Report - poop.com.co/e/KDa14UPRWEk

Report Overview

Submitted URL
poop.com.co/e/KDa14UPRWEk
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 06:56:42
Access
public
Website Title
Ayu Nganjuk 06 - NinaBobo - PoopHD
Final URL
poop.com.co/e/KDa14UPRWEk
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
poop.com.co	unknown	2024-02-11	2024-02-11	2024-04-18	1.6 kB	43 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	418 B	102 kB	142.250.74.168
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-03	1.8 kB	3.0 kB	45.133.44.24
mp4skin.com	unknown	2023-05-01	2023-05-11	2024-02-24	1.6 kB	3.5 kB	172.67.154.189
img.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-05-02	894 B	20 kB	104.26.6.74
3fb4026cec.ffbd26c481.com	unknown	unknown	No data	No data	819 B	320 B	45.133.44.53
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-03	457 B	29 kB	104.17.24.14
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-02	1.8 kB	7.2 kB	74.125.131.84
imgsdn.com	unknown	2024-02-12	2024-02-12	2024-05-03	2.0 kB	366 B	138.201.194.90
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-03	408 B	96 kB	151.101.194.137
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-03	1.2 kB	640 B	167.235.163.216
fikedaquabib.com	unknown	2023-04-17	2023-04-17	2024-04-14	409 B	1.5 kB	23.109.170.67
meenetiy.com	unknown	2023-01-04	2023-01-04	2024-03-14	2.2 kB	52 kB	139.45.197.245
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-04-15	2.9 kB	23 kB	188.114.96.1
img.vmmcdn.com	36292	2019-11-26	2019-11-26	2024-05-02	1.6 kB	49 kB	46.4.121.113
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-03	523 B	1.6 kB	172.67.174.51
da7b22a400.13199960a1.com	unknown	unknown	No data	No data	2.7 kB	1.2 MB	45.133.44.53
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-03	1.0 kB	808 B	157.90.84.242
5d39fe7c75.2ac4fce9b8.com	unknown	unknown	No data	No data	16 kB	12 kB	168.119.25.102
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-03	415 B	740 B	139.45.195.8
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-02	474 B	5.5 kB	94.130.197.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	ffbd26c481.com	Sinkholed
2024-05-04	medium	fikedaquabib.com	Sinkholed
2024-05-04	medium	meenetiy.com	Sinkholed
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	meenetiy.com	Sinkholed
2024-05-04	medium	13199960a1.com	Sinkholed
2024-05-04	medium	meenetiy.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	poop.com.co/e/KDa14UPRWEk	71 B	2024-02-17	2024-05-10
Pretty URL poop.com.co/e/KDa14UPRWEk IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:42 Last Seen2024-05-10 22:02:24 Times Seen13 Hash 7f501cacc01b5e0f71c3ce73f9c93698 5297dc82a372e9d77137d0ed5a67363da8f9855d 86c4bac97553510c47acc6e915f1738e3bb40f919350dd8f76ea216e84e90b16 Loading...

	poop.com.co/e/KDa14UPRWEk	6.4 kB	2023-10-24	2024-05-11
Pretty URL poop.com.co/e/KDa14UPRWEk IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38:45 Last Seen2024-05-11 00:50:07 Times Seen88 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js	470 kB	2024-04-19	2024-05-12
Pretty URL da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 15:52:52 Last Seen2024-05-12 12:48:12 Times Seen46 Hash cacb84104ff1b8352e0ee8c801a29ef4 393c74e933ff2a417ca50df17347793a36c86055 0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77 Loading...

	meenetiy.com/5/6678850	90 kB	2024-05-04	2024-05-04
Pretty URL meenetiy.com/5/6678850 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 08:56:49 Last Seen2024-05-04 15:05:25 Times Seen2 Hash 2d8558b33241716a6e44648b0bafd06e e013783c5e177cf5728d9debdc473858864f8e25 b79e368fe1a5fa395543a602a57b4da23011b34cbe0732aab27e4bd2aa9ee192 Loading...

	metrolagu.cam/adus.js	532 B	2023-12-26	2024-05-11
Pretty URL metrolagu.cam/adus.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-26 23:58:07 Last Seen2024-05-11 06:28:33 Times Seen59 Hash 7a2d2561eaf88d82195fe34370371250 c17411a06bb47553493e3f8363304bdfe7a4e56d edd026699ef3c73fff84b39eb624af3bcb6d5732513ceef2ef1c36068e311eea Loading...

	poop.com.co/e/KDa14UPRWEk	1.9 kB	2024-05-04	2024-05-04
Pretty URL poop.com.co/e/KDa14UPRWEk IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 08:56:49 Last Seen2024-05-04 08:56:49 Times Seen1 Hash c0a40c709e63dfe85ce1ca9198d72877 2773f985c0d66ecb8fb660876422861e6a5dc7dc e4e3faa59491675f655ed488df1791602d07e50505bb390f6662dffc437c9315 Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	306 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 08:56:49 Last Seen2024-05-04 08:56:49 Times Seen2 Hash 57ce5dff4903ba807ccdaca6c12ca35c 888aab8f64d97bc59596f0356b17afe2aa345988 d0021c44fcb4098a5db42728f0e837789de280d923d1448e0abaaadb4eec2935 Loading...

	da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js	168 kB	2024-04-27	2024-05-13
Pretty URL da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:40:27 Last Seen2024-05-13 09:50:11 Times Seen47 Hash cf49249e73efabedaf345f1fc2937285 5ef768ef2b81110762fcf31b5846daf3b56ab70c 75791ea71263cfaa3d74ece2b2a552c503ab39091bdcaccfda2d6f69fe77a7b9 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-22
Pretty URL storage.multstorage.com/log/count.html IP 172.67.174.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-22 03:39:40 Times Seen5730 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	metrolagu.cam/watch?v=ZyY71Ps5xRk	0 B	2023-03-07	2024-05-22
Pretty URL metrolagu.cam/watch?v=ZyY71Ps5xRk IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-22 06:53:36 Times Seen37939957 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	code.jquery.com/jquery-latest.min.js	96 kB	2023-03-07	2024-05-22
Pretty URL code.jquery.com/jquery-latest.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-22 06:52:24 Times Seen48319 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js	97 kB	2024-04-18	2024-05-07
Pretty URL da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:57:28 Last Seen2024-05-07 05:08:18 Times Seen497 Hash 78b4de711a43c2a7b7e06da3d25cc4ab a5fdc5739214b95d24fffd2600ee204eb75db415 97a18ee59823abe90c1e22b83e292d5ac33da2cdb3555372abd7a7f9989c1ea2 Loading...

	poop.com.co/e/KDa14UPRWEk	153 B	2024-02-17	2024-05-11
Pretty URL poop.com.co/e/KDa14UPRWEk IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:43 Last Seen2024-05-11 00:50:08 Times Seen37 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

	da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js	109 kB	2024-04-24	2024-05-07
Pretty URL da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:00:34 Last Seen2024-05-07 11:41:50 Times Seen663 Hash 41230c1446cb19310867b6c3e10f8bec f600745dccd0143bbd1d83d44bd776c74f69866b 713bc0015ac5ef37f48ad9f49aa4521912b705cf01bf19409f98235b28d41dfe Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-22 06:53:35 Times Seen146305 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	fikedaquabib.com/rotaInGRWQGA24/64343	0 B	2023-03-07	2024-05-22
Pretty URL fikedaquabib.com/rotaInGRWQGA24/64343 IP 23.109.170.67 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-22 06:53:36 Times Seen37939957 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (55)

URL IP Response Size

poop.com.co/e/KDa14UPRWEk

188.114.97.1

200 OK

37 kB

URL User Request GET HTTP/2
poop.com.co/e/KDa14UPRWEk
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
JavaScript source, ASCII text, with very long lines (6442)
Size
37 kB (37380 bytes)
Hash
fdf85d8dd1e162b84b0c4b08be89a26c
c9487a1e2cb630cfeac50be489d9067895a36972
06e6bd8c58231de64133fa87db41be2c929ee3cea507e4c98565653a6d9bec28

HTTP Headers

GET /e/KDa14UPRWEk HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=43200
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 06:56:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XDoA%2F2D47dUoRK1apSZB6x4eswYu4hXcZZ5Tyz17yL2BQwx%2FyTHKz42NVMVjb65w9FEsjvmxxzQuFlfvf%2BlBOfB%2FTOKK8JvlTelrgI6C1eYJ9T1bH%2F2oXkwZObDIYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e696f8ba6ab4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.doodcdn.co/snaps/4pvds8tqd9q8e4yi.jpg

104.26.6.74

200 OK

9.2 kB

URL GET HTTP/2
img.doodcdn.co/snaps/4pvds8tqd9q8e4yi.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 424x240, components 3
Size
9.2 kB (9190 bytes)
Hash
90babf00f1c157a35aef65aea35ac2e0
a9ef3b9886c9c880a9e4ea4acf9a1f19888054cc
98eecc15a41f36d55762320cf920e3cca628fc5bd0eb30b5dd855fc0c8bc45c8

HTTP Headers

GET /snaps/4pvds8tqd9q8e4yi.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:14 GMT
content-type: image/jpeg
content-length: 9190
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9337
etag: "64fb0a5d-2479"
expires: Sat, 18 May 2024 05:22:01 GMT
last-modified: Fri, 08 Sep 2023 11:49:49 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=et8ViIcAgecqb1iafBR46kMGeINhLZnsuy7348UoG36tJm9DK3THN3qn8EUvhfbCvyLCcco2%2Buq9N62EuE6l507xdICd8EmC0h2EuOws95PSpFKlDewMR6PljRhAp%2Fkj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e696fc4f5a0b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (101716 bytes)
Hash
57ce5dff4903ba807ccdaca6c12ca35c
888aab8f64d97bc59596f0356b17afe2aa345988
d0021c44fcb4098a5db42728f0e837789de280d923d1448e0abaaadb4eec2935

