJagpASlJChzgrJbHXBl67Y65MoWkT%2FL9VkOqqHO23v0QOdtkRJQM9jLLsjrE2%2Bc5dBFR5y7QTMMRYsFcTNqhJQyb4GKMBBNv74Qh5wxWFlB2mtTuX05Jv6tm8jkmLzy1wkiegqrTsHka6DFW6DlsFX3QLeHjdBDP32caZ3VEsElBdcVsnwO%2BY6zpy7Im9MNrXxTh2Bnd95%2BvnJ8o%2F8czFTITIUv5C8EbfVoeE%2BXZP%2BeLi15upHlMpF9Otne%2FZzmYu7xx2Kn1Iav3rWD7z9gE2BSPnkgbL5GUy7TtiU%2FLEnOhVnWhgny06rdEtFmYbeXCpMW2drmh8urSWaEtVKnI1D57PMTMDkmrx7OT%2F%2Flze8SSDOCKSokxRmZBaQ%2BBct2YbOzO9cn3FeOYTWBUVczUeagLKqhqUdXj0oSKHHV06iCFVcWROLs5J9LbM8%2BQts4oPlDpEmFrqnQVRWoGsAWLw3zzJy9%2F0cwDUTKGUbKOPuRMurrS2utPHebfkOEUdhinEeCcb9VD8LA8%2BqcN1qLwl9Ebsei0%2F7tPwAAAP%2F%2FAQAA%2F%2F%2B2JhzNbwQAAA%3D%3D HTTP/1.1
Host: rollerstrayprawn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:20 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2db0f0594e69cc1b34c4798c52106d03
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
200 OK 499 B URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash 0e2235e70c5d45defff6d4f958efd6c2
a3b54b1d2e285bf511980d1dc920d8831b5eeb3a
9457de0168c27aabaab60abbf72b737625da31f5cafe528ba2e56b57d6b38d1c
GET /sb/interstitial/games/hentai-heroes/main/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Oct 2023 16:12:58 GMT
etag: W/"6531558a-49d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1521586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FXuUZCm%2FtbI6uvNKzSUkBpe2nmDgDB%2FRHiawh9fJQUDFOpBYzpxeYFeHAZLKiCTMy50vagvf4ft8GJM%2Fe%2B6ARqLresrmstVF3e3vQIVBOuj%2FXFvAvHI9DvibCMd5J7JGMiFFD9DpT45J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5405bce8a63b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
200 OK 7.8 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/close.svg
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash 0e2235e70c5d45defff6d4f958efd6c2
a3b54b1d2e285bf511980d1dc920d8831b5eeb3a
9457de0168c27aabaab60abbf72b737625da31f5cafe528ba2e56b57d6b38d1c
GET /sb/interstitial/games/hentai-heroes/main/8/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:18 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Oct 2023 16:12:58 GMT
etag: W/"6531558a-49d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1521584
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kp%2FfG0TuitYjuExPvJXvRtSD0NKvAaURuaRbo2yVWlQ%2BOZcosVae3hqdohJYLxLKqEyvNk7tkMUkkrnI%2BnbaN5YvWmlVPnqa5IwKqlM9ZJXPtmczSXriE76BOOdd2CfMktb7aF04B9FX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f54051394463b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
mcpuwpsh.com/get/
200 OK 6.6 kB IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint79:28:0D:09:80:3E:01:BE:E8:41:79:A2:E0:E5:67:B2:C1:EB:49:E0
ValidityWed, 11 Oct 2023 14:14:07 GMT - Tue, 09 Jan 2024 14:14:06 GMT
File type JSON data\012- , ASCII text, with very long lines (6561), with no line terminators
Hash 39c24158812d2199c23d125cc2a5c275
681f8f4b4a38207b71e63edfcde9a07eeb4b8e66
29f98e91a5e9978b89bb86fa79a884d0915345d62f70f7eb16c182b9b643c068
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.media/
Content-Type: text/plain;charset=UTF-8
Content-Length: 882
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: application/json
content-length: 6561
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=e8c18edf-bc52-483a-b029-59496cc0a277&subid=388464194&sid=3757530870&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=e8c18edf-bc52-483a-b029-59496cc0a277&subid=388464194&sid=3757530870&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=e8c18edf-bc52-483a-b029-59496cc0a277&subid=388464194&sid=3757530870&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:21 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
gmxvmvptfm.com/t/9/fret/meow4/2004667/29b61fbc.js
200 OK 34 kB URL GET HTTP/2 gmxvmvptfm.com/t/9/fret/meow4/2004667/29b61fbc.js
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash be45854c91d7e99cba32afb05104ff1a
10ddec1c9e95f7878aa5bbc7c7eb34c8415b30c5
f9653c4cddb4dbeef52585a8105c9a0785971afa2ab3968747793ee286c63401
GET /t/9/fret/meow4/2004667/29b61fbc.js HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 11:34:35 GMT
vary: Accept-Encoding
etag: W/"6565d04b-15e20"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
mcpuwpsh.com/get/
200 OK 4.0 kB IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint79:28:0D:09:80:3E:01:BE:E8:41:79:A2:E0:E5:67:B2:C1:EB:49:E0
ValidityWed, 11 Oct 2023 14:14:07 GMT - Tue, 09 Jan 2024 14:14:06 GMT
File type JSON data\012- , ASCII text, with very long lines (4041), with no line terminators
Hash 074f5cd4b1bcbe382bb22155e0e89240
c555997b3627d96200cd1fb5a62c060c00e4c99c
f97b7e9e1018c9a90d988a4efba0fae351682b61f04d42433d5df557867ef74f
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.media/
Content-Type: text/plain;charset=UTF-8
Content-Length: 951
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: application/json
content-length: 4041
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
mcpuwpsh.com/get/
200 OK 3.5 kB IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint79:28:0D:09:80:3E:01:BE:E8:41:79:A2:E0:E5:67:B2:C1:EB:49:E0
ValidityWed, 11 Oct 2023 14:14:07 GMT - Tue, 09 Jan 2024 14:14:06 GMT
File type JSON data\012- , ASCII text, with very long lines (3538), with no line terminators
Hash 79a56ece2b30377d7f8964d3daa1bdb6
1fc55c02d7a00f16ff28c203a6de7632a6dd2f0d
0a6db03651ca5b2a977984540f5d8fe54ad45aa6476b6c77052a9fcfcc44b2be
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.media/
Content-Type: text/plain;charset=UTF-8
Content-Length: 921
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: application/json
content-length: 3538
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
200 OK 43 B URL POST HTTP/2 gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=231202122217792e479f1f42f2a534cd86be; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0PbEScnjCPZLDrXsABlxmN34AOfQfIQu9pZyS7cwAEtrc98SHjiMkJG2GMcyJac_-B6GZW_Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1275600268%3A1701537740403958&theme=glif
403 Forbidden 7.5 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0PbEScnjCPZLDrXsABlxmN34AOfQfIQu9pZyS7cwAEtrc98SHjiMkJG2GMcyJac_-B6GZW_Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1275600268%3A1701537740403958&theme=glif
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type gzip compressed data, max compression\012- data
Hash 2c5280b368a9ef207a95108a9eafdc55
943cae587375e0684e58dda14bba2de1e340ce16
642c1c28d4f09fd85eec1a7b65b98097d5e8accefec38b961d8d017f721c2dc6
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0PbEScnjCPZLDrXsABlxmN34AOfQfIQu9pZyS7cwAEtrc98SHjiMkJG2GMcyJac_-B6GZW_Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1275600268%3A1701537740403958&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-CvT7T-9s20L_g05Vu4pAjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
7 B URL limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
IP
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=231202122267b5fbb1d3774ab6986e687fe0; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=2312021222be4f32f02b5b4107b5f6e6bcaa; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=IV_OuW2CxfcPg6nQE-1PYd55ryt36QqBlvJlyXm8p8i08iMd21u-NO57Oq9yJpT--zCQ7cXrcf4vo0OQJqBUuQ9TLlYuZmiQuB0JbDAM889sSGPAHB-lTqESFAUVIJsnRgBt5zGDgWluMtSGzHNwe0pudxifciaf2qTFet7RoEPQbGdsfV6OGD2snoPORUApaxrOzptKaLpLtYbkwrDUcB0trYkJh4VmbcNWthOjnrBRYwOfUEYZEFdcIpjH1XLWQrAu-RtJaAEpEwS2-92XRpd_mllOsukyMSw29m1Z-pp7DgEvdLmsba-NrEeRUCDN0dy8_OPbTnuJcOKiyHunz4PdxzAcZ2bnV0mDyWlEShCTUoElKQbkF19pl9jkmD_OEMj4i13g9-sMFqtf4xU9c9CWp68K8fh1gf48pdW2gHBKoCH4t6ZgwqW2pX5R-D1yYtS4fwhYb1Uxz8kcVP2G3l9G4FLTGG5wWgp5E7Yv8WZAP8s4VyBlZ9-_LQP8pqY2l3nYx8wjKoHdUnFD2PIKu5Dzkaoor74JLa0DRMeQypRecCcrHvdRgM7v7wKvj70yyfemIAX-t-wCtNlWOLLzhBP0We0-CkuHMC9r0lFmada4hi5p74hgm5efl1VI5JG_jDOcHY7-l6hGoQ3pt9ZYMfHTeOtCGAlmyjemdN-Y3_6NRo1ZSAha4-6j1lIAUSoRLd9WZ8oLPfdmUN44UOKdoGvDc0NI7vutuyuWP4E3A5NgTIIGmgLKaX5kuMC0LLSYdq5zf7-4l5c8Qey45aMr0y74C3CYVrbHtU6dl3Cres_YKELMKCAyFw_hgc5rEr7Yl9wx87jN44mL_H8i3jpeEGlu6jii4JJn6XyrpqoCjQWjob8ml2O7cr9kx4-G4ok-pcRWSgEZc5EgJ4RRNVs3tZ_kW8ovJ1Yrx8V7jyMWIJ7UgP0svPdDsnLZ_SIasrypIFRltyjEGoSjoKOWrgT_gP_KqK9b_w1S6wpxZz2cMFHu&im=1&cb=_clo6pk47li8nhq00lxt219&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=231202122209803ddf5bce4d77b5683aeb6b; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
43 B URL POST gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=2004667&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clk3kvjjgc4lt88ija8dj4&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
200 OK 1.8 kB URL GET HTTP/2 gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clk3kvjjgc4lt88ija8dj4&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash 69ed60e63005d6914344d1a75c198ae4
a9e427eac43917f8df3f0615c13fc66d19b3e93f
b900146ee03067deefc7911433d49491d06c60dc0b0c01f98d746da7eb9ddb2f
GET /get/2004667?zoneid=2004667&jp=_clk3kvjjgc4lt88ija8dj4&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=5459536535230464&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=2312021222cf025626ea7a4758b8a61b45e0; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
mp4skin.com/embud/ZqncwCsCIXV
200 OK 152 B URL GET HTTP/2 mp4skin.com/embud/ZqncwCsCIXV
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 1469c20eeb1df6acb7d3c296868d73cf
688082b73940c0550b479a2b9e5a1e90215bdad0
53ef8bd692bcc505c4026c657245fbc395d90aa7722c37c3e41633f34a040936
GET /embud/ZqncwCsCIXV HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bBWKnKiSTmRSKuZuIgQlkONUVK7eg%2BbU9%2BXHiKCc5MbeZqLJrdId6%2BZAQRxtfM4k%2BdqGOGz%2BBvb7OvexdhBZ2YclU2c82cGbrL4BSk5mUI8F8l793E7ZlRiZ3U0ufw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f8fc356c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
43 B URL gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clrd7dxvs273rk6i42e1lz&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
200 OK 3.6 kB URL GET HTTP/2 gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clrd7dxvs273rk6i42e1lz&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash 4b14f9f710107c4f9f7bfcb9155f82c7
3f4e311493d138021e7b4f0be7fac1633214cd66
1be4ab9aec84f8495e60f866ebd039d87e1824b7dd8c2ccee38a48eb35b2aac8
GET /get/2004667?zoneid=2004667&jp=_clrd7dxvs273rk6i42e1lz&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
UID=231202122216c5f70e8a8546a49ada10683d; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
7 B URL limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1
IP
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zISjpXwy8HjdLQibW4VHrYoUyNIbh_CNHlPodzyP1OW-pXmOKJZIXX3Ntb9I76J0mGblmLKN2mTZd2spfjqwDVsgECuY_u8uItUVeJU3A0JtCSm3OvCus_styxLNjYoc1q_0Ckt4syrJvOktzor1raCcDwt4yIGk4mJ-IqcmPr6vQoXuH-s4koKbWKtkzvgTlmyG0KxUGp-ye6SYTfRBz2K7gCSv6oVBqfrAaAxCJFO2gl7XtAhycSHMAVV1O7a6lDMkSAnUZ9w4uHSEQ1dcuGTIg2HGVlvVoBv2nkzrPNMF5v80WTa-jPCAUoqgAbT9HuG9cGyXpR3KZQ7DacBGKkyXRUvNjgKAh-v-5m7xwRBdxFgIvXMwSsvzxLa6E-We5D5Wxnls0piLnIA331FP3WGUjH2wtllajeCEEdO0dgo-I5pscli7D76GNhg_6YV1hwONIXnWmnY-wURg_2TlDKZCEoxcECySgAUTQqfZ1g8mXDkutASoGzJQ-VgYO5wW_USid17GN3wiKx51Ehvge_viA7UIIakz4QSKtrrQwNCiCZtHjJhujqmucsFk1XBNsnrTbgg_JWulXehi-jYZR1y-yCr7QaKWMx0xXvbNKxmU3NozOU8kjgTmNfji5M3NNfst7LwLzUJTnfwTcL6e8Q13srpt98_yVGLMIGEBIbvO4nYXK9EgPpg7Mo728owdRod5TxFEPlXdxJBsdl_wCQBjAE1J7v9IRfAytKS9bYXXaGFvo9CNg4LmENVuUrwNt7epuao7ugxknWKQ42QCpdGNXVWJ-uzr3ZNVT6L3cmvo4xRZErq_-qx6fNMLT2WgPnMLS3jcG_kyq8_PXlBOd_V5rP4MGqhbzy_dAvSlrzFt5nlyTvlRzmE7uyHnOLaGc_HaGHd4tpZTLyb5nDZ6WUG0Lf_5m_KBgIwYFkXtsS2nprdWrszcjoVEmtpa4JUXXqDwELxmt4_d1B60YKGHEzAVHKfzmXUcRTTlMnokESWL&im=1&cb=_clbb428r8gpfmefa9opurc&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=6866911418791936&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_cld48zv11edsbbijzimh6y&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
1.8 kB URL gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_cld48zv11edsbbijzimh6y&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
IP
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash 73b2c2dca45e4b8e3cff884c48f86d6d
26eb58316702bb8e214de4819ed1ef3c5e5ca3be
71ab100a6a11861ab855271b944007d08df2aecffb04766f4c9ad9421ce59ecd
GET /get/2004667?zoneid=2004667&jp=_cld48zv11edsbbijzimh6y&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=I6S5uORC_S9eTjWSjc5_B13R-3C5AI3tfLLf9xcAsgy040Wr_BiGN-j3XcGwR6kM4x_bRuEH81iComBLKTpBlkNWmie7vs0IT4f9I4fvZ0bAi0oevBDws2TmGKsqGr9VmPKKwRJDEgGEmld67YjYt0D-dkUULPxkwHU57tzieQLDm0o6SSrxFAMEXWIx3ykmAVgqsaACAIJGXeUcSX5Us4MJqzSI2_o0TLWMc9b77Etud1BXaeGLl0NlEGFMCgPEl7gmexY7kBLLhtfSV3h9fli5whRefMyvwRne7S6AmyMlyDT0OvaT-9S8ufBEbYjnuIqp2O-IvZIkOGVuQSmLv_beOm1A3qPj2iMSgvKzv1flumHkHzyQfB_z7AFvqk8JMzsOE9dIuHlD5_DzxKTnFVcNIhJ7kxy6K5rred_Bndw2DNyfLl4Mr74KgBhhYf-UW2RMX6U6MK0bEfsRpfU6RGTAHaa7WXkGjra--5JRnYTxIalsnlgQLYA2AsDMIXw44RfU8vtdze9HmhBrObm_XJJ3j0EECdUEOM8rbMeUCm3ppHhAGkuGSfbeh1v1A5S_1gF_EQf_olaboOizph6ZbWxMtpQ63tzMF4NcuvVojpl7VsrzAEyOTxyp38LXngeB_FL9KpkdLGrIlYWtkSblIbJ0iCSHxxZWdwjJFMmsjFnuKMoAs8g7Y8454gHGwBXr3Lb7Z6Aa_9SWyk2zJkxiEMjfcFwlJ7OBh70zo8mcitDb1YsKDQcOvZOyFev0dM-WvOejQ87QoMVcGs2W0vMKjU6uXbO6KcUCBpT_YCDn_pNjXTybtdoje3Bv4cOJE4JXqlXjBLk3xDBlaJ16V_pfr6igqUsKUYr-nlyWukCVwTeyUftEKiYsLRkXkKcS2V5bqzytmg2ZD7uFItwV5kjr0cA4XFUQ49_wdHhq96NdblWssuZkEA-0Z_r2BKSGy4sT8L10D9GfOgBe8wpZZthRnh1vp3l4VuIXJkTwo9BTBckG&im=1&frq=0&cb=_cl6mboikigcsw1xbf0iizg&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=de980d60dc5e45254222b8a046fd547b1701544941&psp=zjV8qingrLPSZUEG5R1h0-DhBTYogZW1On1-XXl-5M1FX8QgaXemIVqMiE0GTZuAL4iIV4dzIAcpiKmY1YGyvfqbIT3E1ce_Gh0ZuyahnZK-v7ai2DXqpX7EVYavXyCeP-ULE-89iv5qSZ9cInx1y8UaiuftmHxog0FkFYzKfqIMWovuaEslyRW37yRCMjEJoM8GEldtnv959saAZfCzf28cFm8I__p-xJ1LWY10iXtNwNc4LyA7bYsKx2kBNlV9iLkMJN46eInyajsPlGt7w6Ak5jGZpRyaldo8tj41sRZYmrrgmqjWH-sDFBgFTyZ9k0W0OT_pZo3X6p8ZK-XsxsAVygN1-j7CBYJdGtLTXnh8DaG-KcNCT0oTxVAQoZDVkaaIaF-TRiTtaL3pBOx2PLMWllZABiPsQxpXA_6as62EbjUiVAQA6FQEzi5FVPtyRsgaJai27nE5GQ9MQfi5VxQClFLp774OsOWf8YtOVt7apHMqPKmbqddyQcUFyhtqvmfUacOQ8dqU3sDEGyYq41nVBq21wgVVvi-KYMwMjOfZBSc7bH6pUnOQlO_VLY_XK9QAIinzZwrRCNq_JO1B1-QH0Nrc5JdGWT0dHcAFWUsf0ks_dzgnV20HincIt2xmuRTTQ9J6anYu1gGEVSziZIiqePUKSxmnehdl-4gJq-iyOp9GIG_VaD13PUNiN5NDJJJM4nuigAnOetJZJQ2Z0jYh6-k7VdnBlbPvDZGqhd2T6ycRarCtPhaccWkp9mHGMtxA6uzgTjL7swpI-qLCKac1AS9hzcRLJq7V_-aQBusRCn3VrGB9OR1n02C8vp6Rzy5wtzv8olCbl0GxZkdcPiy-JbYXgZ2oY2u37fq_4r3lvHpwF8E1Xqq09FwP2U5kcYk5TUrEBcUbkwTz870Y0xJj5KuRmlHWEuotx0nm69p8T9MAtF6jQiIF3Nen7m99HoPWuzQZ85LUMwzvtIz6VPNisFawe-4korNCJ2qTVsfk&im=1&cb=_clrl9jh72v6ovkewg3ue3z&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3770686674973696&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
43 B URL POST gmxvmvptfm.com/solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=2004667&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:22 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:22 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
gmxvmvptfm.com/t/9/fret/meow4/2004667/29b61fbc.js
200 OK 36 kB URL GET HTTP/2 gmxvmvptfm.com/t/9/fret/meow4/2004667/29b61fbc.js
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash 49b79b4e8a9b36610e0edb21c32c79b1
d75b082329bcad7d07a1790594ad45dd4810d79a
863c20211b3b88c012c193b90cc84ca0b5400d266fbe532488047fc5ed165ff4
GET /t/9/fret/meow4/2004667/29b61fbc.js HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:22 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 11:34:35 GMT
vary: Accept-Encoding