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 06:56:14 GMT
expires: Sat, 04 May 2024 06:56:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101716
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

poop.com.co/apple-touch-icon.png

188.114.97.1

200 OK

2.8 kB

URL GET HTTP/3
poop.com.co/apple-touch-icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/e/KDa14UPRWEk
Cookie: _ga_RRBBHD087X=GS1.1.1714805775.1.0.1714805775.0.0.0; _ga=GA1.1.651756065.1714805775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: image/png
content-length: 2766
last-modified: Mon, 25 Dec 2023 21:07:41 GMT
etag: "6589ef1d-ace"
expires: Sun, 02 Jun 2024 16:26:07 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 52208
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVOQxqftwjEs0j1ID%2BMKxqk3WtSJUhcCOpeCZxdiJ121M1pazumtcNF1OghgX8pmAOIhPUb1VPMR2b%2Bh02FGB7rEU%2FoFvfwdb%2FHBpfXxLEsQQ9Bek8qmUuJpnIVKMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e696ff4a0b5699-OSL
alt-svc: h3=":443"; ma=86400

poop.com.co/favicon-16x16.png

188.114.97.1

200 OK

612 B

URL GET HTTP/3
poop.com.co/favicon-16x16.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/e/KDa14UPRWEk
Cookie: _ga_RRBBHD087X=GS1.1.1714805775.1.0.1714805775.0.0.0; _ga=GA1.1.651756065.1714805775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: image/png
content-length: 612
last-modified: Sun, 11 Feb 2024 12:12:37 GMT
etag: "65c8b9b5-264"
expires: Sat, 01 Jun 2024 07:06:39 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 172176
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjGcqC4xMqEZ2AsXqxctdqJsb4ITJ7AhjAShLQdTWZG%2BBt0Cb6x1MDMGPjdbYAwKCEhpuSZNWvP3WLpKx55m3mG1eUEbskXiDQIkTVE87TfbnvoK%2B3RKihDxNv0u2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e696ff4a0d5699-OSL
alt-svc: h3=":443"; ma=86400

da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js

45.133.44.53

200 OK

47 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type
gzip compressed data, from Unix
Size
47 kB (46974 bytes)
Hash
0ed5789b0d70730de5684bbec5d9d3cc
33b48493dcfff31dceaef04a0191323bf0984418
5ae40fb6132261179f902636946e4e6cc3af807560e528048f331b7e86cc6cea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /19d44b098ab6aa7dfec36de417c310f1.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 24 Apr 2024 09:09:17 GMT
etag: W/"6628cc3d-29192"
content-encoding: gzip
expires: Sat, 04 May 2024 07:01:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 04 May 2024 06:56:15 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5ODk3MTM3MjgyOTc3NDY4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5ODk3MTM3MjgyOTc3NDY4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject3fb4026cec.ffbd26c481.com
Fingerprint27:04:EE:66:BA:5B:49:EF:14:C8:8F:A8:F2:D9:35:3D:F6:0F:40:6A
ValidityWed, 01 May 2024 02:50:26 GMT - Tue, 30 Jul 2024 02:50:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5ODk3MTM3MjgyOTc3NDY4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: 3fb4026cec.ffbd26c481.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 May 2024 06:56:15 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.com.co
Set-Cookie: id=6006128561980835951; Expires=Sun, 04 May 2025 06:56:15 GMT; Secure; SameSite=None
Vary: Origin

nereserv.com/in/dip?site=native-push&wl=1&event_id=eda13134-b047-4f12-8eac-cb2a01154d53&subid=388464194&sid=2406524672&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1

167.235.163.216

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=eda13134-b047-4f12-8eac-cb2a01154d53&subid=388464194&sid=2406524672&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=eda13134-b047-4f12-8eac-cb2a01154d53&subid=388464194&sid=2406524672&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=8c709aaa-9ad9-490f-8eb6-e5300af85662&subid=357529620&sid=3563783732&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1

167.235.163.216

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=8c709aaa-9ad9-490f-8eb6-e5300af85662&subid=357529620&sid=3563783732&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=8c709aaa-9ad9-490f-8eb6-e5300af85662&subid=357529620&sid=3563783732&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/multy

168.119.25.102

200 OK

0 B

URL POST HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/multy

168.119.25.102

200 OK

0 B

URL POST HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
cf4ef501916de20613d44dcd4a255c57
d371dd89e4d905508d47bcad00ccde63dcec06af
16fa6c18012336cdb4155b58d8b228ff9d920d3cf9731e01cc0ba11d859e4eae

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=08005224a1bd4c5ee9e52fbde82082fa; expires=Sun, 04 May 2025 06:56:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

img.doodcdn.co/snaps/4pvds8tqd9q8e4yi.jpg

104.26.6.74

200 OK

9.2 kB

URL GET HTTP/2
img.doodcdn.co/snaps/4pvds8tqd9q8e4yi.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 424x240, components 3
Size
9.2 kB (9190 bytes)
Hash
90babf00f1c157a35aef65aea35ac2e0
a9ef3b9886c9c880a9e4ea4acf9a1f19888054cc
98eecc15a41f36d55762320cf920e3cca628fc5bd0eb30b5dd855fc0c8bc45c8

HTTP Headers

GET /snaps/4pvds8tqd9q8e4yi.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/jpeg
content-length: 9190
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9337
etag: "64fb0a5d-2479"
expires: Sat, 18 May 2024 05:22:01 GMT
last-modified: Fri, 08 Sep 2023 11:49:49 GMT
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObqRLiCLhLYbsonlvVQhxEtfUfRnQUiYl8YVvPZIBqClUmBqM0mubnCMdrzW6agiot5i%2FB3Xk5XTr93VqJN1S7MuOMm05knjgwGDVJfW02%2BVd%2BrZzdVq%2BSFGWyGgpubn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e69705382fb512-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 208974
expires: Thu, 24 Apr 2025 06:56:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDv362mggBWMoAykQcwvz%2BmQLOCBjeoC1yndz%2F9EBPkj6tpY0Csz%2B6D9MOEspsGgGv%2BYLTEeaquchWtIqRw838PV1yyL7Wy%2BgxUHCVOIltfm%2B%2BguEIth23N1ds%2BQ2FtOYTEy3VgP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e6970549590b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:VDVcPTwBIb0WJ71I_1KfGKaIo8aLNQ:WKSGG7OsODm75ukt; Expires=Mon, 04-May-2026 06:56:16 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 06:56:16 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyktkfE5ya6-yaGntEXfL7209Es_64IRgDCudDkdCvAsCVr0jqM02oZCdgz0T8ZeRm27PSrWg
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-Quw8w0Su5yMpZPk0xDQqUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fikedaquabib.com/rotaInGRWQGA24/64343

23.109.170.67

200 OK

20 B

URL GET HTTP/1.1
fikedaquabib.com/rotaInGRWQGA24/64343
IP
23.109.170.67:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerLet's Encrypt
Subjectfikedaquabib.com
FingerprintB2:55:98:8B:5C:B3:05:1D:91:A5:02:43:2D:0B:18:86:4D:1E:E9:38
ValidityThu, 28 Mar 2024 23:27:44 GMT - Wed, 26 Jun 2024 23:27:43 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 06:56:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 06:56:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 06:56:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyktkfE5ya6-yaGntEXfL7209Es_64IRgDCudDkdCvAsCVr0jqM02oZCdgz0T8ZeRm27PSrWg

74.125.131.84

302 Found

430 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyktkfE5ya6-yaGntEXfL7209Es_64IRgDCudDkdCvAsCVr0jqM02oZCdgz0T8ZeRm27PSrWg
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (406)
Size
430 B (430 bytes)
Hash
9f21c5db293c4108ec4ea5cbffb8a251
4c98322481515878c57b3ce2f7b46c9620bd8434
37d14a6ec68bf64e87b1050f9407e83233a194a98c08e4b8001c947812d086bd

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyktkfE5ya6-yaGntEXfL7209Es_64IRgDCudDkdCvAsCVr0jqM02oZCdgz0T8ZeRm27PSrWg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:uBLYrEeIToeM-SXS4aC0CaCl5eO7OQ:T7A9yvczKpZETvwq;Path=/;Expires=Mon, 04-May-2026 06:56:16 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 06:56:16 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyZB04CnP3pWaIm9Txw1vP1ZCscJl_-MTw3MXCT_xiPfGBEx1Y4x4z4MVKFTWgaVtaL0zRvGg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1107101098%3A1714805776456013&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-VttcTXAg4G2zvhCEUpTOYA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 430
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

meenetiy.com/5/6678850

139.45.197.245

200 OK

42 kB

URL GET HTTP/2
meenetiy.com/5/6678850
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (42502 bytes)
Hash
ac04505b9cc6e7d8d8b4653d3ee3d0d2
7705e8bb148d8d85cf01e1459da8f41169d7b7fd
9f6a80be36c4b740a92a0cee3e32e7a640a600689acfd7d12120acce76028bd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript
x-trace-id: 4c1f3ab91bd9c1abb59595efdb9b1ea4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805238e8cd4482ebf1093b2a43b3ab; expires=Sun, 04 May 2025 06:56:15 GMT; path=/; secure; SameSite=None
oaidts=1714805775; expires=Sun, 04 May 2025 06:56:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

metrolagu.cam/jembud/6b4557525055343161444b

188.114.96.1

200 OK

9.2 kB

URL GET HTTP/3
metrolagu.cam/jembud/6b4557525055343161444b
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text
Size
9.2 kB (9240 bytes)
Hash
f7265c5aebabc421e5c7724ff4b0e8be
037ec6bde9e55b15162b55c930b26b7e6de01485
28314ce27c258a525407dd91a9cd22d27cabb04736e022f4112455f8d30521dc