etag: W/"6565d04b-15e20"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
limurol.com/ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:22 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:22 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
200 OK 376 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 376 kB (375458 bytes)
Hash 65b98e31f2a22bfc2ae827300f514b93
8d66b3140eaabf1eff5990961d013af5e948df5a
6ea2b64aa9ed05099682f877c6f257d5ebc03814c5910a9dc91a3eae94bf6879
GET /sb/interstitial/games/hentai-heroes/main/8/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:22 GMT
content-type: image/jpeg
content-length: 375458
last-modified: Thu, 19 Oct 2023 16:13:01 GMT
etag: "6531558d-5baa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2646657
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a02djU6ewTP1QcH%2BNXuqst5dWZ1xmvS%2FEkJ1n5akoFoQ04Lp%2BThkmD7c5yit%2BqddPtRiNeiUxlyHgOKnXKyJifOefaGnv9kqrGDoDlBAV8kH7l7Ovf42DH7SY5LA3wABGkrtKA4XlO%2BO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540693f3563b3-LHR
alt-svc: h3=":443"; ma=86400
limurol.com/ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
7 B URL GET limurol.com/ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF5:B7:17:E8:F4:87:B4:48:99:C9:D2:6D:DA:4A:E3:52:D3:E9:8C:0E
ValiditySat, 28 Oct 2023 13:52:28 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
GET /ssp/req/2004667/?pb=9f33c68e39d110d90953b0b4cd6858131701544942&psp=tevTSA7SCHQB69O5r76ENl7lu7BqBI_m7VHdx2efsd6QSKYGA6v-0MX8reVt0ZlCkt1MzurSPQ-BIygl8J3e1M7_HGrWQaWpcV7b6qwK8hIxRcIeE0w4HHkFnW71qjDIRVKGq7FtpfXf6RG2daaeO-dzoTBKvESLUar3tn74KvHBJ9p8RORd4v71ixgsiRQsP3rzyo0hwd915G-Q59Zr9xe9Fogch4xqbaVG_t9qy9q7VKH7U6AiZe6cKrj071Rp0GwKdTlOtOMlFJ9MUCjfuEnkAS37zvqcd599lRc8827RDOCFUjMIUTjNvRmMuTdDakJKBlgzWOQ4ivzLkttCzk3mXlD9w9lRpFKp0n5XL0mS9wwgQZiFjJRd4C8gemAHsRCe-oVmR_FjdCQcPfQQHyYChajQnYodZPRCRkQJIRkOaZXMfUYCNr1gPzFn0eFXkqgqSLKviLymEl8EeYK1MV5DV_2VJc1bBJhl3Y3uPcFwi-iF6qQXSYcQ5ueLmneyaI3Kjctnsh_A61FGVXG0pThnjmgFDWqpi9kvhzMVj_4coomXTwyaekkZL4jJBOSSRRCoyrDhEzCwc4QBelcYVcMLshuzpjemtUsk4aI78Z64IffX0N4kKPK4gUJQFF-cuQ5HwqkRRAs1IYQRczKMo-bG1hj95gtud3EglLxWJVLE_-aleaKoW1xZHRYQX5wWT9H7ZBi-NIXf5Q3V9ODa_mdRquSbcwFtUTQhxyah_2mm6njW_z8fj5X4-AI_JerG5tPvDYAVR4KTuNBz9ysubx1jIsE5pqE56THmlLwW6kuCZOhJpojP1DpqRvKE9aSUJeb8AnhJbOw0ytZDklrfobsqwhq4uzPLUbeuLMLfs5BnCynezj7i6fpo11tgNo5CEs9q0_E1JQd0OX1CgHKZQYyZ9vIrxDFERxtADDtll84X5vsUlyuGTjfpHoFcurNV0ZYj6DAJtRFTBW6F8iwmGMhXUmwVXD5Fzsn-QQtHTbOc&im=1&cb=_cl1foz2uryuyiqh9yx3xye&nojs=0&abvar=0&febuild=1.0.179&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=955936907932160&eclog=0&sp=1&im=1 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122209803ddf5bce4d77b5683aeb6b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:22 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:22 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=bd42118a-0c6e-41c5-ab58-7dbdeb9c50ab&subid=357529620&sid=1546107667&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
0 B URL GET nereserv.com/in/dip?site=native-push&wl=1&event_id=bd42118a-0c6e-41c5-ab58-7dbdeb9c50ab&subid=357529620&sid=1546107667&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=bd42118a-0c6e-41c5-ab58-7dbdeb9c50ab&subid=357529620&sid=1546107667&spot_id=418774&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=90ead719-5dc8-428d-9d13-7fb291813a23
590 B URL static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=90ead719-5dc8-428d-9d13-7fb291813a23
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=90ead719-5dc8-428d-9d13-7fb291813a23 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:24 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=710d6316-c69e-4893-8807-de0e534d0208
590 B URL static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=710d6316-c69e-4893-8807-de0e534d0208
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=710d6316-c69e-4893-8807-de0e534d0208 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:24 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=69f808d5-d2a3-440c-9ed0-9ae9899b2003&subid=388464194&sid=809274173&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
0 B URL GET nereserv.com/in/dip?site=native-push&wl=1&event_id=69f808d5-d2a3-440c-9ed0-9ae9899b2003&subid=388464194&sid=809274173&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=69f808d5-d2a3-440c-9ed0-9ae9899b2003&subid=388464194&sid=809274173&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 27 kB URL GET HTTP/3 friendshipmale.com/sfp.js
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d4e2581e821712a17e0931d739533e28
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 02 Dec 2023 17:22:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEDj5zP%2BCCirnmXy7bBSDp1KqlYfhBbwfDeqyN7CJx1UobtGspr4zLs0Y7nXMKy2Rzu%2BzKIcWp8Praa7EuDrqIdyowd8wPZ1wrP9vgypNPIWGtXiWItgYIf8Z7jUIFp4FoZ%2FxL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f5403e684923ed-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
feegreep.xyz/5/6651944
26 kB IP
File type gzip compressed data, max speed, from Unix\012- data
Hash 139695a5bb22da4ffe8227c9143ce81b
b6ae0718281374f7c2bda0d473213b68ca7acb0a
cf7800bbf7f1679f289ab8897a34a510583fbaab80c6e0392e28138766472b3a
GET /5/6651944 HTTP/1.1
Host: feegreep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:28 GMT
content-type: application/javascript
x-trace-id: 290c0a3bc479d9392d0a0214cba9f0a1
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=1e682ab6b4364e06a8011bdb23eeb8e0; expires=Sun, 01 Dec 2024 17:22:28 GMT; path=/; secure; SameSite=None
oaidts=1701537748; expires=Sun, 01 Dec 2024 17:22:28 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
poop.media/theme_2/css/embed2.css
200 OK 2.2 kB URL GET HTTP/3 poop.media/theme_2/css/embed2.css
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type ASCII text, with no line terminators, ASCII text, with very long lines (2233), with no line terminators
Hash f5fb3ee7c6fb0e1251ea82a1e5aebcb2
206571f7be59d12b06d5dde5b031b1a0ef15cb0a
fa12669187e8ec4fbfab56c697b86f838717458b831e3784d60ab93b2f6248f3
GET /theme_2/css/embed2.css HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/hiOBgwnL7eg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=2267
etag: W/"653c4c47-8db"
expires: Sat, 02 Dec 2023 10:56:17 GMT
last-modified: Fri, 27 Oct 2023 23:48:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 35512
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5HbEvf8AwJk7AtYLNQg3O0W3%2FTAU3cKEMaJKeuIuor%2Fj8vtAaonp7%2BwJKjcRywdR88yXfpkmUC5UIOb2ylZ%2Fpw1kGG6Vd6M0uPBucFO%2FQS3EhNUSHFWuHJ4ylQVK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540354e6a56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp28e7bWl154AL9ANqo4lu8fV0ZPv2NOzw-fyRjYNq4xGdGqja-3NhVl2s9ejmuoCqz_v15dSA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436515256%3A1701537740319193&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp28e7bWl154AL9ANqo4lu8fV0ZPv2NOzw-fyRjYNq4xGdGqja-3NhVl2s9ejmuoCqz_v15dSA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436515256%3A1701537740319193&theme=glif
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp28e7bWl154AL9ANqo4lu8fV0ZPv2NOzw-fyRjYNq4xGdGqja-3NhVl2s9ejmuoCqz_v15dSA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436515256%3A1701537740319193&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-ZCbWOkbet9ocyLj_tdcQBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
200 OK 554 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
Size 554 kB (554094 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a5acf7798a958880f7151cff445d7d5e.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