HTTP Headers

GET /jembud/6b4557525055343161444b HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu7GElA9pL8%2BZ%2BRrvzQEK5w8pfi94saxy9YYZcl482Gb1Xv%2BUHm6J14kz%2F%2FNvcVuIlPkOscNnjJ3FGYPGA4%2BfbP7ePbaDKFKGHZkCym3jtinqBLjp%2Fxqu4YAm%2F3PpFDA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e697018deeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

5d39fe7c75.2ac4fce9b8.com/in/multy

168.119.25.102

200 OK

4.9 kB

URL POST HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type
JSON text data
Size
4.9 kB (4913 bytes)
Hash
37e534a00e5d42802ced73b2289e5e14
8b42ed3fc6871670db5340793245eaa63da3fd47
f0359197f64ca77bf9cb46d12a3050632fb868b6a1187baf53d9a905a70689d9

HTTP Headers

POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1697
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/json
content-length: 4913
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/multy

168.119.25.102

200 OK

4.4 kB

URL POST HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/multy
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type
JSON text data
Size
4.4 kB (4389 bytes)
Hash
e8e28d78a72bd09e8352d44ed466738e
92838abd5e51a3c9c2dd1d43449e27a900267ae5
63367e8f7383464e4d92d479cfa1b84b963fd3b79f96cee669421acd8d4fd126

HTTP Headers

POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1697
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/json
content-length: 4389
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3Dz7mu3m%26c%3DbpryMlsFig-mRC5QvrgADcbNnWnGlsSy1mg9U5_bhj8jrWIDWIRbevHc9fyjhFy3BWBiY0puXkQLVnIm2LgUOfbdsVcRCY1YBZ6kSnCoCxbXo63XyW3mgVWh74OOjSXsX4OTYO_tCpqEhOBj3D8p3_v6Ufch9Dei-s8wYWWQg_yEJLR3jk8G7-rR9_TqSt4Ep6pROFfBm7yMiP-mZM19hsmO7bIhqguFQPM9GVnuCHM-6gxjRbRMQFDYBd_qtF6bR0dPmLSdOyfiHX_zLjDgn6KnLxf0TcM10gV0br-KIY7xT8boBJr2Dj27zzh43YohCIA0Qe0SPgZCgs_l8NwkBNtbycrQWInSw7QyxdPGg83qDXeUlGln-KrcJCnMTsMHDvhbD06VKrtcyUIxfssdN_3hrJdKgF-A5kOSs93Az8FWjn37A8LAdRVXAl0g3k26D_W1QYC3F42SBPpzKgFnKiAWx_oHkxe_bRTevetg_mBbgSw3aFj2nLJOaCWgh9K996ISORgqbzWDaqKTbSwn8Ga8cgMJSouwA-KTCd2iqgf2zSjS8-musOciw5C8le-SdqiedE-v79ylyh5mRa09IOcbjfPXl6c-vgv1N-m_GcB7bi7TFfgk81_RP2aaqYHN-yMv8l0fWftiLfc6ed3WWS5_kH2WMZXeHTyy5HKFsU5dWWgpwfcHm9LQf-EjjJGkdX5lgAw36dZFaI9j9L19bsL5LBH0bOgM&icons=sP2l0Ifw5YsbZFSgV2DqTKtk1I2HtXXizWOsbhOoowznZFenI9PEX5DX0GWlEBHHr-TGQrQRmuPw-i8IwQctDsrZrVq9-KQLJMI6EWEmbFv4ShM3SKGDDFBSVY_MvoLoaFq99SHSTbtvzn1FwMN4iqbC8LpD2SK5bVhMmFAcNyQNALdQ_g&ext_cid=0&pop_price=0.00135&pop_ecpm=0.07237468239485197&px_id=418774&min_cpm=0.14805533305974905&out_id=1&campaign_type=lq-pop-ext&aid=3728&cid=17000&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.35&cpm=0&verify_hash=9e2b1c90ed5d6bdc7361bef739e1286d&is_native=3&real_bid=0.00135&pop_real_cpm=0.00135&pop_real_bid=0.00135&original_bid_usd=0.00135&original_bid=0.00135&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,4&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00135&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00135&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=572cb09b-ceb6-4d8e-b4ba-a7f05a478ed9&prev_step_diff=752

168.119.25.102

200 OK

0 B

URL GET HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3Dz7mu3m%26c%3DbpryMlsFig-mRC5QvrgADcbNnWnGlsSy1mg9U5_bhj8jrWIDWIRbevHc9fyjhFy3BWBiY0puXkQLVnIm2LgUOfbdsVcRCY1YBZ6kSnCoCxbXo63XyW3mgVWh74OOjSXsX4OTYO_tCpqEhOBj3D8p3_v6Ufch9Dei-s8wYWWQg_yEJLR3jk8G7-rR9_TqSt4Ep6pROFfBm7yMiP-mZM19hsmO7bIhqguFQPM9GVnuCHM-6gxjRbRMQFDYBd_qtF6bR0dPmLSdOyfiHX_zLjDgn6KnLxf0TcM10gV0br-KIY7xT8boBJr2Dj27zzh43YohCIA0Qe0SPgZCgs_l8NwkBNtbycrQWInSw7QyxdPGg83qDXeUlGln-KrcJCnMTsMHDvhbD06VKrtcyUIxfssdN_3hrJdKgF-A5kOSs93Az8FWjn37A8LAdRVXAl0g3k26D_W1QYC3F42SBPpzKgFnKiAWx_oHkxe_bRTevetg_mBbgSw3aFj2nLJOaCWgh9K996ISORgqbzWDaqKTbSwn8Ga8cgMJSouwA-KTCd2iqgf2zSjS8-musOciw5C8le-SdqiedE-v79ylyh5mRa09IOcbjfPXl6c-vgv1N-m_GcB7bi7TFfgk81_RP2aaqYHN-yMv8l0fWftiLfc6ed3WWS5_kH2WMZXeHTyy5HKFsU5dWWgpwfcHm9LQf-EjjJGkdX5lgAw36dZFaI9j9L19bsL5LBH0bOgM&icons=sP2l0Ifw5YsbZFSgV2DqTKtk1I2HtXXizWOsbhOoowznZFenI9PEX5DX0GWlEBHHr-TGQrQRmuPw-i8IwQctDsrZrVq9-KQLJMI6EWEmbFv4ShM3SKGDDFBSVY_MvoLoaFq99SHSTbtvzn1FwMN4iqbC8LpD2SK5bVhMmFAcNyQNALdQ_g&ext_cid=0&pop_price=0.00135&pop_ecpm=0.07237468239485197&px_id=418774&min_cpm=0.14805533305974905&out_id=1&campaign_type=lq-pop-ext&aid=3728&cid=17000&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.35&cpm=0&verify_hash=9e2b1c90ed5d6bdc7361bef739e1286d&is_native=3&real_bid=0.00135&pop_real_cpm=0.00135&pop_real_bid=0.00135&original_bid_usd=0.00135&original_bid=0.00135&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,4&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00135&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00135&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=572cb09b-ceb6-4d8e-b4ba-a7f05a478ed9&prev_step_diff=752
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Ftrack-eu.trackingtraffo.com%2Fpop%2Fimp%3Fauth%3Dz7mu3m%26c%3DbpryMlsFig-mRC5QvrgADcbNnWnGlsSy1mg9U5_bhj8jrWIDWIRbevHc9fyjhFy3BWBiY0puXkQLVnIm2LgUOfbdsVcRCY1YBZ6kSnCoCxbXo63XyW3mgVWh74OOjSXsX4OTYO_tCpqEhOBj3D8p3_v6Ufch9Dei-s8wYWWQg_yEJLR3jk8G7-rR9_TqSt4Ep6pROFfBm7yMiP-mZM19hsmO7bIhqguFQPM9GVnuCHM-6gxjRbRMQFDYBd_qtF6bR0dPmLSdOyfiHX_zLjDgn6KnLxf0TcM10gV0br-KIY7xT8boBJr2Dj27zzh43YohCIA0Qe0SPgZCgs_l8NwkBNtbycrQWInSw7QyxdPGg83qDXeUlGln-KrcJCnMTsMHDvhbD06VKrtcyUIxfssdN_3hrJdKgF-A5kOSs93Az8FWjn37A8LAdRVXAl0g3k26D_W1QYC3F42SBPpzKgFnKiAWx_oHkxe_bRTevetg_mBbgSw3aFj2nLJOaCWgh9K996ISORgqbzWDaqKTbSwn8Ga8cgMJSouwA-KTCd2iqgf2zSjS8-musOciw5C8le-SdqiedE-v79ylyh5mRa09IOcbjfPXl6c-vgv1N-m_GcB7bi7TFfgk81_RP2aaqYHN-yMv8l0fWftiLfc6ed3WWS5_kH2WMZXeHTyy5HKFsU5dWWgpwfcHm9LQf-EjjJGkdX5lgAw36dZFaI9j9L19bsL5LBH0bOgM&icons=sP2l0Ifw5YsbZFSgV2DqTKtk1I2HtXXizWOsbhOoowznZFenI9PEX5DX0GWlEBHHr-TGQrQRmuPw-i8IwQctDsrZrVq9-KQLJMI6EWEmbFv4ShM3SKGDDFBSVY_MvoLoaFq99SHSTbtvzn1FwMN4iqbC8LpD2SK5bVhMmFAcNyQNALdQ_g&ext_cid=0&pop_price=0.00135&pop_ecpm=0.07237468239485197&px_id=418774&min_cpm=0.14805533305974905&out_id=1&campaign_type=lq-pop-ext&aid=3728&cid=17000&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.35&cpm=0&verify_hash=9e2b1c90ed5d6bdc7361bef739e1286d&is_native=3&real_bid=0.00135&pop_real_cpm=0.00135&pop_real_bid=0.00135&original_bid_usd=0.00135&original_bid=0.00135&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,20,108,0,4&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00135&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00135&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=572cb09b-ceb6-4d8e-b4ba-a7f05a478ed9&prev_step_diff=752 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DSpEs5Uu-cliH9a8d5aPg40Ul97ltNO7e5uqq-9jBDJhKWQFTjNIq54HR_w7cYShhP4jfcLik5arddtR5W_7DbE8vOjRwpyEhUtetElWurCYcdubdzFvl3eH4zd2doNlL_0SRy98QOoNg86hAX-GNdDqdxEEtRdjpyE2VMXF0Bnhz1Iyh1VJXOSsIDc4I8aKhFJqCoFcurm-as8E2LYWv6LWUrznvICH686xesMoFTfgwoGdZLwBOLMJMAKke0f-na2Sr8i8tecUyDs1VIhNil2SpFal9aChCEKT7lUAkC6wvOPJnm8YUImweKDnVdw-ts0mo0tg2SOkiFA_gZXVnfIWEwlu1PbDUfkXouoom9GDVAk9K8bwNne-zl3aRSjis0CZ6t0vLSKs-cbE9KdD65qdDlQsNXoSzp3Vm1-pj6z8em6prjDumIfXTPxeRZUflG8dTXVKqXicAWRHqrsPvsUPR7_gaL-PD0s6y_11Rrh7ybpW0gnX8xF7vuboILA5unN7sjbEbzvM__kB39wkbmQtv5K8KoOubzQ3erqTtRwgTAsdcl1kTd3Q%3D&icons=h9zj5VNP5rCKFqvH-8LRfDZa9RN_y8ve20kGEHVOE56506Y0q6NfxHs9jXi6TmOI0vY-GQVGb8jTdornRdaCHiQm_GhkjU8LsoKVB1YIgad-fc3GihGT-QzDaNxJipu_4U3fc1puIby5pW1fmw_99mrKofPrpgJClTEF6FEYTcrkJGH6W4I6Te804XMi2TovmUz-ha_ime-25RpsV55sWWugCMnT81hwst1BI-S77qTTVs--VAs-g7NrXEGekWQUrQgb8xrzB649K6oKEP34_Qsu9_UB7krWwU8Y-jmkiKvdlWWphmoy0IchG0vvWwwcR7iVv7l34410lqThcNvnUqlyJvqgjm6fJAafCMuGZ0XTB6YYxnR09JtxvEeb2GYWCxLU91HxnEVRY-SvL-ef1yY9koE_Fo_hp_zHOP-vzIKr7q8i5-W8B4znaWJ3-rqNYzSmZZ6HVrrOVDVIzQwyph7rEXsnQp_9PPXVHlQ_cOn8aPu9C92gtd5zfg6h8Bg8VPWlexv55mx6DNFEk7XoOd5bbqRpqi8Cj_A-HQjeCN0lN3Rr9q2FLnYKHknk3Qf3_XFsVPvqfGyNoivJT836jZANnbjSaQ-ppH8WfwHILOYB03aBK2EsBTCJFEojbAjJmc81XS5arbCwcY4X1kHp4SE9wZnhyeiIZZMgM_wYAJyq-A&ext_cid=0&px_id=73418774&min_cpm=0.007188974082503557&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.007912862679018877&cpm=0&verify_hash=eca5b098bc11d53f581e6833b92e9c16&is_native=1&real_bid=0.003039749979972825&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=93,4,5,90,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=2bfcb181-b796-4605-a047-6ad5053985fb&prev_step_diff=752

168.119.25.102

200 OK

0 B

URL GET HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DSpEs5Uu-cliH9a8d5aPg40Ul97ltNO7e5uqq-9jBDJhKWQFTjNIq54HR_w7cYShhP4jfcLik5arddtR5W_7DbE8vOjRwpyEhUtetElWurCYcdubdzFvl3eH4zd2doNlL_0SRy98QOoNg86hAX-GNdDqdxEEtRdjpyE2VMXF0Bnhz1Iyh1VJXOSsIDc4I8aKhFJqCoFcurm-as8E2LYWv6LWUrznvICH686xesMoFTfgwoGdZLwBOLMJMAKke0f-na2Sr8i8tecUyDs1VIhNil2SpFal9aChCEKT7lUAkC6wvOPJnm8YUImweKDnVdw-ts0mo0tg2SOkiFA_gZXVnfIWEwlu1PbDUfkXouoom9GDVAk9K8bwNne-zl3aRSjis0CZ6t0vLSKs-cbE9KdD65qdDlQsNXoSzp3Vm1-pj6z8em6prjDumIfXTPxeRZUflG8dTXVKqXicAWRHqrsPvsUPR7_gaL-PD0s6y_11Rrh7ybpW0gnX8xF7vuboILA5unN7sjbEbzvM__kB39wkbmQtv5K8KoOubzQ3erqTtRwgTAsdcl1kTd3Q%3D&icons=h9zj5VNP5rCKFqvH-8LRfDZa9RN_y8ve20kGEHVOE56506Y0q6NfxHs9jXi6TmOI0vY-GQVGb8jTdornRdaCHiQm_GhkjU8LsoKVB1YIgad-fc3GihGT-QzDaNxJipu_4U3fc1puIby5pW1fmw_99mrKofPrpgJClTEF6FEYTcrkJGH6W4I6Te804XMi2TovmUz-ha_ime-25RpsV55sWWugCMnT81hwst1BI-S77qTTVs--VAs-g7NrXEGekWQUrQgb8xrzB649K6oKEP34_Qsu9_UB7krWwU8Y-jmkiKvdlWWphmoy0IchG0vvWwwcR7iVv7l34410lqThcNvnUqlyJvqgjm6fJAafCMuGZ0XTB6YYxnR09JtxvEeb2GYWCxLU91HxnEVRY-SvL-ef1yY9koE_Fo_hp_zHOP-vzIKr7q8i5-W8B4znaWJ3-rqNYzSmZZ6HVrrOVDVIzQwyph7rEXsnQp_9PPXVHlQ_cOn8aPu9C92gtd5zfg6h8Bg8VPWlexv55mx6DNFEk7XoOd5bbqRpqi8Cj_A-HQjeCN0lN3Rr9q2FLnYKHknk3Qf3_XFsVPvqfGyNoivJT836jZANnbjSaQ-ppH8WfwHILOYB03aBK2EsBTCJFEojbAjJmc81XS5arbCwcY4X1kHp4SE9wZnhyeiIZZMgM_wYAJyq-A&ext_cid=0&px_id=73418774&min_cpm=0.007188974082503557&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.007912862679018877&cpm=0&verify_hash=eca5b098bc11d53f581e6833b92e9c16&is_native=1&real_bid=0.003039749979972825&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=93,4,5,90,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=2bfcb181-b796-4605-a047-6ad5053985fb&prev_step_diff=752
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=357529620&sid=3563783732&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=56.19720389836084&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DSpEs5Uu-cliH9a8d5aPg40Ul97ltNO7e5uqq-9jBDJhKWQFTjNIq54HR_w7cYShhP4jfcLik5arddtR5W_7DbE8vOjRwpyEhUtetElWurCYcdubdzFvl3eH4zd2doNlL_0SRy98QOoNg86hAX-GNdDqdxEEtRdjpyE2VMXF0Bnhz1Iyh1VJXOSsIDc4I8aKhFJqCoFcurm-as8E2LYWv6LWUrznvICH686xesMoFTfgwoGdZLwBOLMJMAKke0f-na2Sr8i8tecUyDs1VIhNil2SpFal9aChCEKT7lUAkC6wvOPJnm8YUImweKDnVdw-ts0mo0tg2SOkiFA_gZXVnfIWEwlu1PbDUfkXouoom9GDVAk9K8bwNne-zl3aRSjis0CZ6t0vLSKs-cbE9KdD65qdDlQsNXoSzp3Vm1-pj6z8em6prjDumIfXTPxeRZUflG8dTXVKqXicAWRHqrsPvsUPR7_gaL-PD0s6y_11Rrh7ybpW0gnX8xF7vuboILA5unN7sjbEbzvM__kB39wkbmQtv5K8KoOubzQ3erqTtRwgTAsdcl1kTd3Q%3D&icons=h9zj5VNP5rCKFqvH-8LRfDZa9RN_y8ve20kGEHVOE56506Y0q6NfxHs9jXi6TmOI0vY-GQVGb8jTdornRdaCHiQm_GhkjU8LsoKVB1YIgad-fc3GihGT-QzDaNxJipu_4U3fc1puIby5pW1fmw_99mrKofPrpgJClTEF6FEYTcrkJGH6W4I6Te804XMi2TovmUz-ha_ime-25RpsV55sWWugCMnT81hwst1BI-S77qTTVs--VAs-g7NrXEGekWQUrQgb8xrzB649K6oKEP34_Qsu9_UB7krWwU8Y-jmkiKvdlWWphmoy0IchG0vvWwwcR7iVv7l34410lqThcNvnUqlyJvqgjm6fJAafCMuGZ0XTB6YYxnR09JtxvEeb2GYWCxLU91HxnEVRY-SvL-ef1yY9koE_Fo_hp_zHOP-vzIKr7q8i5-W8B4znaWJ3-rqNYzSmZZ6HVrrOVDVIzQwyph7rEXsnQp_9PPXVHlQ_cOn8aPu9C92gtd5zfg6h8Bg8VPWlexv55mx6DNFEk7XoOd5bbqRpqi8Cj_A-HQjeCN0lN3Rr9q2FLnYKHknk3Qf3_XFsVPvqfGyNoivJT836jZANnbjSaQ-ppH8WfwHILOYB03aBK2EsBTCJFEojbAjJmc81XS5arbCwcY4X1kHp4SE9wZnhyeiIZZMgM_wYAJyq-A&ext_cid=0&px_id=73418774&min_cpm=0.007188974082503557&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=2726937324389251781&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.007912862679018877&cpm=0&verify_hash=eca5b098bc11d53f581e6833b92e9c16&is_native=1&real_bid=0.003039749979972825&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=93,4,5,90,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=2bfcb181-b796-4605-a047-6ad5053985fb&prev_step_diff=752 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