etag: W/"6568599a-8746e"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:16 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
metrolagu.cam/jembud/xA80pfz5vAV
200 OK 229 B URL GET HTTP/2 metrolagu.cam/jembud/xA80pfz5vAV
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=b7N--n5a2Vw
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document, ASCII text, with no line terminators, ASCII text, with no line terminators
Hash 1d326e5ab514d5122a21a6bfe9e28fa0
77573261598d596f83ab76c4d8812ee0546407e0
9514c932cd5a73e28146879a2d8a573c36e18a1b2428ba3c9d5acc245c249c53
GET /jembud/xA80pfz5vAV HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
mp4skin.com/watch?v=b7N--n5a2Vw
200 OK 622 B URL POST HTTP/3 mp4skin.com/watch?v=b7N--n5a2Vw
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (661), with no line terminators
Hash da21e0d4efa33ee5eac2aa85ab26690f
4391b9f36d29a941d962bc3c150ee3d45ca949cb
8e82d0f83cac73148975b9b07a9edaad7620f567d68a1a0941ac385333f1d08e
POST /watch?v=b7N--n5a2Vw HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/xA80pfz5vAV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPqyIcvnmSA7lNmlHdv3gPiYPI3evUm2CSKu3YLpovKJR%2BQyld%2FrU6A1GJntYNJFB9ZVc21EKiSDTNt1Yjnr4TxUJDkDhMH%2FoK%2FumxpW6NOJfXU8JSndggTZ0XINnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f54036ad24b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
rollerstrayprawn.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 rollerstrayprawn.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectrollerstrayprawn.com
Fingerprint9E:74:D1:93:DF:47:C6:06:84:EA:02:9E:E8:F3:B5:CF:52:D3:9F:D0
ValidityTue, 28 Nov 2023 10:59:19 GMT - Mon, 26 Feb 2024 10:59:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: rollerstrayprawn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: u_pl=21379104; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:21 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
berlagu.com/download/Meltdown-Official-Video
200 OK 640 B URL POST HTTP/3 berlagu.com/download/Meltdown-Official-Video
IP
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerGoogle Trust Services LLC
Subjectberlagu.com
FingerprintE2:7A:A4:CA:1F:E3:C9:FB:E6:3E:C3:66:09:3E:55:34:E1:F2:C6:74
ValiditySun, 05 Nov 2023 13:17:56 GMT - Sat, 03 Feb 2024 13:17:55 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (679), with no line terminators
Hash 3d47628431b1f2160455a1fd82bbf212
cd273358d3f39e09da4630539186517c41d03c3a
2bfd91fcc25ad4f734bed4614c8cb5665e8ef1b9ce6d31324b975f3527f03fae
POST /download/Meltdown-Official-Video HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://berlagu.com
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/jembud/hNjKXEAgIuy
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BOPtt1RWf6uOtquLQjSGKpLB461YWlQt2IM9v1xUcod2lH2Ic2SfdzEHngN8F%2B78jpDXGXZhCVsdKfNEp891W2QtCecvK2%2FSq6mSxKsZP1WPzXmZwRtw4NSVNDPHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540368db75687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
nereserv.com/in/dip?site=native-push&wl=1&event_id=1301fd0e-5cd9-4df1-ab08-e1bcf8fbe57b&subid=388464194&sid=1120762550&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=1301fd0e-5cd9-4df1-ab08-e1bcf8fbe57b&subid=388464194&sid=1120762550&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=1301fd0e-5cd9-4df1-ab08-e1bcf8fbe57b&subid=388464194&sid=1120762550&spot_id=418776&created_at=2023-12-02&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.media
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:18 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
poop.media/d/hNjKXEAgIuy
200 OK 11 kB IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d/hNjKXEAgIuy HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 02 Dec 2023 16:15:30 GMT
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BWDuel2PMRFh6KMcMq81NB0NsCuu6cRH%2B3ym0ZIu1rmLErLDR%2Bbap57LoLm560LfXfUnvZzvhyC3Ot7a90gKfeeD1y5orzgXIX8XAamEYZ40u6qirEDtov1ALIA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBeqTicrG6Sh; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:12 GMT; HttpOnly
server: cloudflare
cf-ray: 82f5402c8841b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=aae26152-9409-47e2-a61c-1e586a8c9fdd
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=aae26152-9409-47e2-a61c-1e586a8c9fdd
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=aae26152-9409-47e2-a61c-1e586a8c9fdd HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=y-3n5wWbovTp8Lrk5pEtUAAMOtbcTZweimJhO70sJccKXbQtwB0zcMG01NSNd7QyTxg9unzOco2YOg6_T6lX1AXODqfAaBXfMY0jAJ00yvPqIYQWw4qUs_EXjxBDbQ2WkqaHAy0xO_HXJRp2o88Xd1nKk0fSwRdDtDrEYwkWrb8ILKex5A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,130,108,123,4,59,89,5,129,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=8ca8da94-1eea-419d-a67a-b16afdc32e42
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=y-3n5wWbovTp8Lrk5pEtUAAMOtbcTZweimJhO70sJccKXbQtwB0zcMG01NSNd7QyTxg9unzOco2YOg6_T6lX1AXODqfAaBXfMY0jAJ00yvPqIYQWw4qUs_EXjxBDbQ2WkqaHAy0xO_HXJRp2o88Xd1nKk0fSwRdDtDrEYwkWrb8ILKex5A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,130,108,123,4,59,89,5,129,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=8ca8da94-1eea-419d-a67a-b16afdc32e42
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FxA80pfz5vAV&refdom=poop.media&auction_time=1701537738&subid=388464194&sid=1210775973&tcid=0&ver=8.121.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.07746793763485&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FxA80pfz5vAV%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fpodefr.net%2Fb2%2Fl%2Fc%2Fredir%3Fcid%3D1%26did%3DU2N5S3I%26eid%3D722%26n%3Df6fa49e28569d5cb5af30910%26nid%3D1%26sid%3DTK9NQRKIlKj8CSPq5g0jEBwGlPyYzjXu3QHDaDxPuqIYH3pExcdD59%252BH5Pu97Wgo%252BAfx7vOhYUmUp%252FRSsEU%252FInTeCDz%252FLyOt99KmayoDjTn3bfvHnIYYoAHyiN2YeNZTKPJH7MH99df%252FPoraqXPzEeNchv9A%252BQc5%252FDBvQ4EJZFOHVeqCksi%252Bze2CuTA9q0wzwPk76mj8OZju9BHNiRVIVD%252Br0Pb3feGbu4fsA7ZDugxnSvfMH6JC6qFm0NwkL8mPINo5xTvzPJjjxtS7R2keM2KuLJLTKxCspXwSrkKwGNAwQdSZj20yqDAO482lsWPscHr11bDSOfP6XT24JepEyFh0%252B343zcgtF2yjLOYKBbXLouHs7fm7GJ848Q3NQbRDObsoIca5F1cm9%252FjVnvfi6nYepkfA%252BBcMjcjc74RNT%252FBkSHAlU6oBQoBtTCjzlWpkQepY3iel%252Fy6FNKJwDKKIjr%252Bq4DV9YT77qlrqMGei9dsOoHSv6Cc5DU2YGAQPym%252FHah8WFXyvS2Mxc0pQIcZamicqGWpuOkcBi9lnuKRSPMqaLM0Z1hULHY6Bkt2Gi88WJgqLRhAFSWtlbX2V%252FwVa8%252B0Fl596WZ%252FQtpE%252BMUtYvCQqaeUZvLubDCbcVMxMidSDfJiS9fA3qAyKeCPzcTzoOuum3LAyb%252BCjh%252F0pTh00q8XPqM83qvmxvYD6HfPqvELln9shRf5vPKUxuq%252B8tAj4NGwxKCJIahNiQy2hES60c92t6nSju5eLkLtk1HfaPfrXQLKC7VX6WLkEfgH%252BQdIs1ep81iUSbwVLF6k3%252Br8ugUJzQ7lYIVkGbsQyokd9VZJSXiTfjwp%252B%252B9x1e86uzsnt%252FqiCCveHJ286CatkRbmul4LRbYnBaGesKsPQ%252FoawLsedWLMVRn2Cur%252FfHKoEqA58%252BwY1tcUFDfToVswPpitsnkChVL%252BnpkicQSvTm%252FKUU12ll9qUBhCHBdXEvbI%252FnrWGHkNm5YNcAASpJRBMe81uY3WTHtt5yBoDnq1s5hU1RjesmqIjAi5PnwVSCcXbQSENVQ4PjkfJDBqhQMaKH5mjNErCfD2uD8B5wyg6g4pEAZEuUCPL1oa25zYA%252FwJz2jf1zA%252Ftl2UbFnIBtFMEDYbGvXkPjmkdZTBKAX3gf3NRoRl7OGUA6LXRuL4e9XPsUdjzCBqTAU9rOUoIiRuvvhQqzcF%252F3aQD1hiRnIp9hTF%252B0zBPQ0gSSVg9Oxwl5cR7mLmUIKnvZ53lYPZkwI91D3zgjlwAbpbZoeWoTkFCkcllmrbEDdJqYXSZnkTypIQOjoi1KVD3STsMn8Wq24b0N4XROOnRdezkp%252BuSPd1q0UYPqRVGdOB7PkBOKUet39Syn7GFPXibRfDdNis7Nnh%252Fe0K836lxIQ9NqMTuFv3Y6UAVa%252BJQhAIPvyYme%252BBb69Dh8cOIvbMRM1%252F3NLX4TR8cy7t%252B2GQv1lk6glzIQbc3JUJS0DamT67UTGJR8a%252FV6s6%252FXH3MD3DcAIwNbR4TJ%252B6KKz%252FzLvDaemxzET8QH13SsU7wvaVsdb4%252FC02ufswDKTCHtyQK65ke9WhIzVTom%252BdhPi06K3S1WibwkFZQgkSaA7%252BSQDEpijR6bZyI9Bc38266QeYP%252BjWTiEiBuHGXEooeqti4FayNnEDEEnAmSeIc5STkg%252FAVlv%252FOJ38pzlc6%252F%252BE5UYAL29yZ%252FZEuAcIUXI1Hg7yxm0EdNtZACFulQPfZ5efhKyvX7IdFCxsttZaFg1gBVuwrdV6AB0uF96komeHH