168.119.25.102

200 OK

0 B

URL GET HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=388464194&sid=2406524672&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=63.961633525804245&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Feu26.adsy.ink%2Fpop%2Fclk%2F1714805776%2F5c5b7149eec4440ea144e0d70a2cc511&icons=ZY76VaMsFPkaUUxfh-eSSrjNCwBWPxpoM8JCQ952HHHe3UqhDg0QsGNSnqi2I3CMAOjiuD22mMxYfKk9oIfKKgFR7ExqEE5fabONihEXSlhxAIBR2-JOahdfTnF57LQpFBlB_dQ7-elOlBTaHMzBfqbi1EG0IOhtBL9Uek9EeKrrIHIY8g&ext_cid=0&pop_price=0.00108&pop_ecpm=0.027561624044479448&px_id=418776&min_cpm=0.07047777780409387&out_id=1&campaign_type=lq-pop-ext&aid=3728&cid=17000&uniq=&mid=8655743489717579908&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.08&cpm=0&verify_hash=e204ed7b8a59996577ef16a4b9ec2031&is_native=3&real_bid=0.00108&pop_real_cpm=0.00108&pop_real_bid=0.00108&original_bid_usd=0.00108&original_bid=0.00108&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,27,20,108,0&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00108&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00108&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=5b301c68-6162-495e-923f-a7742db5c461&prev_step_diff=951
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=388464194&sid=2406524672&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=63.961633525804245&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=http%3A%2F%2Feu26.adsy.ink%2Fpop%2Fclk%2F1714805776%2F5c5b7149eec4440ea144e0d70a2cc511&icons=ZY76VaMsFPkaUUxfh-eSSrjNCwBWPxpoM8JCQ952HHHe3UqhDg0QsGNSnqi2I3CMAOjiuD22mMxYfKk9oIfKKgFR7ExqEE5fabONihEXSlhxAIBR2-JOahdfTnF57LQpFBlB_dQ7-elOlBTaHMzBfqbi1EG0IOhtBL9Uek9EeKrrIHIY8g&ext_cid=0&pop_price=0.00108&pop_ecpm=0.027561624044479448&px_id=418776&min_cpm=0.07047777780409387&out_id=1&campaign_type=lq-pop-ext&aid=3728&cid=17000&uniq=&mid=8655743489717579908&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=1.08&cpm=0&verify_hash=e204ed7b8a59996577ef16a4b9ec2031&is_native=3&real_bid=0.00108&pop_real_cpm=0.00108&pop_real_bid=0.00108&original_bid_usd=0.00108&original_bid=0.00108&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,27,20,108,0&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00108&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&is_pop_cpc=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00108&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=5b301c68-6162-495e-923f-a7742db5c461&prev_step_diff=951 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=388464194&sid=2406524672&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=63.961633525804245&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D153GNobEEzSSKwkewaJmOb-l0OTguiwXVYIj0JKDBMZENUAWEDIvEG0AA2uoIcCuoYXNDkCEmWHfFGxs-324BKKTlp8vxhr5gm6D32Xt3xevx6v_gOFDemsgvpeHXj6dDJmvetY71RdRR6BNHj-vIftzWDFY0H_c_zvKEq5LqWdt_Tk-MVXWRe1a4apYLnw1ByKhuXR6RJO2E4GZ5L5eXNHDZVY9jkI2ySivhQ0rSgHXRBMyZzstoBnwdOdoaBCsq6Ry_6q_mDO9t9A3Z7q2z3kRSQabkfw9NEaDQaSfayCFEKFQmhVfrjRYtREqnXSbXKwE1Y8RbKSxuoikLicZSKOuMerbm0BSJ4SHVV6Hfrc_we3d8HJRjePBpcpGnWISpgO8rdIMUMW7PKyrFv7aK62qutLg91XaCy4K0Ly05ANMrSEefd3dlNtmKnvxawgV0B7k8vJKbbGjO1qHfH2VgK5vVfPrLdxhGGfJg-RaVbXasX_K_9qpkHFHiNnGzQR1cHHUcSjFpBG-QXiSWTNSXQzUqI8mHD0ye1eg4FbzRqEtAPBFp9aZw_YuyeejiNc4P-DQZ-U-75W3gSRzCkeQi-kbh9jJvkKVKw0%3D&icons=T4VPuOrR7_o9hRthVljEhI-rY8iz2VXFi118JgugbXgYkD1bvDlkStj0XFhYCDTkywXPr4e5XrEdXUx3BL7b6zwgd6Mg516kJORuaxp9pUNz0pLq4Vp7dsfbiCLVZ0UC2FfpUmijCn6nAroh3dUuz4sUuVCP4_0Del28xDmRSsxCJJK_Rl8TLWaxm5J1-IHZxcH65sCHvP4D1aY4fxIBpIlzOLpdpJtPy_QK1j8So0yBw__Nh0Xn0do5XLUdSn9eI7vxPcfwareRzkj122OXBYXFKxjOYjn9uG7KtVyrbU7ynjDqpISK8Jn9uh38l9tXqB8PqKWy4wuS35Fv89_ljAGxq8B1RsfGgyzNugCbeRJ4p1Fwjfvlmsn4WzvujJX57C0CebPWxqiaXEUBDWiVP6203wRl4ybTWuLWSC0z22ovw0TIYcSKDDfkP3cqA3wgEbbRyvkkbfkI_At0FtbyAl0A8gn-aG0AMWG_UrH4cYyZ3nuoIGxfOhHYkGAjsZX6SdagaA_45XYdcQVL-McpDEVi9M9S5EpKdvgwEt9UZvO51znfZnx4jhgRuQgJUlJWtUQNxEq70JnA7YFSKYcPtA6_awB2gQJJdA0Uey6bpoQ4358q0gRajKqK930XBcjq-DUQkN3WHnja45Txf45cferw7KgHPTyA_cYA8mIdV0rvhEUIAtiFWnZp_68FOlFlLPTzOEUcAcgC&ext_cid=0&px_id=31418776&min_cpm=0.050744882385371864&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8655743489717579908&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.058590142060546115&cpm=0&verify_hash=734c7f7e0a4c27e5a1e51509350768ad&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=a3b64433-3d29-4ac0-9cf4-c71fd864f2aa&prev_step_diff=951

168.119.25.102

200 OK

0 B

URL GET HTTP/2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=388464194&sid=2406524672&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=63.961633525804245&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D153GNobEEzSSKwkewaJmOb-l0OTguiwXVYIj0JKDBMZENUAWEDIvEG0AA2uoIcCuoYXNDkCEmWHfFGxs-324BKKTlp8vxhr5gm6D32Xt3xevx6v_gOFDemsgvpeHXj6dDJmvetY71RdRR6BNHj-vIftzWDFY0H_c_zvKEq5LqWdt_Tk-MVXWRe1a4apYLnw1ByKhuXR6RJO2E4GZ5L5eXNHDZVY9jkI2ySivhQ0rSgHXRBMyZzstoBnwdOdoaBCsq6Ry_6q_mDO9t9A3Z7q2z3kRSQabkfw9NEaDQaSfayCFEKFQmhVfrjRYtREqnXSbXKwE1Y8RbKSxuoikLicZSKOuMerbm0BSJ4SHVV6Hfrc_we3d8HJRjePBpcpGnWISpgO8rdIMUMW7PKyrFv7aK62qutLg91XaCy4K0Ly05ANMrSEefd3dlNtmKnvxawgV0B7k8vJKbbGjO1qHfH2VgK5vVfPrLdxhGGfJg-RaVbXasX_K_9qpkHFHiNnGzQR1cHHUcSjFpBG-QXiSWTNSXQzUqI8mHD0ye1eg4FbzRqEtAPBFp9aZw_YuyeejiNc4P-DQZ-U-75W3gSRzCkeQi-kbh9jJvkKVKw0%3D&icons=T4VPuOrR7_o9hRthVljEhI-rY8iz2VXFi118JgugbXgYkD1bvDlkStj0XFhYCDTkywXPr4e5XrEdXUx3BL7b6zwgd6Mg516kJORuaxp9pUNz0pLq4Vp7dsfbiCLVZ0UC2FfpUmijCn6nAroh3dUuz4sUuVCP4_0Del28xDmRSsxCJJK_Rl8TLWaxm5J1-IHZxcH65sCHvP4D1aY4fxIBpIlzOLpdpJtPy_QK1j8So0yBw__Nh0Xn0do5XLUdSn9eI7vxPcfwareRzkj122OXBYXFKxjOYjn9uG7KtVyrbU7ynjDqpISK8Jn9uh38l9tXqB8PqKWy4wuS35Fv89_ljAGxq8B1RsfGgyzNugCbeRJ4p1Fwjfvlmsn4WzvujJX57C0CebPWxqiaXEUBDWiVP6203wRl4ybTWuLWSC0z22ovw0TIYcSKDDfkP3cqA3wgEbbRyvkkbfkI_At0FtbyAl0A8gn-aG0AMWG_UrH4cYyZ3nuoIGxfOhHYkGAjsZX6SdagaA_45XYdcQVL-McpDEVi9M9S5EpKdvgwEt9UZvO51znfZnx4jhgRuQgJUlJWtUQNxEq70JnA7YFSKYcPtA6_awB2gQJJdA0Uey6bpoQ4358q0gRajKqK930XBcjq-DUQkN3WHnja45Txf45cferw7KgHPTyA_cYA8mIdV0rvhEUIAtiFWnZp_68FOlFlLPTzOEUcAcgC&ext_cid=0&px_id=31418776&min_cpm=0.050744882385371864&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8655743489717579908&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.058590142060546115&cpm=0&verify_hash=734c7f7e0a4c27e5a1e51509350768ad&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=a3b64433-3d29-4ac0-9cf4-c71fd864f2aa&prev_step_diff=951
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FKDa14UPRWEk&refdom=poop.com.co&auction_time=1714805776&subid=388464194&sid=2406524672&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=63.961633525804245&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FKDa14UPRWEk%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D153GNobEEzSSKwkewaJmOb-l0OTguiwXVYIj0JKDBMZENUAWEDIvEG0AA2uoIcCuoYXNDkCEmWHfFGxs-324BKKTlp8vxhr5gm6D32Xt3xevx6v_gOFDemsgvpeHXj6dDJmvetY71RdRR6BNHj-vIftzWDFY0H_c_zvKEq5LqWdt_Tk-MVXWRe1a4apYLnw1ByKhuXR6RJO2E4GZ5L5eXNHDZVY9jkI2ySivhQ0rSgHXRBMyZzstoBnwdOdoaBCsq6Ry_6q_mDO9t9A3Z7q2z3kRSQabkfw9NEaDQaSfayCFEKFQmhVfrjRYtREqnXSbXKwE1Y8RbKSxuoikLicZSKOuMerbm0BSJ4SHVV6Hfrc_we3d8HJRjePBpcpGnWISpgO8rdIMUMW7PKyrFv7aK62qutLg91XaCy4K0Ly05ANMrSEefd3dlNtmKnvxawgV0B7k8vJKbbGjO1qHfH2VgK5vVfPrLdxhGGfJg-RaVbXasX_K_9qpkHFHiNnGzQR1cHHUcSjFpBG-QXiSWTNSXQzUqI8mHD0ye1eg4FbzRqEtAPBFp9aZw_YuyeejiNc4P-DQZ-U-75W3gSRzCkeQi-kbh9jJvkKVKw0%3D&icons=T4VPuOrR7_o9hRthVljEhI-rY8iz2VXFi118JgugbXgYkD1bvDlkStj0XFhYCDTkywXPr4e5XrEdXUx3BL7b6zwgd6Mg516kJORuaxp9pUNz0pLq4Vp7dsfbiCLVZ0UC2FfpUmijCn6nAroh3dUuz4sUuVCP4_0Del28xDmRSsxCJJK_Rl8TLWaxm5J1-IHZxcH65sCHvP4D1aY4fxIBpIlzOLpdpJtPy_QK1j8So0yBw__Nh0Xn0do5XLUdSn9eI7vxPcfwareRzkj122OXBYXFKxjOYjn9uG7KtVyrbU7ynjDqpISK8Jn9uh38l9tXqB8PqKWy4wuS35Fv89_ljAGxq8B1RsfGgyzNugCbeRJ4p1Fwjfvlmsn4WzvujJX57C0CebPWxqiaXEUBDWiVP6203wRl4ybTWuLWSC0z22ovw0TIYcSKDDfkP3cqA3wgEbbRyvkkbfkI_At0FtbyAl0A8gn-aG0AMWG_UrH4cYyZ3nuoIGxfOhHYkGAjsZX6SdagaA_45XYdcQVL-McpDEVi9M9S5EpKdvgwEt9UZvO51znfZnx4jhgRuQgJUlJWtUQNxEq70JnA7YFSKYcPtA6_awB2gQJJdA0Uey6bpoQ4358q0gRajKqK930XBcjq-DUQkN3WHnja45Txf45cferw7KgHPTyA_cYA8mIdV0rvhEUIAtiFWnZp_68FOlFlLPTzOEUcAcgC&ext_cid=0&px_id=31418776&min_cpm=0.050744882385371864&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=8655743489717579908&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.058590142060546115&cpm=0&verify_hash=734c7f7e0a4c27e5a1e51509350768ad&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714863376&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=a3b64433-3d29-4ac0-9cf4-c71fd864f2aa&prev_step_diff=951 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 May 2024 06:56:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=54d6ab7e-d7ef-42d5-98dd-117bed6273bb&prev_step_diff=752

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=54d6ab7e-d7ef-42d5-98dd-117bed6273bb&prev_step_diff=752
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=54d6ab7e-d7ef-42d5-98dd-117bed6273bb&prev_step_diff=752 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 06:56:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyZB04CnP3pWaIm9Txw1vP1ZCscJl_-MTw3MXCT_xiPfGBEx1Y4x4z4MVKFTWgaVtaL0zRvGg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1107101098%3A1714805776456013&theme=mn&ddm=0

74.125.131.84

403 Forbidden

1.9 kB

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyZB04CnP3pWaIm9Txw1vP1ZCscJl_-MTw3MXCT_xiPfGBEx1Y4x4z4MVKFTWgaVtaL0zRvGg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1107101098%3A1714805776456013&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
gzip compressed data, max compression
Size
1.9 kB (1874 bytes)
Hash
4cce44c5c6ee33e7cf7c87d1e4c1969f
3dc11ace8085a007f6b0690ba528b0755a6b52a7
e897ce8611a59d18bfc565cb5579ec1cc41478f7523d3ff389abad85b4dcf313

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyZB04CnP3pWaIm9Txw1vP1ZCscJl_-MTw3MXCT_xiPfGBEx1Y4x4z4MVKFTWgaVtaL0zRvGg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1107101098%3A1714805776456013&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 06:56:16 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-BEKK_WVbpWhKHbHyxc8ikA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0944eb8b-5c6a-446b-86c4-d479fef24e10&prev_step_diff=951

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0944eb8b-5c6a-446b-86c4-d479fef24e10&prev_step_diff=951
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0944eb8b-5c6a-446b-86c4-d479fef24e10&prev_step_diff=951 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 06:56:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=CfRdeHScHZfLAGDmM5SbRhZNsd6Kn9Ufh1veUXe26gny_k5W119ouB_lR54bbFd1QaQHlYlH11k1Xj3yPSqh0O5HEZTKAuxijI9aefhxJrzHO4JPxH4EJwJps9H_O6SauUN8Elpj9DlczR-ctnkTX20xJBbWAlGTo74Nj8bxQmUEkLnQyG9OtysiYDb4CGYQgu4fp4TDJ0-BgATMK5bd17y33f7aTviXaI0LcuSUlA16r5UOqtPS2ZJJwjorOtC-MBwBeByCp7MJtlTvWGC453Ndbi27De-MQrHuXrsvPSn1AJoYug5WQedbWZ2eGJm32ZPQdF-vfPE_YFIJFj-Wj0FtN8zoHwHqujnrvKM32nBuF6AwvgU5VfBDQ_9GkEsUUmxZOWlstyfQr_1ynUiC3YhEbhOf7JH1GZhne_SQGGAD&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=a9df7a84-51c3-4aff-935d-efade92d7ac0&prev_step_diff=752

138.201.194.90

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=CfRdeHScHZfLAGDmM5SbRhZNsd6Kn9Ufh1veUXe26gny_k5W119ouB_lR54bbFd1QaQHlYlH11k1Xj3yPSqh0O5HEZTKAuxijI9aefhxJrzHO4JPxH4EJwJps9H_O6SauUN8Elpj9DlczR-ctnkTX20xJBbWAlGTo74Nj8bxQmUEkLnQyG9OtysiYDb4CGYQgu4fp4TDJ0-BgATMK5bd17y33f7aTviXaI0LcuSUlA16r5UOqtPS2ZJJwjorOtC-MBwBeByCp7MJtlTvWGC453Ndbi27De-MQrHuXrsvPSn1AJoYug5WQedbWZ2eGJm32ZPQdF-vfPE_YFIJFj-Wj0FtN8zoHwHqujnrvKM32nBuF6AwvgU5VfBDQ_9GkEsUUmxZOWlstyfQr_1ynUiC3YhEbhOf7JH1GZhne_SQGGAD&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=a9df7a84-51c3-4aff-935d-efade92d7ac0&prev_step_diff=752
IP
138.201.194.90:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=CfRdeHScHZfLAGDmM5SbRhZNsd6Kn9Ufh1veUXe26gny_k5W119ouB_lR54bbFd1QaQHlYlH11k1Xj3yPSqh0O5HEZTKAuxijI9aefhxJrzHO4JPxH4EJwJps9H_O6SauUN8Elpj9DlczR-ctnkTX20xJBbWAlGTo74Nj8bxQmUEkLnQyG9OtysiYDb4CGYQgu4fp4TDJ0-BgATMK5bd17y33f7aTviXaI0LcuSUlA16r5UOqtPS2ZJJwjorOtC-MBwBeByCp7MJtlTvWGC453Ndbi27De-MQrHuXrsvPSn1AJoYug5WQedbWZ2eGJm32ZPQdF-vfPE_YFIJFj-Wj0FtN8zoHwHqujnrvKM32nBuF6AwvgU5VfBDQ_9GkEsUUmxZOWlstyfQr_1ynUiC3YhEbhOf7JH1GZhne_SQGGAD&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=a9df7a84-51c3-4aff-935d-efade92d7ac0&prev_step_diff=752 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sat, 04 May 2024 06:56:15 GMT
content-length: 0
location: https://img.vmmcdn.com/get/94066336/551812_icon.png
x-app-id: 14