3iMxTCdAkn6Iwp%252BGQICNrPn3w8rCZUcTRKT5oZMX3S9VT9iVNg%252Fqfn%252FZp%252FCJoeXZy6kRrpyQbThaajif9aG85wyL8oi%252B2J77y9WWTrRwVWpSjkbTFv4IIa5aDpZSDRAJse%252FFOwBg7U%252B9tuCSDwXE5UQihoHv3Fg3nonyAg0ZfhkVxqNWCNVD%252BCgHog8f0uPYDqPDgYgw5MT50cMB%252BVcl62R2xUzrGK8y79wUfCGpm2pK6zZmJ8j5uyKF4l69KbLS09bt55caMzB8gVOmsHXPtqSLQuJFCpIeGCXrX%252FwlbZT118knOXQpkvhcCazhxTcQs0AyyTtw18aq9JWCAcvujyx2%252FOQUgM2eUikbtkDVoKq0NBnd5ZpHwkfMeuRVNJfeUjYlqQRcMpXL641HhJtNgPbDNGoTDuMTi0CV%252FhVkrnVSpYUbY4UbsxZXVQKHdoR%252Bam9i4VymGXyUkT%252F8y4T9Rv5rbtlSfUPVjBvVSmV%252BKEH0o%252BgwPT46Xvkf1ib38DwtOF5mK9XU5Du61XZKxNjWLX3xwJ9ze3jXtbVw0AIJ4GRJQmuJjCL1E7c5T6EUCxSB3rZkJtnpEuhrVLw8vx1KrvbTlAvC0gJ3RsYWJ3oIeY%252FDcMySt0D1r9sfk4Yf%252FIBkTRsPFZiBP4o%26ssid%3D3298447862AFAZhyHq%26ts%3D1701537738%26ttl%3D14400%26v%3Dv5.8.7&icons=y-3n5wWbovTp8Lrk5pEtUAAMOtbcTZweimJhO70sJccKXbQtwB0zcMG01NSNd7QyTxg9unzOco2YOg6_T6lX1AXODqfAaBXfMY0jAJ00yvPqIYQWw4qUs_EXjxBDbQ2WkqaHAy0xO_HXJRp2o88Xd1nKk0fSwRdDtDrEYwkWrb8ILKex5A&ext_cid=0&px_id=31418776&min_cpm=0.08080860220034743&out_id=0&campaign_type=lq-pop&aid=61&cid=2883&uniq=&mid=6766454632487159629&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.15270286653155762&cpm=0&verify_hash=0c488f5351dfa993ee0e3b3dc1bed45a&is_native=2&real_bid=0.001763999&original_bid_usd=0.001763999&original_bid=0.001763999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,130,108,123,4,59,89,5,129,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1701559338&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001763999&hostname=auc-inpage-hz-0-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001763999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.08&cpa=8ca8da94-1eea-419d-a67a-b16afdc32e42 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
metrolagu.cam/watch?v=PCyN4TuzZ5M
200 OK 1.8 kB URL POST HTTP/2 metrolagu.cam/watch?v=PCyN4TuzZ5M
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://berlagu.com/download/Meltdown-Official-Video
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1874), with no line terminators
Hash 6eff816f05411ac8d2c2be0d9823c7c1
299f67ed37ef56734293c24c1fdcc2ce505150c0
ade3ba8329eb2a5d09ecbf1449eb2883fc5a53e981e51504a249b97e53572b4c
POST /watch?v=PCyN4TuzZ5M HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/hNjKXEAgIuy
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=ejfb4eutb23qrjq29gjh2gruq3; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2PvMkmUVm1upXxVW7RS9gd9CXHkExYIJYRFa6lyLurA9COegvSvjCtk_m8DGddRVg45GtIvA
302 Found 0 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2PvMkmUVm1upXxVW7RS9gd9CXHkExYIJYRFa6lyLurA9COegvSvjCtk_m8DGddRVg45GtIvA
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2PvMkmUVm1upXxVW7RS9gd9CXHkExYIJYRFa6lyLurA9COegvSvjCtk_m8DGddRVg45GtIvA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:J7JVTO1qupdwul7mPob_kOEfdE9XVQ:BfP-czVzQQCURqZL;Path=/;Expires=Mon, 01-Dec-2025 17:22:20 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp170TmtE9BLIz1Pknog00ZdGbuknSDSYXGulSMkVRBkQmGQzAncbiUvh0yL9ygpy6fkHcXn&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S84512219%3A1701537740241129&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-Up3Wq-oS4f1RaOcV7gnwUw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
poop.media/theme_2/css/style.css
200 OK 209 kB URL GET HTTP/3 poop.media/theme_2/css/style.css
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type ASCII text, with very long lines (65465)
Size 209 kB (209032 bytes)
Hash 040e80c238371d4172a34a4fb5b24fd3
92ccd50c595590d8b8a4b71275ed15ae25eb8120
b5d197171351e1ddaebb1bfe4f70c9103109d98395ff67c3aac7064ac474a22c
GET /theme_2/css/style.css HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/hiOBgwnL7eg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=259373
etag: W/"652211c2-3f52d"
expires: Sun, 03 Dec 2023 00:51:07 GMT
last-modified: Sun, 08 Oct 2023 02:19:46 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xlC9L0JC9ODiIaFT8J1EbZIdkfJ8BALEO7QI6X6EZZYEuOtf2lCS1vZ7Qmc2HTkAdEDGh2WjlGGWJh5k1aYN%2FY9P5yQwCxkNIOLRLBFGLpv9UZ%2Bg%2FPKMAA5WLLmq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540354e6756c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
200 OK 554 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
Size 554 kB (554094 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a5acf7798a958880f7151cff445d7d5e.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
etag: W/"6568599a-8746e"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:16 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp32L20Itay4ceZ8Io2uDWF7J5XP-ztn-QDaL-NBTI4LRxsh5fyvV10PpA1PGrtBdzBClwUPhA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S117486502%3A1701537740770860&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp32L20Itay4ceZ8Io2uDWF7J5XP-ztn-QDaL-NBTI4LRxsh5fyvV10PpA1PGrtBdzBClwUPhA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S117486502%3A1701537740770860&theme=glif
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp32L20Itay4ceZ8Io2uDWF7J5XP-ztn-QDaL-NBTI4LRxsh5fyvV10PpA1PGrtBdzBClwUPhA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S117486502%3A1701537740770860&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-EaVWDeW38br1Kbnyj9k_-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
metrolagu.cam/video?q=ice+cold+film
200 OK 1.8 kB URL POST HTTP/2 metrolagu.cam/video?q=ice+cold+film
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1873), with no line terminators
Hash ccfdb88ec936cb926115a7e88df8e268
2e42097fd3c17b43107effb0988ed8600d44244a
63b54d9787e9feb17d281b7f8710f35745246694fdd69a366cebedeaa0a72425
POST /video?q=ice+cold+film HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/eEPrsKwbEDX
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=gh540rcseqvp6lf4ckpqoe81qg; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=089dd4c783394e9cb071e7444f2501e5
200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?userId=089dd4c783394e9cb071e7444f2501e5
IP
Requested by https://mp4skin.com/watch?v=vGuJuW0bDWA
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash b106a176993ef2d9fde5e53b4ce048b8
db1469bf1894779d11601c2cbb922dd9d8166918
c707fdfb9c08c5b1a75d92fd367dfa9ab649557a6b80755ef1e5354efc930b07
GET /gid.js?userId=089dd4c783394e9cb071e7444f2501e5 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=089dd4c783394e9cb071e7444f2501e5; expires=Sun, 01 Dec 2024 17:22:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
poop.media/d/xA80pfz5vAV
200 OK 11 kB IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d/xA80pfz5vAV HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 02 Dec 2023 17:01:11 GMT
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCsIhFL7vlzgC9koPQqaG829DrLLHZ5PlD18NpFMWXhp4kMPzOz25l1w3udTX%2F3IvIlcK%2FtldDa5xNphjuok8LfMWtqGU%2Fow1G0PYaT2YTjhO0ORf7nv9eWGfrSI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBeqTicrG6Sh; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:12 GMT; HttpOnly
server: cloudflare
cf-ray: 82f5402c3ffcb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.doodcdn.co/snaps/ru6ydxa7t9ab54pt.jpg
200 OK 66 kB URL GET HTTP/2 img.doodcdn.co/snaps/ru6ydxa7t9ab54pt.jpg
IP
Requested by https://metrolagu.cam/video?q=Marion+Jola+Serious
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 8001x8000, segment length 16, progressive, precision 8, 720x405, components 3\012- data
Hash 237158b80db669189848143680b12974
e5ef702d375b96eaa7780943b58f24b24bf397c0
cac6d8fc43e610505ba447c61d457d30b861535cb52b59caaf6a728048f5bd48
GET /snaps/ru6ydxa7t9ab54pt.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: image/jpeg
content-length: 65930