img.vmmcdn.com/get/61863514/551812_image.jpg

46.4.121.113

200 OK

12 kB

URL GET HTTP/2
img.vmmcdn.com/get/61863514/551812_image.jpg
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/61863514/551812_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=DGwNQJsloDVVrBCA6QhwKnnWRvYjnPaveJn4EvUHVlkE25fv6S_XDOe_vR70k-X9_chJ-e8adAnRClBJx9i8CCwh6IPdOXfdJKnbKz8kNKyPbj7IKY57lKAnxo_Ez7anI02thUu3XXj5mHqHxuHOJj5LgwUNll8jesaIzM55sHDXKW2IjPKjCagtHVAVGQCt7CkM-pKtxrg3Lxw35mqraZbVoq5tF_7Swlel-Nmrz7UDod7o_2HhEG-xnVp0Fc7pvlwBy75KOC8KxaOxInzK1epwnjV89V7chfrrrQ_0Wj0pD_V4kkq5e3PlpYAupwwQECkukYSZewKlFy5mvNgdAIWx-dBtKvwEgib_O1ZvfH6i1SCliGneDmPa7x9vEOk7qsrwFRIuIYZheb6SUrckcdK75H5VOQEsNvTbUuj07yZev_qQJk78rX672seYSsKjRQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=b30ddd06-3e30-429d-a3e8-faa04e28152f&prev_step_diff=951

138.201.194.90

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=DGwNQJsloDVVrBCA6QhwKnnWRvYjnPaveJn4EvUHVlkE25fv6S_XDOe_vR70k-X9_chJ-e8adAnRClBJx9i8CCwh6IPdOXfdJKnbKz8kNKyPbj7IKY57lKAnxo_Ez7anI02thUu3XXj5mHqHxuHOJj5LgwUNll8jesaIzM55sHDXKW2IjPKjCagtHVAVGQCt7CkM-pKtxrg3Lxw35mqraZbVoq5tF_7Swlel-Nmrz7UDod7o_2HhEG-xnVp0Fc7pvlwBy75KOC8KxaOxInzK1epwnjV89V7chfrrrQ_0Wj0pD_V4kkq5e3PlpYAupwwQECkukYSZewKlFy5mvNgdAIWx-dBtKvwEgib_O1ZvfH6i1SCliGneDmPa7x9vEOk7qsrwFRIuIYZheb6SUrckcdK75H5VOQEsNvTbUuj07yZev_qQJk78rX672seYSsKjRQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=b30ddd06-3e30-429d-a3e8-faa04e28152f&prev_step_diff=951
IP
138.201.194.90:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=DGwNQJsloDVVrBCA6QhwKnnWRvYjnPaveJn4EvUHVlkE25fv6S_XDOe_vR70k-X9_chJ-e8adAnRClBJx9i8CCwh6IPdOXfdJKnbKz8kNKyPbj7IKY57lKAnxo_Ez7anI02thUu3XXj5mHqHxuHOJj5LgwUNll8jesaIzM55sHDXKW2IjPKjCagtHVAVGQCt7CkM-pKtxrg3Lxw35mqraZbVoq5tF_7Swlel-Nmrz7UDod7o_2HhEG-xnVp0Fc7pvlwBy75KOC8KxaOxInzK1epwnjV89V7chfrrrQ_0Wj0pD_V4kkq5e3PlpYAupwwQECkukYSZewKlFy5mvNgdAIWx-dBtKvwEgib_O1ZvfH6i1SCliGneDmPa7x9vEOk7qsrwFRIuIYZheb6SUrckcdK75H5VOQEsNvTbUuj07yZev_qQJk78rX672seYSsKjRQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=b30ddd06-3e30-429d-a3e8-faa04e28152f&prev_step_diff=951 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sat, 04 May 2024 06:56:15 GMT
content-length: 0
location: https://img.vmmcdn.com/get/54189012/551810_icon.png
x-app-id: 14

img.vmmcdn.com/get/5741293/551810_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/5741293/551810_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/5741293/551810_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 04 May 2024 06:56:16 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/94066336/551812_icon.png

46.4.121.113

200 OK

16 kB

URL GET HTTP/2
img.vmmcdn.com/get/94066336/551812_icon.png
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (15536 bytes)
Hash
98e46036cc72688816be82af7bb79ca2
a9440b902f5df8848e7dbc751574c9d2684f231c
3cf86dd4a41eb5c8054d74ccbe0dddb4e8949623eb51ed1674c1a676d706d536

HTTP Headers

GET /get/94066336/551812_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/png
content-length: 15536
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-3cb0"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

img.vmmcdn.com/get/54189012/551810_icon.png

46.4.121.113

200 OK

7.8 kB

URL GET HTTP/2
img.vmmcdn.com/get/54189012/551810_icon.png
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
7.8 kB (7770 bytes)
Hash
0650546bbbcd67dd93173a189442d1a7
2e11ca6e252fbfdeab364e9729a0558816df3b6c
e5edb8a6c4e0cb1376b15832c2140fa6037ed69042cb988102d5b0c1edcbcd11

HTTP Headers

GET /get/54189012/551810_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/png
content-length: 7770
last-modified: Wed, 27 Mar 2024 08:37:19 GMT
cache-control: public, max-age=604800
etag: "6603dabf-1e5a"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

5.1 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
5.1 kB (5119 bytes)
Hash
919a9ea8431886f0341c5b35fa4ca509
dc3f6ed18c0aa2f5730f1f72839936121dd8c51f
60ee6ae0f25ca6e0f933a6cde963fc0633655658989bf50a6f2d2a3d20162f98

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 933
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 04 May 2024 06:56:17 GMT
content-type: application/json
content-length: 5119
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

metrolagu.cam/play.svg

188.114.96.1

200 OK

633 B

URL GET HTTP/2
metrolagu.cam/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5321
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG%2FjBd04L6Y2m%2F%2FE%2FFXnelPmx%2BNwegK3RWRltuElh%2FLdcBOYXgNNxBzJXMniEjnulZqZlusA2dyObuIUAqrGCguXB4ZIUu4LDGF%2ByDTvzjFUaJJAKytz0SXTfZ60AMDE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e696fe5a2cb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 06:56:16 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mp4skin.com/watch?V=Ay04zDYuaZA

172.67.154.189

200 OK

633 B

URL POST HTTP/3
mp4skin.com/watch?V=Ay04zDYuaZA
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
HTML document, ASCII text, with very long lines (672), with no line terminators
Size
633 B (633 bytes)
Hash
449dd17c0e38ab5954ab3c3e952ed422
6a990a1fcaa1babad5f4b1e610631ef517bc6aca
9693eaea61c90c21a26a2c1ee66e64758a9c01ffe18dfa6911fff8638e73c4f3

HTTP Headers

POST /watch?V=Ay04zDYuaZA HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/6b4557525055343161444b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RUTEJv0cl1PItfmNSTUsLMz8mPCcYB9VuzLc0iQR0f1IoY3xHnU1dse%2FFKaeWQ7CNAnFzuTD7XDgacvcshAs6QG7gPi3s3uMxHDwEoO7Bb5K8BN1H4oRfypU9le2MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e697009d0a0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js

45.133.44.53

200 OK

470 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type

Size
470 kB (470386 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 07:01:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

mp4skin.com/embud/6b4557525055343161444b

172.67.154.189

200 OK

241 B

URL GET HTTP/2
mp4skin.com/embud/6b4557525055343161444b
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
2feee0bc8a816c01647ae376902f28d9
05513733baa8bb0e5b5a4372c9a5dcb302194e9d
7ff5613779fda2cb27e894c0d199abc8c04d4402ec720055fc04d38ba4ff013f

HTTP Headers

GET /embud/6b4557525055343161444b HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S2H9OKq8zxJc9u7Itd2SYKXZPQScotkWHoJtuUH7lJLJY8iSJazAMNygYNWd%2FGN1%2Fu18ou56lczRw6zXya%2Bh2iSd5I%2Fp0dpJEOugIGvpa3RXnuYrOelQmgdTjgxfkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e696fe2c0256ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js

45.133.44.53

200 OK

109 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type

Size
109 kB (109340 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0ae085698cad0960a86703ca969164ab.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sat, 04 May 2024 07:01:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

metrolagu.cam/adus.js

188.114.96.1

200 OK

532 B

URL GET HTTP/3
metrolagu.cam/adus.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text, with very long lines (554), with no line terminators
Size
532 B (532 bytes)
Hash
ea4c97c51b21f8d3e04f3ed0dfbd6ec6
6e81ca9991d8e8136ae65bb97546c1c2fbe97669
014945fd916d3e166950b057a4498a6ef7bff879d1692e4bb71ea5ff81dbfb37