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=68948
etag: "655de676-10d54"
expires: Sat, 16 Dec 2023 12:48:13 GMT
last-modified: Wed, 22 Nov 2023 11:31:02 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHQYzHkJpc0q%2Fivt2CcvgZAK8vN9fDniHxzuZO%2B%2BD7QOr%2FvkaF0ElGrwmrvZBW7V95m%2F8cJyfiCJ7O4zxY6aZDLj0tsRtDkp0cCfOoVXLX%2BgtI%2BmjEF8wIcAmj9wdDf9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82f540419e3ab50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
yu2be.com/embud/hiOBgwnL7eg
200 OK 230 B URL GET HTTP/2 yu2be.com/embud/hiOBgwnL7eg
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectwww.yu2be.com
Fingerprint8D:36:15:EF:E6:E5:71:F4:C8:8A:92:73:75:5C:99:FC:20:A4:5D:33
ValiditySun, 22 Oct 2023 23:10:41 GMT - Sat, 20 Jan 2024 23:10:40 GMT
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 312ba819c1a1f74c01a2aa306d148852
e94edd82ab4af381893a77d73c4dc0d6734f434a
37846894799496d4d101665c65656e33fc7f1a2541cf647d0ca287daef1d5796
GET /embud/hiOBgwnL7eg HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=6e17d6fe-c237-4c7d-a78b-5c2a8b53a623
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=6e17d6fe-c237-4c7d-a78b-5c2a8b53a623
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&st=0.09&cpa=6e17d6fe-c237-4c7d-a78b-5c2a8b53a623 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=YPxefVKBOXZXxsGJ1GbejBkVwxPfsj_AnpyoHDdt0oAvT_V1r4-da0oPxpOevmpotj-ZyU2XGeh5jMat2AHp55DMtV4RxyB_iTtuaYzE9-2HNo7JKGil-74dKYHlaHJFGfats7pzfbYEsdUT8z9iCsTKOYi4SsEwk8cF_CzPdt5H0-6x3g&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,27,129,130,5,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=9972561b-069f-4bf5-8aca-d896ec9e1221
200 OK 0 B URL GET HTTP/2 d834c8bfc5.e468aaeee7.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=YPxefVKBOXZXxsGJ1GbejBkVwxPfsj_AnpyoHDdt0oAvT_V1r4-da0oPxpOevmpotj-ZyU2XGeh5jMat2AHp55DMtV4RxyB_iTtuaYzE9-2HNo7JKGil-74dKYHlaHJFGfats7pzfbYEsdUT8z9iCsTKOYi4SsEwk8cF_CzPdt5H0-6x3g&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,27,129,130,5,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=9972561b-069f-4bf5-8aca-d896ec9e1221
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjecte468aaeee7.com
Fingerprint3B:06:B4:71:EE:50:A9:82:72:BC:54:2D:34:D4:0B:23:5F:5F:0E:69
ValidityWed, 29 Nov 2023 03:01:52 GMT - Tue, 27 Feb 2024 03:01:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3963&page=https%3A%2F%2Fpoop.media%2Fd%2FhiOBgwnL7eg&refdom=poop.media&auction_time=1701537737&subid=357529620&sid=2627075476&tcid=0&ver=8.121.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-02&iabcat=IAB25-3&keywords=&user_fp=7954532674765839967&score=78.75200738570763&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.media%252Fd%252FhiOBgwnL7eg%26idzone%3D0%26sid%3D1546&is_cpm=0&resp_type=&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&url=https%3A%2F%2Fs.viiqxpnb.com%2Fh%2F1411%2Fm26uuqov6b4vvofrqpji3lgjwktuk55ts27pf7eewj5hqgd2nj7hyeduafrcpjef4x6u4kquzm344u7mk2pi44wsgp24u6xiohfo5rxm2c27l2evnsbesp5iin43wn77qxxp6qebotio7wg2ppihfiwt3tk2tnfwt2egzwskktrea4i5ph6vu3e2ifyxkyqnujyhtidsjoleizgqjccy3sdmyjfzzjh5okjtlegw4pyudi3wm3poq4lrrbzybs53uzk2wsxsowcussngjnb7gv77ql266uotov2mantlinhwaql7lvyvwy34pbmegx3spvrh642kmqbh43dt45dxbf3ggdvh5ccuogzguvxmkvfmczdt7vhut5sn3c43v4cbjkyvms4yw7wtcyu4wj4wqs2ony2fuk5pnepyitpak6ple67dg6ikoq57iktyk2wionirwpqgpuhsowdcoivagr2upywtkktvi4yqik3mobqhoqiraeceeey5mbamu3ch4rjkfc7oot2uqxhljjk4jaqorbncl2l7jcqgajofunaka4vlz7aixz4ax3e3u3fijmucanqhencxo53lgyxqobq2dqprwcrwceqr4iy6emxcatydai5go2jyfzhcsxz6gexcoaa4ayexsrj3d5sbqibpgibggctpainqikjdbeqsmtrqla5w6jjwo5buyakqijfuynitfbmxedtcfv6vkqczpiwdk7tsci3am7l6g4rcclq4ayhugrsjmfch6xtvlrsx67ktj5oxuuquijiui2qdpfwxozlvizavkbchjjfwssl4lflodggiw3u3ruht7jlwbqvhxpweqgscq22hnj4vgurpn4476fgtnrwq772egammxt45yubaifiuspwvkrpekkyfaejaqxk5ba7r6osafmetiirilzdyitlakr4ixph6tvfwe4k7iju2her2kkxyov25wcb23vtfhlr5itkujjefmch5byhisdcywjovqp6agqgtuzriiqmf4h2gnriex3irxjja%3D%3D%3D%3D%3Fu%3D&icons=YPxefVKBOXZXxsGJ1GbejBkVwxPfsj_AnpyoHDdt0oAvT_V1r4-da0oPxpOevmpotj-ZyU2XGeh5jMat2AHp55DMtV4RxyB_iTtuaYzE9-2HNo7JKGil-74dKYHlaHJFGfats7pzfbYEsdUT8z9iCsTKOYi4SsEwk8cF_CzPdt5H0-6x3g&ext_cid=0&px_id=53418774&min_cpm=0.03462614833213589&out_id=0&campaign_type=lq-pop&aid=412&cid=14080&uniq=&mid=5994754765502112214&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.04730868560733302&cpm=0&verify_hash=4dfdacc4db2cda15c7897ab40e6ec111&is_native=2&real_bid=0.0012753971330167284&original_bid_usd=0.001385999941859395&original_bid=0.001385999941859395&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,27,129,130,5,108,0&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1701624137&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&site=native-push-adult&price=0.001385999941859395&hostname=auc-inpage-hz-3-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001385999941859395&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-embed&mlf=1&st=0.08&cpa=9972561b-069f-4bf5-8aca-d896ec9e1221 HTTP/1.1
Host: d834c8bfc5.e468aaeee7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 02 Dec 2023 17:22:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
metrolagu.cam/video?q=dj+titkok+terbaru+2023
200 OK 1.8 kB URL POST HTTP/2 metrolagu.cam/video?q=dj+titkok+terbaru+2023
IP
ASN #39674 Yorkshire Tech Limited
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectwww.metrolagu.cam
Fingerprint8F:F8:78:D5:70:26:5D:B1:BA:6A:FD:EF:E0:2E:C9:F0:1B:3B:9A:97
ValiditySun, 22 Oct 2023 23:11:09 GMT - Sat, 20 Jan 2024 23:11:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1882), with no line terminators
Hash 31ef531c5ea847ce868da858b55899ce
f412c6df335f98429bf5e05fa8045b8e3b3f71d5
9ad4533b60158e293c45609f35c70529d31ed053bbc26d2b9c3069ae4a70b307
POST /video?q=dj+titkok+terbaru+2023 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/hiOBgwnL7eg
Cookie: PHPSESSID=70oasvv50kivgsm5qfpe36u0a5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clxcjlpvttlcuq2hom638q&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1&frq=0
4.2 kB URL GET gmxvmvptfm.com/get/2004667?zoneid=2004667&jp=_clxcjlpvttlcuq2hom638q&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1&frq=0
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint14:D3:45:CB:D6:04:24:B4:40:49:4E:38:1B:23:CD:D2:47:9A:0D:FD
ValiditySun, 29 Oct 2023 21:18:37 GMT - Thu, 25 Apr 2024 21:59:00 GMT
File type ASCII text, with very long lines (4566), with no line terminators
Hash 3baae43469f972351743d75457cd8949
e9ece4746b108fc04f6bbdbf749d992a523aa50d
dbfd20299c282507791193c52604412285e7f4fb47e09f8f2253a094c5d7d75a
GET /get/2004667?zoneid=2004667&jp=_clxcjlpvttlcuq2hom638q&nojs=0&abvar=428&febuild=0b10927d5d9639b773994e360a0ef769d8d93687&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1204&y=677&md=0&afid=3207736721581056&eclog=0&sp=1&im=1&frq=0 HTTP/1.1
Host: gmxvmvptfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Cookie: CHCK=1; UID=231202122216c5f70e8a8546a49ada10683d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Sat, 04 Jan 2025 17:22:21 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
meenetiy.com/?rb=rkHMExqK8iAbZi5FPvylIZfrn6Yg7HkzfLgMiWBk6ivyt3YzUsrF88GWZH6z-v6XDf3an5bNL-ybhilb4w3ZjRU2uws3Li7-B_UeZezknX_iIdB5wvirrIzYuP0ozKBvv4yyGAaosWdDRKKiFs0ar5TmaIv9mfEVsQj1GEed1-LF3y9YlpcJNYt8pTXNKNv64nI7mPZcRByaokS200_mgk0PGYx78xzZ0P6YHA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3DvGuJuW0bDWA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FZqncwCsCIXV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=089dd4c783394e9cb071e7444f2501e5&m=link
200 OK 1.9 kB URL GET HTTP/2 meenetiy.com/?rb=rkHMExqK8iAbZi5FPvylIZfrn6Yg7HkzfLgMiWBk6ivyt3YzUsrF88GWZH6z-v6XDf3an5bNL-ybhilb4w3ZjRU2uws3Li7-B_UeZezknX_iIdB5wvirrIzYuP0ozKBvv4yyGAaosWdDRKKiFs0ar5TmaIv9mfEVsQj1GEed1-LF3y9YlpcJNYt8pTXNKNv64nI7mPZcRByaokS200_mgk0PGYx78xzZ0P6YHA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3DvGuJuW0bDWA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FZqncwCsCIXV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=089dd4c783394e9cb071e7444f2501e5&m=link
IP
Requested by https://mp4skin.com/watch?v=vGuJuW0bDWA
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
FingerprintB0:78:1E:CD:78:69:2F:27:B1:FE:A6:02:07:CB:4F:DC:7B:D2:7F:B5
ValidityMon, 20 Nov 2023 05:28:05 GMT - Sun, 18 Feb 2024 05:28:04 GMT
File type troff or preprocessor input, ASCII text, with very long lines (1886), with no line terminators
Hash 062515104725e003215ca1c5c1c2dcdd
752e27bee0d95e7f41c2366f10596b49599631fe
5bc1869239754b7c55a018217c3127496d5006824e06c1488b3b27286cf01945
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?rb=rkHMExqK8iAbZi5FPvylIZfrn6Yg7HkzfLgMiWBk6ivyt3YzUsrF88GWZH6z-v6XDf3an5bNL-ybhilb4w3ZjRU2uws3Li7-B_UeZezknX_iIdB5wvirrIzYuP0ozKBvv4yyGAaosWdDRKKiFs0ar5TmaIv9mfEVsQj1GEed1-LF3y9YlpcJNYt8pTXNKNv64nI7mPZcRByaokS200_mgk0PGYx78xzZ0P6YHA%3D%3D&request_ab2=0&zoneid=6678850&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1110&wih=624&wiw=1110&wfc=5&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3Fv%3DvGuJuW0bDWA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2FZqncwCsCIXV&np=1&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=c9585499-9054-44c8-b169-00edb0056d8c&userId=089dd4c783394e9cb071e7444f2501e5&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=a49f3add9aed414aab455c2c74ce8141; oaidts=1701537734
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/json
x-trace-id: cfec987d26e53d18381a5f57f6c1b507
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=089dd4c783394e9cb071e7444f2501e5; expires=Sun, 01 Dec 2024 17:22:15 GMT; path=/; secure; SameSite=None
oaidts=1701537735; expires=Sun, 01 Dec 2024 17:22:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 09 Dec 2023 17:22:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
mp4skin.com/watch?v=Ay04zDYuaZA
200 OK 622 B URL POST HTTP/3 mp4skin.com/watch?v=Ay04zDYuaZA
IP
Requested by https://poop.media/d/eEPrsKwbEDX
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (661), with no line terminators
Hash 8014d96ed337920f3197b5213e619f60
3e5024c078e2948ad4a42fbf20a2b018e388be15
d04337653f65d0b836477627e27e85c295a57d670cc8a63c8ef988bc821fe729
POST /watch?v=Ay04zDYuaZA HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/eEPrsKwbEDX
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upLrk%2BWN%2F2eoJu4qkOke5OC5qiGexZEQ%2F1usj3Hysoi8XSI6%2FOUatzc%2F1s4t8W%2Be8Jjs9TAjc044ERJfslym4mCfOJ2tpdYQ3Y%2FTqCxd10MSLxlwW1ZSFHkenixhYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f540368cfcb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
mp4skin.com/embud/xA80pfz5vAV
200 OK 230 B URL GET HTTP/2 mp4skin.com/embud/xA80pfz5vAV
IP
Requested by https://poop.media/d/xA80pfz5vAV
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 6dd4886f82f3db044ce252b8eb7b830f
7a2f1810930005d5df9d199772a5d59548a500a2
17b932e092a7c90a766e0a79a1fdf5f5f566cde2592ae6a15c7cac969ad99245
GET /embud/xA80pfz5vAV HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAd0G3aG%2FCCfjZOcHejhqr2SPqUfqcH1IfwkMtJBF8uyBHO1IsH3PcAZ%2F91Py%2FAmuxsvjBfCctsnWDFfffjJcrTVJEtbb5OpeReC0mY2xRuKb2hL%2BUNXqCPSSIhw7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f9fc956c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
200 OK 554 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/hNjKXEAgIuy
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
Size 554 kB (554094 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a5acf7798a958880f7151cff445d7d5e.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
etag: W/"6568599a-8746e"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:16 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1ohWGRNnYz0tvroDxv64m5AFcGKu-roUxApbNMHIzo_zDxqjD6Qfsll3Dh1zCkzt9jGUkmEw
302 Found 0 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1ohWGRNnYz0tvroDxv64m5AFcGKu-roUxApbNMHIzo_zDxqjD6Qfsll3Dh1zCkzt9jGUkmEw
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1ohWGRNnYz0tvroDxv64m5AFcGKu-roUxApbNMHIzo_zDxqjD6Qfsll3Dh1zCkzt9jGUkmEw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Fcf_UriSADb-PeVQCGZfGY01WT6YjQ:kk-Pq-bQplE0Vt-w;Path=/;Expires=Mon, 01-Dec-2025 17:22:20 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YUxxr8DtADcvyPZ4Iz5pJhG4r3XsuT5GZeU6EhDcR6UF3hHWonuflFMCP1mJeVvnntbLoBw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436401081%3A1701537740670728&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-ba2V56eYeq8uvcPQV2cHUA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
200 OK 554 kB URL GET HTTP/2 dbd390fc66.7df3f71dc4.com/a5acf7798a958880f7151cff445d7d5e.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectdbd390fc66.7df3f71dc4.com
Fingerprint58:C5:6D:91:3E:EE:AA:F0:11:56:6E:10:48:EA:36:1E:5E:A4:67:51
ValidityWed, 29 Nov 2023 02:20:47 GMT - Tue, 27 Feb 2024 02:20:46 GMT
Size 554 kB (554094 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a5acf7798a958880f7151cff445d7d5e.js HTTP/1.1
Host: dbd390fc66.7df3f71dc4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:16 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
etag: W/"6568599a-8746e"
content-encoding: gzip
expires: Sat, 02 Dec 2023 17:27:16 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
yu2be.com/embed.css
200 OK 1.1 kB IP
ASN #39674 Yorkshire Tech Limited
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectwww.yu2be.com
Fingerprint8D:36:15:EF:E6:E5:71:F4:C8:8A:92:73:75:5C:99:FC:20:A4:5D:33
ValiditySun, 22 Oct 2023 23:10:41 GMT - Sat, 20 Jan 2024 23:10:40 GMT
File type ASCII text, with very long lines (1145), with no line terminators
Hash 69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
vary: Accept-Encoding
etag: W/"655e96c3-446"
expires: Sun, 03 Dec 2023 05:22:15 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
poop.media/d/hiOBgwnL7eg
200 OK 10 kB IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6442)
Hash ee51757b2817a6ec3a83f852107acdc4
ba7e75b8ab83fab68d368862bcd802a374422d65
88b01c4247133fd542144f94942cb18b9cc1646f60cb6c4b0c10dfa04db40d57
GET /d/hiOBgwnL7eg HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 02 Dec 2023 16:15:39 GMT
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzwWRyhwdPH8%2Fxs334Fz2RJASOFT0lDmh4XxMZWZU6xZKXTrnEPkmdGo6V1aj0aXSTif5JZq04Ki0%2FNJbtJGsuXrMWWPQrLBChpFGqxyKvi9VDvPGCs4FvFBSLmP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBeqTicrG6Sh; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:13 GMT; HttpOnly
server: cloudflare
cf-ray: 82f5402c8834b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=a49f3add9aed414aab455c2c74ce8141
200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?userId=a49f3add9aed414aab455c2c74ce8141
IP
Requested by https://mp4skin.com/watch?v=Ay04zDYuaZA
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 6146333d1c03c4050cd1661b8ffb35e0
75bcc9478bf243810c007d2855266ef856cc9b79
ae2ebfb840e640ebcd33f00d1a84d3a70dbad217e10d6284a1861223a38069ce
GET /gid.js?userId=a49f3add9aed414aab455c2c74ce8141 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a49f3add9aed414aab455c2c74ce8141; expires=Sun, 01 Dec 2024 17:22:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
poop.media/d/eEPrsKwbEDX
200 OK 11 kB IP
Requested by https://cabenakal.site/video/351
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d/eEPrsKwbEDX HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 02 Dec 2023 16:45:26 GMT
cache-control: max-age=3600
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qM4UitrlDdRkk1kONsGK%2BVb4iQmLBKUnE8%2BRg6geNg%2BUsqb8kjI6OPaig2lqwheQPKH%2FywvNOCMMnxkEKn%2B7IVaQqFBLBN98LO%2Ft4Rw5mgne%2BfSG0%2FkinujBT3xl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28w21ChKKvtivqd6K1t9LDfUwXsR6rBeqTicrG6Sh; SameSite=Lax; path=/; expires=Sat, 02-Dec-23 17:52:12 GMT; HttpOnly
server: cloudflare
cf-ray: 82f5402c8843b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
uxomkmfbkurnwx.xyz/
0 B IP
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectuxomkmfbkurnwx.xyz
Fingerprint09:C4:2E:7E:79:CF:46:73:7A:05:97:2A:74:BD:36:D2:AC:2A:95:46
ValidityFri, 01 Dec 2023 11:18:19 GMT - Thu, 29 Feb 2024 11:18:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: uxomkmfbkurnwx.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:26 GMT
content-type: text/html
x-trace-id: e5f48dadd00a2361e3c5c9f410629376
vary: Accept-Encoding, Origin
access-control-allow-origin: https://yu2be.com
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
timing-allow-origin: *
x-application-key: 6iia9vzsTo23Wq21qdbev9sg
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
poop.media/theme_2/css/style.css
200 OK 209 kB URL GET HTTP/3 poop.media/theme_2/css/style.css
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerLet's Encrypt
Subjectpoop.media
Fingerprint10:B5:A9:08:65:F3:37:32:61:F6:C6:0B:78:76:29:6D:B8:84:97:66
ValidityMon, 20 Nov 2023 06:08:41 GMT - Sun, 18 Feb 2024 06:08:40 GMT
File type ASCII text, with very long lines (65465)
Size 209 kB (209032 bytes)
Hash 040e80c238371d4172a34a4fb5b24fd3
92ccd50c595590d8b8a4b71275ed15ae25eb8120
b5d197171351e1ddaebb1bfe4f70c9103109d98395ff67c3aac7064ac474a22c
GET /theme_2/css/style.css HTTP/1.1
Host: poop.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/d/ZqncwCsCIXV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:12 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=259373
etag: W/"652211c2-3f52d"
expires: Sun, 03 Dec 2023 00:51:07 GMT
last-modified: Sun, 08 Oct 2023 02:19:46 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3VtT5hVujeLfaFVQz012kYBNsoKLZoJZ5snVUXO22x%2BEWShecs7Na6sZF9cE9ZjStnDTQOT1MArRfz0lXDeL2jHV8KZNu85Vg8dcHosJx%2F6J759GfTJ9T6zM1RC6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f5402f1f1556c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
accordancespotted.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
200 OK 43 kB URL GET HTTP/1.1 accordancespotted.com/35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectaccordancespotted.com
FingerprintD8:3A:F2:F4:A3:CF:57:5C:BB:EF:B6:7D:9B:80:F2:A0:8B:81:BB:AA
ValidityTue, 28 Nov 2023 10:41:23 GMT - Mon, 26 Feb 2024 10:41:22 GMT
File type ASCII text, with very long lines (42797), with no line terminators
Hash 6621b3f8a7b55f9c0752461855f2567d
d1530648e3a198747d6519d677efb506db34256c
5c757535a8952f41e19529c6ed13a08e01f70a6db1c88da5d1adde6336b65673
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /35/88/e7/3588e7c3f5b48aac06ae83e5126f8dcc.js HTTP/1.1
Host: accordancespotted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 02 Dec 2023 17:22:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7468bc48f6a3412a3c0b68a90f96a540
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mordoops.com/tag.min.js
0 B IP
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=db0377ff-7e12-412e-a58e-c69360a13a80
200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=db0377ff-7e12-412e-a58e-c69360a13a80
IP
ASN #24940 Hetzner Online GmbH
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-embed&mlf=1&mlc=1&st=0.08&cpa=db0377ff-7e12-412e-a58e-c69360a13a80 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.media/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Sat, 02 Dec 2023 17:22:19 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2etQ8XnrNmJucCit0FskQ-00d70VMuyCVRCAdeTf_g7ceOosUWlMn3ND1w7eAzVkwLd49n
302 Found 0 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2etQ8XnrNmJucCit0FskQ-00d70VMuyCVRCAdeTf_g7ceOosUWlMn3ND1w7eAzVkwLd49n
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp2etQ8XnrNmJucCit0FskQ-00d70VMuyCVRCAdeTf_g7ceOosUWlMn3ND1w7eAzVkwLd49n HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:8j-vxZrQvdbyLO9D1ZsFvPgvEtA-2Q:prM9PfdGrjv1wdxz;Path=/;Expires=Mon, 01-Dec-2025 17:22:20 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp32L20Itay4ceZ8Io2uDWF7J5XP-ztn-QDaL-NBTI4LRxsh5fyvV10PpA1PGrtBdzBClwUPhA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S117486502%3A1701537740770860&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-ziQSZZhHSayTaAFGZ8pTlg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
my.rtmark.net/gid.js?userId=1e682ab6b4364e06a8011bdb23eeb8e0
200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?userId=1e682ab6b4364e06a8011bdb23eeb8e0
IP
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 6146333d1c03c4050cd1661b8ffb35e0
75bcc9478bf243810c007d2855266ef856cc9b79
ae2ebfb840e640ebcd33f00d1a84d3a70dbad217e10d6284a1861223a38069ce
GET /gid.js?userId=1e682ab6b4364e06a8011bdb23eeb8e0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Cookie: ID=a49f3add9aed414aab455c2c74ce8141
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 17:22:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a49f3add9aed414aab455c2c74ce8141; expires=Sun, 01 Dec 2024 17:22:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YUxxr8DtADcvyPZ4Iz5pJhG4r3XsuT5GZeU6EhDcR6UF3hHWonuflFMCP1mJeVvnntbLoBw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436401081%3A1701537740670728&theme=glif
403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YUxxr8DtADcvyPZ4Iz5pJhG4r3XsuT5GZeU6EhDcR6UF3hHWonuflFMCP1mJeVvnntbLoBw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436401081%3A1701537740670728&theme=glif
IP
Requested by https://poop.media/d/hiOBgwnL7eg
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1YUxxr8DtADcvyPZ4Iz5pJhG4r3XsuT5GZeU6EhDcR6UF3hHWonuflFMCP1mJeVvnntbLoBw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S436401081%3A1701537740670728&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 02 Dec 2023 17:22:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-54qyi5pepQP0S99ea8m45Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mp4skin.com/watch?v=vGuJuW0bDWA
200 OK 622 B URL POST HTTP/3 mp4skin.com/watch?v=vGuJuW0bDWA
IP
Requested by https://poop.media/d/ZqncwCsCIXV
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint8D:7A:52:68:44:2D:43:E5:96:16:A7:C1:19:F2:31:23:E9:34:2A:A0
ValiditySat, 04 Nov 2023 22:36:47 GMT - Fri, 02 Feb 2024 22:36:46 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (661), with no line terminators
Hash 6bebd2a5e2c2f8c9c612612986871abd
caa80afeac4063595a51ba5f9996821a9bb09989
5227d06f4bc21ae3db61950359ee480796548a468a2b368fcc033101ad6778fd
POST /watch?v=vGuJuW0bDWA HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/ZqncwCsCIXV
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 02 Dec 2023 17:22:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byEcxl9L9YF%2B8yGirXHs2SVW1%2FXfG4xMVVdzHhiu3EHDZQdaiwaAVwuFDQRl%2Byc8b95gn6egkfJkagmWEtPHXjAYE6WeysGSFUBYl5qfjWSgN2Kfm5oj4OhqkUcQ1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82f54035fc5ab4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
mordoops.com/5/6651943/?oo=1&aab=1
0 B URL GET mordoops.com/5/6651943/?oo=1&aab=1
IP
Requested by https://yu2be.com/watch?v=ZyY71Ps5xRk
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
198.252.101.215
104.26.7.74
157.90.84.246
46.250.238.76
0.0.0.0
188.114.97.1
109.200.199.111
212.117.190.201
0.0.0.0