HTTP Headers

GET /adus.js HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/javascript
last-modified: Fri, 15 Dec 2023 02:26:22 GMT
etag: W/"657bb94e-214"
expires: Sat, 04 May 2024 08:22:50 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 38006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6m%2BM9qnJW8DArcppPwuZ1BizVNjYqNpxw1g2bMhSLvh4apt6wZML7OCCbtQgiyZTlGFgYlfCZ20pZGtxm7qx5jcP39XT94eFRP6FU2ayHH8%2FWeRaTgv1O7qzYpKsTD8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e697053929b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-latest.min.js

151.101.194.137

200 OK

96 kB

URL GET HTTP/2
code.jquery.com/jquery-latest.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
96 kB (95786 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /jquery-latest.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1762a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 04 May 2024 06:56:14 GMT
age: 20005153
x-served-by: cache-lga21983-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 55, 41622
x-timer: S1714805775.793016,VS0,VE0
vary: Accept-Encoding
content-length: 33202
X-Firefox-Spdy: h2

metrolagu.cam/embed.css

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sat, 04 May 2024 16:01:18 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 10498
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0FRNioSHFG9yC4JWpIyqz7ST6T4txuaDQNGN5ioZOHxayGKV9k7%2F1ZlmJ%2FrTECLhkB9LizhP2uRhF%2FoUQxOnwbdpO00N8fPoylWEeWgEjATZVDSyxEolpV%2B2%2FbAUTPw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e69705391fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

storage.multstorage.com/log/count.html

172.67.174.51

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
172.67.174.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: c3d0a406b902c0f732bdac8a45ac2a8a
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vKfBQRoBCuYqsOhhg9OT0sDk1NrDcFiBQJ42UKfQgQSOXDB208411gHYqLNHgnfWFrckOjUSOQNok0x1DGM3du7hXgWIrlk5aTt2hFlInBw88VN6Omsu4ck4ievHaXtnpXl2i4d%2Big%2F7nw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6970138f21c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js

45.133.44.53

200 OK

470 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type

Size
470 kB (470386 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 07:01:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=b

45.133.44.53

200 OK

3.3 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=b
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators
Size
3.3 kB (3257 bytes)
Hash
54a6cb1b28c3199525dce68269e5d945
9557dfd41d6c6e51a253fbec59b88304e437c949
325c1416a27cb79d3a51ce3411ade88d997d72d8de5ac3b98cf4ea33b311af6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22802538876b351854c895125b33cfd1/114039?version_name=b HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 04 May 2024 07:01:15 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

mp4skin.com/embed.css

172.67.154.189

200 OK

755 B

URL GET HTTP/3
mp4skin.com/embed.css
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
ASCII text, with very long lines (757), with no line terminators
Size
755 B (755 bytes)
Hash
893c3050971d660ec53ed6ea64582a05
a06d1563bdeb65aa5f5d68b7f0cefdd6778b6056
a2e4ffd0ece96aa94f183f77575fb2dcdf08483df0fbb8f1324cc9f088e9d1c9

HTTP Headers

GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?V=Ay04zDYuaZA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Sat, 04 May 2024 14:24:39 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 16296
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLIltNiI4o4iG%2Fk%2F0yaLsqJ%2F2yrgESf6kNydnUrLNBAIk1pPxwbWL0Zm5jYqXBbrAgGUB8TfonUBNhONqyruwft%2B2RcIcsqt2cxMezp1UwFXe0CyU7ZkEiVQjiSvuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e697017dac0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

metrolagu.cam/watch?v=ZyY71Ps5xRk

188.114.96.1

200 OK

6.9 kB

URL POST HTTP/3
metrolagu.cam/watch?v=ZyY71Ps5xRk
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with very long lines (6997), with no line terminators
Size
6.9 kB (6908 bytes)
Hash
1d118c7a04a8c20a12e4baa934090834
6179fa7b277c425ac1a9d3a41fb47d608ae37629
62ae1d96018321d86831b22cc37a271a5bb37e2f5f8067b2e8a9981c090a2ef0

HTTP Headers

POST /watch?v=ZyY71Ps5xRk HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/6b4557525055343161444b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLxhHZh9vpu%2BcJvCetXbQBjcGjlxCpwMIttdc6doVUlnP8LEC7WHTfIL2imruQMO7fAKzWobmbPw5CPgtLRXsiujQ9qqBAixXdVFtPie%2FxDG1gkJbFEZEHajElxTwmfs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e697041849b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

meenetiy.com/?rb=2nlraJe8DGJ-jiLi-5cQEZCoK4ad68tVEBwjMmbgDOm22TyfVuxKiiVa4zTI2ThGlEbjqlgZ4VFAdNPOYQsnQ2DHPQebLYF6sjhQyuw5f9dodPxSelhOIsH0Cqs_XnjLn799pl_z0OzIriXaut9KG1cewS1jrX7DAFA5lhTGNM521hgVBAL72-PVF6OgF4DleUnFFmrgfUkdyPTn5RbGetc2Jwz0bRUnG1zzfe3YRVT0jL-bKEgmXuH_ikBFSpqaJ2oL4rWnKkM%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DAy04zDYuaZA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6b4557525055343161444b&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e8ca3d18-4a22-41e3-9447-9dd79238a4b2&userId=08005224a1bd4c5ee9e52fbde82082fa&m=link

139.45.197.245

200 OK

2.8 kB

URL GET HTTP/2
meenetiy.com/?rb=2nlraJe8DGJ-jiLi-5cQEZCoK4ad68tVEBwjMmbgDOm22TyfVuxKiiVa4zTI2ThGlEbjqlgZ4VFAdNPOYQsnQ2DHPQebLYF6sjhQyuw5f9dodPxSelhOIsH0Cqs_XnjLn799pl_z0OzIriXaut9KG1cewS1jrX7DAFA5lhTGNM521hgVBAL72-PVF6OgF4DleUnFFmrgfUkdyPTn5RbGetc2Jwz0bRUnG1zzfe3YRVT0jL-bKEgmXuH_ikBFSpqaJ2oL4rWnKkM%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DAy04zDYuaZA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6b4557525055343161444b&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e8ca3d18-4a22-41e3-9447-9dd79238a4b2&userId=08005224a1bd4c5ee9e52fbde82082fa&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2844), with no line terminators
Size
2.8 kB (2814 bytes)
Hash
1ba7de9f024cd77b3650e066d2815861
9dcd64de2d3e0c8f44b17e6d70641fbc0669ccfe
b164763430b75a7bbbe71649a484b41d77004c2b4dd370d5932db48c63848e1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=2nlraJe8DGJ-jiLi-5cQEZCoK4ad68tVEBwjMmbgDOm22TyfVuxKiiVa4zTI2ThGlEbjqlgZ4VFAdNPOYQsnQ2DHPQebLYF6sjhQyuw5f9dodPxSelhOIsH0Cqs_XnjLn799pl_z0OzIriXaut9KG1cewS1jrX7DAFA5lhTGNM521hgVBAL72-PVF6OgF4DleUnFFmrgfUkdyPTn5RbGetc2Jwz0bRUnG1zzfe3YRVT0jL-bKEgmXuH_ikBFSpqaJ2oL4rWnKkM%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DAy04zDYuaZA&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6b4557525055343161444b&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e8ca3d18-4a22-41e3-9447-9dd79238a4b2&userId=08005224a1bd4c5ee9e52fbde82082fa&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=08005224a1bd4c5ee9e52fbde82082fa; oaidts=1714805776; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/json
x-trace-id: 24da18ccdf5128607de3a9090c12a1b4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=08005224a1bd4c5ee9e52fbde82082fa; expires=Sun, 04 May 2025 06:56:16 GMT; path=/; secure; SameSite=None
oaidts=1714805776; expires=Sun, 04 May 2025 06:56:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 06:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js

45.133.44.53

200 OK

97 kB

URL GET HTTP/2
da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/KDa14UPRWEk
Certificate
IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT

File type

Size
97 kB (97000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /69e850fd67f4bef7c987ce894adc6a8e.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:56:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sat, 04 May 2024 07:01:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=08005224a1bd4c5ee9e52fbde82082fa

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=08005224a1bd4c5ee9e52fbde82082fa
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3097), with no line terminators
Size
2.9 kB (2853 bytes)
Hash
0c2e300d291ba798de2081cf7ad9868d
fe3c6123afa61efa67332f188dd80fd22c987010
cd1b2014236c3556dd0235d85cf5635e475bf91c7516a81f8cfed49ce0ab25b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=08005224a1bd4c5ee9e52fbde82082fa HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=00805238e8cd4482ebf1093b2a43b3ab; oaidts=1714805775
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 06:56:16 GMT
content-type: application/json
x-trace-id: bc1e7cc286c02a6b9f33b964498355f0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=08005224a1bd4c5ee9e52fbde82082fa; expires=Sun, 04 May 2025 06:56:16 GMT; path=/; secure; SameSite=None
oaidts=1714805776; expires=Sun, 04 May 2025 06:56:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 06:56:16 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

metrolagu.cam/play.svg

188.114.96.1

200 OK

633 B

URL GET HTTP/3
metrolagu.cam/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 06:56:16 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5322
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCOILxFFhQgGscgTAW3PvwmWjcSgLa9JkYZmrpmTAmJ2GCkXZ8qnKlIAR0uTmgAEIbzXOWz8ZmwnXAAw5xSKLkQ2ZTPosCACiCtmOEJ%2Baxna0LhiqLRiRELFEOOK0GV1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e69705d99fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML