Report - poop.com.co/d/BVcOsq4OFHa

Report Overview

Submitted URL
poop.com.co/d/BVcOsq4OFHa
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 15:15:36
Access
public
Website Title
Ngewe memek mulus pengambilan dari bawah keluar lanjut - PoopHD
Final URL
poop.com.co/d/BVcOsq4OFHa
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-06	1.8 kB	3.0 kB	45.133.44.24
yu2be.com	unknown	2023-08-23	2019-08-26	2024-02-28	1.4 kB	2.6 kB	188.114.97.1
img.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-05-03	894 B	30 kB	104.26.7.74
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-06	517 B	381 B	157.90.84.242
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	898 B	58 kB	104.17.24.14
6fbb07e2de.7aa82805b9.com	unknown	unknown	No data	No data	819 B	320 B	45.133.44.53
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-06	650 B	1.4 kB	142.250.74.131
unaent.xyz	unknown	unknown	No data	No data	601 B	227 B	185.162.87.219
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-04-15	2.0 kB	11 kB	172.67.147.56
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-07	521 B	1.1 kB	104.21.30.242
8d80fcb421.a700fb9c8d.com	unknown	unknown	No data	No data	2.2 kB	494 kB	45.133.44.53
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-06	1.8 kB	6.2 kB	74.125.131.84
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	451 B	738 B	139.45.195.8
assets.poopcdn.com	unknown	2024-03-14	2024-03-14	2024-04-13	4.1 kB	736 kB	104.21.11.28
63cc093d48.f336d0935e.com	unknown	2024-04-07	2024-05-07	2024-05-07	16 kB	14 kB	157.90.84.246
imdn.pics	unknown	2023-09-14	2023-09-14	2024-05-04	850 B	14 kB	45.133.44.25
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-05	474 B	11 kB	94.130.197.240
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	480 B	18 kB	142.250.74.106
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-06	1.8 kB	960 B	168.119.25.102
mordoops.com	unknown	2023-01-04	2023-01-04	2024-04-12	818 B	33 kB	139.45.197.244
i.wmgtr.com	13696	2020-09-11	2020-09-11	2024-05-06	828 B	14 kB	0.0.0.0
poop.com.co	unknown	2024-02-11	2024-02-11	2024-04-18	481 B	15 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	418 B	102 kB	142.250.74.168
p.a64x.com	unknown	2023-07-27	2023-07-27	2024-05-06	1.5 kB	701 B	172.67.185.171
paronymtethery.com	unknown	unknown	No data	No data	410 B	1.5 kB	23.109.170.224

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	7aa82805b9.com	Sinkholed
2024-05-07	medium	mordoops.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	paronymtethery.com	Sinkholed
2024-05-07	medium	unaent.xyz	Sinkholed
2024-05-07	medium	mordoops.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed
2024-05-07	medium	f336d0935e.com	Sinkholed
2024-05-07	medium	a700fb9c8d.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	mordoops.com/tag.min.js	90 kB	2024-05-07	2024-05-08
Pretty URL mordoops.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:18:20 Last Seen2024-05-08 13:13:48 Times Seen53 Hash adb1154d25ea3c93d9fd4f621fc6683e 8c4aedc566b2d788823febd93692d84d511cc538 fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-19 16:02:44 Times Seen145565 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	yu2be.com/watch?V=Ay04zDYuaZA	59 kB	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=Ay04zDYuaZA IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:50 Last Seen2024-05-10 20:35:20 Times Seen21 Hash 6807f74172c0481bce8bfc7dc9ce14a6 3c2cb42261550ae26f6052fa2ce61d39a9ef8045 e4231152a19aaa7603f83a4f48f21456838e5d7c4eba759307d6ddc726c138d9 Loading...

	yu2be.com/watch?V=Ay04zDYuaZA	444 B	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=Ay04zDYuaZA IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:51 Last Seen2024-05-10 20:35:20 Times Seen21 Hash ba979c18700f1869ae438068ae800451 7bc700eb3d82302f7da21b233e41ceae2aa7c453 c153c1e1d74d7666c7b846a802011c9faaeeff6e370a07dbefa6eddaadeaadb1 Loading...

	metrolagu.cam/video?q=jiwa+yang+bersedih	0 B	2023-03-07	2024-05-19
Pretty URL metrolagu.cam/video?q=jiwa+yang+bersedih IP 172.67.147.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:03:24 Times Seen37831792 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	paronymtethery.com/rSfAH4Kr7lm28/64343	0 B	2023-03-07	2024-05-19
Pretty URL paronymtethery.com/rSfAH4Kr7lm28/64343 IP 23.109.170.224 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:03:24 Times Seen37831792 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	poop.com.co/d/BVcOsq4OFHa	6.4 kB	2023-10-24	2024-05-11
Pretty URL poop.com.co/d/BVcOsq4OFHa IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38:45 Last Seen2024-05-11 00:50:07 Times Seen88 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	poop.com.co/d/BVcOsq4OFHa	931 B	2024-05-07	2024-05-07
Pretty URL poop.com.co/d/BVcOsq4OFHa IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:15:45 Last Seen2024-05-07 17:15:45 Times Seen1 Hash f0578212a2ff9b0ecae578bde3c33601 82abe92dabe0504e8bad2fb47a6e43c61b591e1f 3e7ed792eeb18d48df654d4410582266c6a754e567ddd79ad993ffd9540febd2 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-19
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-19 15:05:05 Times Seen5552 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	8d80fcb421.a700fb9c8d.com/2acab9c1be5b20921546acfed6e511b5.js	470 kB	2024-04-19	2024-05-12
Pretty URL 8d80fcb421.a700fb9c8d.com/2acab9c1be5b20921546acfed6e511b5.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 15:52:52 Last Seen2024-05-12 12:48:12 Times Seen46 Hash cacb84104ff1b8352e0ee8c801a29ef4 393c74e933ff2a417ca50df17347793a36c86055 0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77 Loading...

	poop.com.co/d/BVcOsq4OFHa	1.9 kB	2024-05-07	2024-05-07
Pretty URL poop.com.co/d/BVcOsq4OFHa IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:15:45 Last Seen2024-05-07 17:15:45 Times Seen1 Hash 07c3fe8210f70ca6a55273201899b744 3f0eba7043c0fc1d0990a5fd847c5535f60cb91f da08de72369e7bd54ba606a85588623e30aa6dc62b8f495ba7c81cf6485b9cf2 Loading...

	8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js	109 kB	2024-05-07	2024-05-08
Pretty URL 8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 15:50:14 Last Seen2024-05-08 10:46:12 Times Seen53 Hash a1e224a8e52887d745fa52fef1c2387a a9da064636d2a4af29d63c0667f902ae19417e11 d82282a432e0c5f65df9b379bd3d016d49a936f70c8d831e1dc1756e455888ea Loading...

	8d80fcb421.a700fb9c8d.com/7826d47d15d49907a38c80b89e2d6674.js	168 kB	2024-04-27	2024-05-13
Pretty URL 8d80fcb421.a700fb9c8d.com/7826d47d15d49907a38c80b89e2d6674.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:40:27 Last Seen2024-05-13 09:50:11 Times Seen47 Hash cf49249e73efabedaf345f1fc2937285 5ef768ef2b81110762fcf31b5846daf3b56ab70c 75791ea71263cfaa3d74ece2b2a552c503ab39091bdcaccfda2d6f69fe77a7b9 Loading...

	8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js	101 kB	2024-05-06	2024-05-16
Pretty URL 8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	yu2be.com/watch?V=Ay04zDYuaZA	104 B	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=Ay04zDYuaZA IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:51 Last Seen2024-05-10 20:35:20 Times Seen21 Hash 5abc9587d09477f86c9162cb5f7b392f 6c827e4c90fc5fea87b5ee5e8de6190a97825a01 8a3d9fc6c5d947a75700318b2835c16f7bc2e2f506c6b0ae42d8196a93eb0bd9 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-19 16:02:58 Times Seen99068 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	poop.com.co/d/BVcOsq4OFHa	153 B	2024-02-17	2024-05-11
Pretty URL poop.com.co/d/BVcOsq4OFHa IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:43 Last Seen2024-05-11 00:50:08 Times Seen37 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	306 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:15:45 Last Seen2024-05-07 17:15:45 Times Seen2 Hash dd5c93d2bcfb0082b546d8183911e095 0105819a069d76c005356bcdf4665b86d1bb4bc3 ebd27a2e078adfa5e767c2748bd1edbe4861547da150281d51fde4d99fabc5c3 Loading...

HTTP Transactions (60)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 587003
expires: Sun, 27 Apr 2025 15:15:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJwU78cJjDUGSXW8rs9wfl5SOKBMStCh12cCfR5ZmnyELGkc986jpm8ReSDyXDG4dq5EwarF7yJ%2BqVS6JOUpe45zodFA9I4aAiuVilVEzm5PBBH382Qp%2B%2Fe551yRrTMd77Us4GO4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880229ea1e835684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.doodcdn.co/snaps/rwd4dg4z3phsej62.jpg

104.26.7.74

200 OK

14 kB

URL GET HTTP/2
img.doodcdn.co/snaps/rwd4dg4z3phsej62.jpg
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x406, components 3
Size
14 kB (14338 bytes)
Hash
492dfb4086f19d4523775da155b0658f
70e89bdc0162971146fe55544953050354ee25fd
a0d49a5afdacb734ee33290b8204005c6fcaca6bd8ed85995ecdfc1abadccbf8

HTTP Headers

GET /snaps/rwd4dg4z3phsej62.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: image/jpeg
content-length: 14338
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=14562
etag: "662be138-38e2"
expires: Mon, 20 May 2024 19:08:57 GMT
last-modified: Fri, 26 Apr 2024 17:15:36 GMT
cf-cache-status: HIT
age: 69034
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FsDVuLgNHR5ZWAkGWEK0XT7OQXyoMNXK63FxAMHMParlIdxV8stFgLuetnNRlXE616s3dTr%2FHg%2BZPmTPbtrQFYsg1Ez7DfV4Z9mYM7P6Jq%2BFmfBW23d4ZmEqxhRZ1%2F9H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880229ea4d4256b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (101715 bytes)
Hash
dd5c93d2bcfb0082b546d8183911e095
0105819a069d76c005356bcdf4665b86d1bb4bc3
ebd27a2e078adfa5e767c2748bd1edbe4861547da150281d51fde4d99fabc5c3

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 15:15:08 GMT
expires: Tue, 07 May 2024 15:15:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101715
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.poopcdn.com/embed2.css

104.21.11.28

200 OK

25 kB

URL GET HTTP/2
assets.poopcdn.com/embed2.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text, with very long lines (2267), with no line terminators
Size
25 kB (24742 bytes)
Hash
504eba00908d13eb47133d1f92f8048a
e0bd11d81b09ebd41f5e26548534bedacb34cee5
4ca2d870794ea0d5902ed97a4c515f4462b63555a5d4e8a2ccca6e1011dfe4db

HTTP Headers

GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0kmvAac50teQ2ao9gHqJdBQbWBWCYwBoIQupLpT5H946ama6DlkyvDC%2FGA2SD1IPlCblA1JPeGIJww6Mqn9fGx8rSBW76RjCBU0BM5YS9Oy2xUwCevC53JDCI7i7VlHO2HWxyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ea3eff712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2

104.21.11.28

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Size
24 kB (23604 bytes)
Hash
e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91

HTTP Headers

GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.com.co
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3047
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAM2Ys6I7gfUSRwJlylUj3%2B9e8hZMYNlYb0oAkDD%2FNH3fTMQj8h7RxRcp7k6sI7vXMPz74i%2Fs5cW9aqZSQp0bGOKDYwfsGkTMU4q7LHS0lOLjuXyfouSPv4KX43uAq5ghq8VxaU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ecfc62712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2

104.21.11.28

200 OK

184 kB

URL GET HTTP/2
assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253
Size
184 kB (184476 bytes)
Hash
2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996

HTTP Headers

GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.com.co
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3047
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EgGw59ERvdV1T987TpBAHdExnjuEdf%2BAjZv3oL7Pt%2BqygOK8G0462Em2EuCXKZ1cZmXRk2jXCp5LgiTRpAZIj27%2BOnNqrdX%2FDwJKqWJxuCHASsYBSw4oV3H7p6yN3ZKtfuJSGNQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ecfc60712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/favicon-16x16.png

104.21.11.28

200 OK

612 B

URL GET HTTP/2
assets.poopcdn.com/favicon-16x16.png
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1156
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tXPoxJDCsEqldWUmLMuXA%2FDMUuAjLaDg0us%2FA57Mhq3VYJ74KKy2N%2Fa%2FypqHmKV1oeSPce8%2FI%2FNjqeiiASfun4zwapts%2B4D3HOyv9kVr%2FsXwB11uzh8KdkL%2F3PwdNRAisiJhAWU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ee1e7f712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/apple-touch-icon.png

104.21.11.28

200 OK

2.8 kB

URL GET HTTP/2
assets.poopcdn.com/apple-touch-icon.png
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0tWIYFxD2rTtC4%2Faj4OcHgiihUST7tiHh7j%2BneQcroBcZYoOzyXi%2BhkmaAVoslAqpgXxFZw4%2Bg6FST2lJKU1%2BwA5M%2BSXkdvdBsz%2FRsdx%2FEYUcEuGGa4NgZdZlrhtZTkvKurHZI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ee1e7d712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 07 May 2024 15:15:09 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

6fbb07e2de.7aa82805b9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MDkwNzY1NTkzOTY0NDYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjIzLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
6fbb07e2de.7aa82805b9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MDkwNzY1NTkzOTY0NDYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjIzLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject6fbb07e2de.7aa82805b9.com
Fingerprint04:79:31:D9:05:83:F5:83:EF:F1:9B:85:1E:09:BF:D5:E3:ED:14:67
ValiditySat, 04 May 2024 02:50:36 GMT - Fri, 02 Aug 2024 02:50:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MDkwNzY1NTkzOTY0NDYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjIzLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: 6fbb07e2de.7aa82805b9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

yu2be.com/embed.css

188.114.97.1

200 OK

404 B

URL GET HTTP/3
yu2be.com/embed.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type
ASCII text
Size
404 B (404 bytes)
Hash
1ac57b2fc858076467716fbad9268b05
94b3c1ff894b4cb316dfe90962b64db541bb3c46
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

HTTP Headers

GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=Ay04zDYuaZA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
vary: Accept-Encoding
etag: W/"655e96c3-446"
expires: Tue, 07 May 2024 19:42:56 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 27133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxvtmcI%2BTvSls2MYUsgld44wL7jAa0LVAXH6C6X55sOEg6sxoE%2B3TJD40SS%2BxBnpy4awsKnZK10bTJefqwgmRMIt8%2Bgy8sHe9x0Qrk3BMsompTzkUFhYmh0%2BKIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f2dca3b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

390 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
390 B (390 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 7b8b8e2e1e57cc14971ee4df4e71eea8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=raifsH0frSNZ5Qf%2FofT3BPMrswzmql9RH2IU2IfUbpy6Up%2Fs%2BIH9gdyAYLTNm7f5rkDq0CmG%2FRu%2BysxogcPqzpZ%2F11u59qtqx%2ByyriXFD2bMW3CZ4gY16eP6jQiQQISyylypWXxFKqeF7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f20f84568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=6f0107dc-4137-47cc-8e81-69d7fe93c2b0&subid=388464194&sid=2549881410&spot_id=418776&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=6f0107dc-4137-47cc-8e81-69d7fe93c2b0&subid=388464194&sid=2549881410&spot_id=418776&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=6f0107dc-4137-47cc-8e81-69d7fe93c2b0&subid=388464194&sid=2549881410&spot_id=418776&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 15:15:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=01ae4b4d-ccbd-4ddc-8376-3325a87a566f&subid=357529620&sid=2785717355&spot_id=418774&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=01ae4b4d-ccbd-4ddc-8376-3325a87a566f&subid=357529620&sid=2785717355&spot_id=418774&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=01ae4b4d-ccbd-4ddc-8376-3325a87a566f&subid=357529620&sid=2785717355&spot_id=418774&created_at=2024-05-07&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 15:15:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

assets.poopcdn.com/play.svg

104.21.11.28

200 OK

840 B

URL GET HTTP/2
assets.poopcdn.com/play.svg
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
SVG Scalable Vector Graphics image
Size
840 B (840 bytes)
Hash
85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

HTTP Headers

GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJVE234YfVkmZLFckWi3AdIlxF6tq0BaAkZzZNZnQ7EzU%2FwGYMCbcdda3PQjidiWfmDVYwF4gumlg%2BZEMKm%2FiIc7JMIrmKk8JAPLSGCJ6qYqogailp1y%2FwO3mjlrxn86Z%2Fz2qx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ecec44712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mordoops.com/tag.min.js

139.45.197.244

200 OK

28 kB

URL GET HTTP/2
mordoops.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28333 bytes)
Hash
adb1154d25ea3c93d9fd4f621fc6683e
8c4aedc566b2d788823febd93692d84d511cc538
fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:10 GMT
content-type: text/javascript; charset=utf-8
content-length: 28333
content-encoding: br
x-trace-id: a90d33a244e8fbe34452a2d8ba7aa882
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 07 May 2024 03:13:24 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

yu2be.com/watch?V=Ay04zDYuaZA

188.114.97.1

200 OK

0 B

URL HEAD HTTP/3
yu2be.com/watch?V=Ay04zDYuaZA
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /watch?V=Ay04zDYuaZA HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=Ay04zDYuaZA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Tue, 07 May 2024 12:13:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwUx84cCAGgnnJViSVicYruk5gJ3AskFw%2FMv7GODPcfLfAgWqF%2BXFa8G%2BCAFEFaaL%2F2NFJSRpK8GsrxvrZpI2gm7j7ZvmQG98Xx0%2F5ch%2BVjRAswTkhdYTrgmn98%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f4b84cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

8d80fcb421.a700fb9c8d.com/2acab9c1be5b20921546acfed6e511b5.js

45.133.44.53

200 OK

110 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/2acab9c1be5b20921546acfed6e511b5.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (109954 bytes)
Hash
cacb84104ff1b8352e0ee8c801a29ef4
393c74e933ff2a417ca50df17347793a36c86055
0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2acab9c1be5b20921546acfed6e511b5.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Tue, 07 May 2024 15:20:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/multy

157.90.84.246

200 OK

0 B

URL POST HTTP/2
63cc093d48.f336d0935e.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:10 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5991db4ffbfc4b57b0f99a35a0e6a3d0
1b74b56ddc178de4587ef8898436cff19cc2c66b
17904ae58c5cfd605b9b96ef28a59c0b158141c0d69922267a677ff041ca24d9

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 May 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:RGDnFT28FODoYmdrXPT12ict3z1YhQ:9TlOPOuNOpmYfQOj; Expires=Thu, 07-May-2026 15:15:10 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 15:15:10 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx8EEbFnkU5ILUfayjpVy4cw9M6dpjCZHmoSmb5_yiy62iUgfOrTJ133n2y0Mj9X0W4FvD-RA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-3Owfs5GmORRJycZw82q8HQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0080551a45da4105e44bbb1fcafb893e

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080551a45da4105e44bbb1fcafb893e
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
d81163da9a8e037488c7314964fc05f9
d812a3d8cf42a7839acedae3b4f6722aa6fb3735
c045cecd2626f413dad0a66d84f2d571ee012a4961f8770602092bf9c2f64f52

HTTP Headers

GET /gid.js?userId=0080551a45da4105e44bbb1fcafb893e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080551a45da4105e44bbb1fcafb893e; expires=Wed, 07 May 2025 15:15:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx8EEbFnkU5ILUfayjpVy4cw9M6dpjCZHmoSmb5_yiy62iUgfOrTJ133n2y0Mj9X0W4FvD-RA

74.125.131.84

302 Found

425 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx8EEbFnkU5ILUfayjpVy4cw9M6dpjCZHmoSmb5_yiy62iUgfOrTJ133n2y0Mj9X0W4FvD-RA
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
HTML document, ASCII text, with very long lines (405)
Size
425 B (425 bytes)
Hash
6218baaa54df7ac31ab308aead93326b
212c9c4b77dfc6039f49c59bb888018684a285fc
dede997a531a59c6e253f650e7c456a63370cb4f87d0488d37fc6706fd40dd4e

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx8EEbFnkU5ILUfayjpVy4cw9M6dpjCZHmoSmb5_yiy62iUgfOrTJ133n2y0Mj9X0W4FvD-RA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:mtFK3HDQwtRaepdj842Fc79ozCWd:KeX8IXQvfQfFwL0Q;Path=/;Expires=Thu, 07-May-2026 15:15:10 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 15:15:10 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx5mg0O2rxaM0-XafuFDei28kYjY3-9WHl3i4C7fUjE7TdsTzRdBChFYjDhJ0wlWdewFJLdsA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-468740422%3A1715094910723081&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-b67zgxO7jzx91jA4rlk3DQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 425
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d59e53e22f3681f080bc6a493b7508a1
50ec966f62f5efce0a5fbea8917c5c5b025eaccf
cffc1da003262cd2907f76fb611cccac521441669302d10fae3aeb0c9a81c181

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 May 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

63cc093d48.f336d0935e.com/in/multy

157.90.84.246

200 OK

8.6 kB

URL POST HTTP/2
63cc093d48.f336d0935e.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type
JSON text data
Size
8.6 kB (8635 bytes)
Hash
349d95e5cf3e58a70e142cea398cabef
79d92c9686d3c0d165981a41b46d08312b12c6f4
dd335e69747e269e4b75ce6a839db9a17c7d9f51b17161ee39adc71a26397cb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1736
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/json
content-length: 8635
content-encoding: gzip
vary: Origin,Accept-Encoding
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=1a88a508-3f27-425b-b883-62a68a1db79c&subid=2015216722&spot_id=430412&created_at=2024-05-07&timezone=0&ver=1.141.0

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=1a88a508-3f27-425b-b883-62a68a1db79c&subid=2015216722&spot_id=430412&created_at=2024-05-07&timezone=0&ver=1.141.0
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=1a88a508-3f27-425b-b883-62a68a1db79c&subid=2015216722&spot_id=430412&created_at=2024-05-07&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 07 May 2024 15:15:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx5mg0O2rxaM0-XafuFDei28kYjY3-9WHl3i4C7fUjE7TdsTzRdBChFYjDhJ0wlWdewFJLdsA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-468740422%3A1715094910723081&theme=mn&ddm=0

74.125.131.84

403 Forbidden

806 B

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx5mg0O2rxaM0-XafuFDei28kYjY3-9WHl3i4C7fUjE7TdsTzRdBChFYjDhJ0wlWdewFJLdsA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-468740422%3A1715094910723081&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Size
806 B (806 bytes)
Hash
538db8c898cdbab2170a0960c5b45d63
7f5a7fc8dab2aeaf5a0bdd97ba7023873a1e1016
6576f9da3b0de40a1bb5e775ca521c38dfbe3664625975dc538939723e7136e0

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQx5mg0O2rxaM0-XafuFDei28kYjY3-9WHl3i4C7fUjE7TdsTzRdBChFYjDhJ0wlWdewFJLdsA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-468740422%3A1715094910723081&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 15:15:10 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-i91sWKXfQEpM3CDCDQomsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3Dd6OPMHTCu8oLQTVrVwMD65bSetLDUfkd4GSG27yC_NddBSmC0JcXJlpQGP2V6V30CxlNwHz-XzYFrsIWxfMKBENrIviAG1ZKQHW3sEYL_1LztXbi5x2qzgCKfEdKbt8XM-_0AX_40srYwvjU1fpQoH0-Xtj87nRqNxYr_FzcAgrmtynpdlllXu3va2d4gMyXGIkBPhWAlRqtpt2S8bb0JOtWDvG8zBYUdemP3J8awHRPFMVT2wCUzO28mRRfUzeqIOiuGvzblX8km3FCPcORrdGl7bAtzpNvpXdcOkFi5t__CJYnH9jBxjoOOWObLupU3XfxQKgqpeyfJmc503Wb4C_FsVU4qkQyrAkeGVhhMGyLQiFPSVkJmWNSlXX__uAso9awX6AivvGKhw0qugNRcdixofINxeCgf1MpxH7fgk7IlFZP4grzHvobwV0eFLoC614H_oyySlM9hEnPi4h1l3--dQrINLfLaPdNP96Nz9h_utD4wYF9-pQr1hcEgVSMcIgotUBJoQNL1ezMyMUyIHz842fzx8oqQGNmXq6Dp334y3G7XPJf8IBuNHI5LjZw_0IMXfR93wnJm1h5AC2V5nll-myhk365gPZMD3eV6zrUsOKSvTxesC0uRxsZNQSHl0qsyJL90tneUTsr0y15VV8ixeW7KUAj1gsLcEU1ow1M-m-VNzvOj63ytcSv_F5ok9RljAy88lpuMrlyRUIr6mx5JZcs7Gu10Dwn9CMVnmYBET0cCLXaCsntZRcvM01yPxR-LoetkcBhhSZ1Aghh23vjWLhx_upoRx2DJvVYnP081QF53O2L-wmoa81ubcNxAxCYJAf2CYVBBgVoE2ejLu5hFt44Bju6utiCtnCfPb0VSzyH7jSf4u6nqZCG2fgXNcKHzG1K90gb-TM8jrNKJYVV9dt-6g_MWMMv2vy9FMhGqRnNLpHrZ8jGvHtZ-uochPjBAls872q8bXF0TDDmLGLJtV7BSqo8eYP_p2myzeh0h1SYunmeralxjhheMSjy893YQT9EiMEDPrzMbeicLlyBQ77vGfSBEFkZeid4sZZgwRi8hZHu6itI2qCbxtcV2XOD0nhgVTaKfg4KrXYlvZn9Jxx6_p3YB8WXRZheQ1bkJh2DxsvSYbyqBxxqzzQ_bBaWLEuYqGBdWDmo-6JT3_HjIUXJpfoQbuTyn-nYys05n0eBWR4XF5g3S15KJ967iHJ5Yp_P4oLgytSHvC-C835J2-z2MGG97JPZYlvhWAoPSWRcF3HQLxvqmYwYkurjtN6PWZ9Z1gGEsWrZGkTVPYZHEeSB4RUdRgtci7tje2Nrk_k%26bid%3D0.027941185295593522&icons=KN9I43JUp9lVZkaVEk2Cbj9qLdtPvQy3kQrmhpciSBsfSWf5xKvfyo9pt1vQE2g3ja9qMHNK_dQHeaTb3G9wcmzauAX1pF96WT0UiNaSgCC2cWOBdiTlYLIS-JHUCa9juZAaqI5IXLKyydsUyScJNtUopDG9xJH2jmxZCWPE-ajX4rDJjEz48ZQq82nJ5pFCRWfp6JUHjNzNbuV0rDWBIeYbZAOP2cbHogYBa6Abfsh7lpC-tNZ-2D6sNj7vbGF0W1CWHs8caSCzv_hhsQfAubpUDWBKdHgpH7Jkph0r-Y4CZh2aywLWukOeGUxxerejT_KJ9iCcT3MjE0DH4q9h8AAi5DZ3JVMlXT5iPfwA2CU75-ZOvPyd2Gw8dpECB4epMe49iCffImekXolk2zVKM-4TBeaazVk_GEToGjuB_rP01jXfm4SqEtR_E4GAoiXb4pAoJPWhKOaZCObppQE13oMTUTFk2iqUmrnrDW2ymmoy3iwTevMDt70W_266LP-kt1RhBPhHtCMYDkY5YjNwiRExMazDjnnaK5l2VN4Li2Dx1pSsM_BXFwUUTR6ykbaeMbp5g5h0UmrszNCmCxuB-csTIvdz0xOhU2kzOmjZOHTvHgRa4VbhZeCDXBVU4jlu1N4GY45x_t3HfQbD9M_egVEtvxWJDymZ9jpaM-TCRwv6gFc9G2DbnAIjUX35gz8yiURPHjSqq5y6n9YqJ-dsbAhz4PXrmmL0hxw6Nx-Sqmrz_L_j43nBNKrmk2NTZI_T8weCYsD7FuRvYZrVnjIFVu_xtQ1WyZAEQSqXD0inJCouEYrzANNpuJGUeBIS_uCFQF9xgk-pGc8xpwhJU7EDu2uFNwZmP2K6Fx2VQ5etz4qS5Q5wTDYMys6jrSrc1saIYrW_2AaWpt0uemg74QZ4HlUqKvOzhIFAiVQ5bir6GerVm3p_5jvk8M7N-8bc6Y1DRL5la0jC0O8P615ky8CDYpRZ01PxYFclzsovC7cxKF8XOLBJ8Db1PTLs-1HKParenQZc0XC3y5M-gr7e989gvDUWyI62PH5ayv4cj9UyIbeXga9JQt7Dkx32FMjDItU_Exzv3zdGoRZFNIMeUVBhSJgbdHK4GApsq7c2u-Lxz_ECK4Dtb7pFDnYfWDTp56klAMswASrcpudDIv21QujT98-oiJFXK8-zhqnQvLaZiIvKxcLYXv-9HeZX9Efeajw8eslgGwqSsef4FIRpK9QHZbboS0KaRF1-W0yAt3Mbam7ooa44rdg7_3AQfrFTceDFOhEvmmvJYDIvZYyCF4aQ3T3PtGManUAu0WnkETUyG5fR39A51YI&ext_cid=224906&px_id=73418774&min_cpm=0.012434737377029147&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.027941185295593522&verify_hash=c9151c71d9b6163b860872c7fbecaa12&is_native=1&real_bid=0.0278238328289705&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,98,130,4,90,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715267710&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=c9ae5ed8-2030-4a87-a266-d732283e7157&prev_step_diff=848

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3Dd6OPMHTCu8oLQTVrVwMD65bSetLDUfkd4GSG27yC_NddBSmC0JcXJlpQGP2V6V30CxlNwHz-XzYFrsIWxfMKBENrIviAG1ZKQHW3sEYL_1LztXbi5x2qzgCKfEdKbt8XM-_0AX_40srYwvjU1fpQoH0-Xtj87nRqNxYr_FzcAgrmtynpdlllXu3va2d4gMyXGIkBPhWAlRqtpt2S8bb0JOtWDvG8zBYUdemP3J8awHRPFMVT2wCUzO28mRRfUzeqIOiuGvzblX8km3FCPcORrdGl7bAtzpNvpXdcOkFi5t__CJYnH9jBxjoOOWObLupU3XfxQKgqpeyfJmc503Wb4C_FsVU4qkQyrAkeGVhhMGyLQiFPSVkJmWNSlXX__uAso9awX6AivvGKhw0qugNRcdixofINxeCgf1MpxH7fgk7IlFZP4grzHvobwV0eFLoC614H_oyySlM9hEnPi4h1l3--dQrINLfLaPdNP96Nz9h_utD4wYF9-pQr1hcEgVSMcIgotUBJoQNL1ezMyMUyIHz842fzx8oqQGNmXq6Dp334y3G7XPJf8IBuNHI5LjZw_0IMXfR93wnJm1h5AC2V5nll-myhk365gPZMD3eV6zrUsOKSvTxesC0uRxsZNQSHl0qsyJL90tneUTsr0y15VV8ixeW7KUAj1gsLcEU1ow1M-m-VNzvOj63ytcSv_F5ok9RljAy88lpuMrlyRUIr6mx5JZcs7Gu10Dwn9CMVnmYBET0cCLXaCsntZRcvM01yPxR-LoetkcBhhSZ1Aghh23vjWLhx_upoRx2DJvVYnP081QF53O2L-wmoa81ubcNxAxCYJAf2CYVBBgVoE2ejLu5hFt44Bju6utiCtnCfPb0VSzyH7jSf4u6nqZCG2fgXNcKHzG1K90gb-TM8jrNKJYVV9dt-6g_MWMMv2vy9FMhGqRnNLpHrZ8jGvHtZ-uochPjBAls872q8bXF0TDDmLGLJtV7BSqo8eYP_p2myzeh0h1SYunmeralxjhheMSjy893YQT9EiMEDPrzMbeicLlyBQ77vGfSBEFkZeid4sZZgwRi8hZHu6itI2qCbxtcV2XOD0nhgVTaKfg4KrXYlvZn9Jxx6_p3YB8WXRZheQ1bkJh2DxsvSYbyqBxxqzzQ_bBaWLEuYqGBdWDmo-6JT3_HjIUXJpfoQbuTyn-nYys05n0eBWR4XF5g3S15KJ967iHJ5Yp_P4oLgytSHvC-C835J2-z2MGG97JPZYlvhWAoPSWRcF3HQLxvqmYwYkurjtN6PWZ9Z1gGEsWrZGkTVPYZHEeSB4RUdRgtci7tje2Nrk_k%26bid%3D0.027941185295593522&icons=KN9I43JUp9lVZkaVEk2Cbj9qLdtPvQy3kQrmhpciSBsfSWf5xKvfyo9pt1vQE2g3ja9qMHNK_dQHeaTb3G9wcmzauAX1pF96WT0UiNaSgCC2cWOBdiTlYLIS-JHUCa9juZAaqI5IXLKyydsUyScJNtUopDG9xJH2jmxZCWPE-ajX4rDJjEz48ZQq82nJ5pFCRWfp6JUHjNzNbuV0rDWBIeYbZAOP2cbHogYBa6Abfsh7lpC-tNZ-2D6sNj7vbGF0W1CWHs8caSCzv_hhsQfAubpUDWBKdHgpH7Jkph0r-Y4CZh2aywLWukOeGUxxerejT_KJ9iCcT3MjE0DH4q9h8AAi5DZ3JVMlXT5iPfwA2CU75-ZOvPyd2Gw8dpECB4epMe49iCffImekXolk2zVKM-4TBeaazVk_GEToGjuB_rP01jXfm4SqEtR_E4GAoiXb4pAoJPWhKOaZCObppQE13oMTUTFk2iqUmrnrDW2ymmoy3iwTevMDt70W_266LP-kt1RhBPhHtCMYDkY5YjNwiRExMazDjnnaK5l2VN4Li2Dx1pSsM_BXFwUUTR6ykbaeMbp5g5h0UmrszNCmCxuB-csTIvdz0xOhU2kzOmjZOHTvHgRa4VbhZeCDXBVU4jlu1N4GY45x_t3HfQbD9M_egVEtvxWJDymZ9jpaM-TCRwv6gFc9G2DbnAIjUX35gz8yiURPHjSqq5y6n9YqJ-dsbAhz4PXrmmL0hxw6Nx-Sqmrz_L_j43nBNKrmk2NTZI_T8weCYsD7FuRvYZrVnjIFVu_xtQ1WyZAEQSqXD0inJCouEYrzANNpuJGUeBIS_uCFQF9xgk-pGc8xpwhJU7EDu2uFNwZmP2K6Fx2VQ5etz4qS5Q5wTDYMys6jrSrc1saIYrW_2AaWpt0uemg74QZ4HlUqKvOzhIFAiVQ5bir6GerVm3p_5jvk8M7N-8bc6Y1DRL5la0jC0O8P615ky8CDYpRZ01PxYFclzsovC7cxKF8XOLBJ8Db1PTLs-1HKParenQZc0XC3y5M-gr7e989gvDUWyI62PH5ayv4cj9UyIbeXga9JQt7Dkx32FMjDItU_Exzv3zdGoRZFNIMeUVBhSJgbdHK4GApsq7c2u-Lxz_ECK4Dtb7pFDnYfWDTp56klAMswASrcpudDIv21QujT98-oiJFXK8-zhqnQvLaZiIvKxcLYXv-9HeZX9Efeajw8eslgGwqSsef4FIRpK9QHZbboS0KaRF1-W0yAt3Mbam7ooa44rdg7_3AQfrFTceDFOhEvmmvJYDIvZYyCF4aQ3T3PtGManUAu0WnkETUyG5fR39A51YI&ext_cid=224906&px_id=73418774&min_cpm=0.012434737377029147&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.027941185295593522&verify_hash=c9151c71d9b6163b860872c7fbecaa12&is_native=1&real_bid=0.0278238328289705&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,98,130,4,90,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715267710&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=c9ae5ed8-2030-4a87-a266-d732283e7157&prev_step_diff=848
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=333d38b3bc9943d095fc32394c335cca&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3Dd6OPMHTCu8oLQTVrVwMD65bSetLDUfkd4GSG27yC_NddBSmC0JcXJlpQGP2V6V30CxlNwHz-XzYFrsIWxfMKBENrIviAG1ZKQHW3sEYL_1LztXbi5x2qzgCKfEdKbt8XM-_0AX_40srYwvjU1fpQoH0-Xtj87nRqNxYr_FzcAgrmtynpdlllXu3va2d4gMyXGIkBPhWAlRqtpt2S8bb0JOtWDvG8zBYUdemP3J8awHRPFMVT2wCUzO28mRRfUzeqIOiuGvzblX8km3FCPcORrdGl7bAtzpNvpXdcOkFi5t__CJYnH9jBxjoOOWObLupU3XfxQKgqpeyfJmc503Wb4C_FsVU4qkQyrAkeGVhhMGyLQiFPSVkJmWNSlXX__uAso9awX6AivvGKhw0qugNRcdixofINxeCgf1MpxH7fgk7IlFZP4grzHvobwV0eFLoC614H_oyySlM9hEnPi4h1l3--dQrINLfLaPdNP96Nz9h_utD4wYF9-pQr1hcEgVSMcIgotUBJoQNL1ezMyMUyIHz842fzx8oqQGNmXq6Dp334y3G7XPJf8IBuNHI5LjZw_0IMXfR93wnJm1h5AC2V5nll-myhk365gPZMD3eV6zrUsOKSvTxesC0uRxsZNQSHl0qsyJL90tneUTsr0y15VV8ixeW7KUAj1gsLcEU1ow1M-m-VNzvOj63ytcSv_F5ok9RljAy88lpuMrlyRUIr6mx5JZcs7Gu10Dwn9CMVnmYBET0cCLXaCsntZRcvM01yPxR-LoetkcBhhSZ1Aghh23vjWLhx_upoRx2DJvVYnP081QF53O2L-wmoa81ubcNxAxCYJAf2CYVBBgVoE2ejLu5hFt44Bju6utiCtnCfPb0VSzyH7jSf4u6nqZCG2fgXNcKHzG1K90gb-TM8jrNKJYVV9dt-6g_MWMMv2vy9FMhGqRnNLpHrZ8jGvHtZ-uochPjBAls872q8bXF0TDDmLGLJtV7BSqo8eYP_p2myzeh0h1SYunmeralxjhheMSjy893YQT9EiMEDPrzMbeicLlyBQ77vGfSBEFkZeid4sZZgwRi8hZHu6itI2qCbxtcV2XOD0nhgVTaKfg4KrXYlvZn9Jxx6_p3YB8WXRZheQ1bkJh2DxsvSYbyqBxxqzzQ_bBaWLEuYqGBdWDmo-6JT3_HjIUXJpfoQbuTyn-nYys05n0eBWR4XF5g3S15KJ967iHJ5Yp_P4oLgytSHvC-C835J2-z2MGG97JPZYlvhWAoPSWRcF3HQLxvqmYwYkurjtN6PWZ9Z1gGEsWrZGkTVPYZHEeSB4RUdRgtci7tje2Nrk_k%26bid%3D0.027941185295593522&icons=KN9I43JUp9lVZkaVEk2Cbj9qLdtPvQy3kQrmhpciSBsfSWf5xKvfyo9pt1vQE2g3ja9qMHNK_dQHeaTb3G9wcmzauAX1pF96WT0UiNaSgCC2cWOBdiTlYLIS-JHUCa9juZAaqI5IXLKyydsUyScJNtUopDG9xJH2jmxZCWPE-ajX4rDJjEz48ZQq82nJ5pFCRWfp6JUHjNzNbuV0rDWBIeYbZAOP2cbHogYBa6Abfsh7lpC-tNZ-2D6sNj7vbGF0W1CWHs8caSCzv_hhsQfAubpUDWBKdHgpH7Jkph0r-Y4CZh2aywLWukOeGUxxerejT_KJ9iCcT3MjE0DH4q9h8AAi5DZ3JVMlXT5iPfwA2CU75-ZOvPyd2Gw8dpECB4epMe49iCffImekXolk2zVKM-4TBeaazVk_GEToGjuB_rP01jXfm4SqEtR_E4GAoiXb4pAoJPWhKOaZCObppQE13oMTUTFk2iqUmrnrDW2ymmoy3iwTevMDt70W_266LP-kt1RhBPhHtCMYDkY5YjNwiRExMazDjnnaK5l2VN4Li2Dx1pSsM_BXFwUUTR6ykbaeMbp5g5h0UmrszNCmCxuB-csTIvdz0xOhU2kzOmjZOHTvHgRa4VbhZeCDXBVU4jlu1N4GY45x_t3HfQbD9M_egVEtvxWJDymZ9jpaM-TCRwv6gFc9G2DbnAIjUX35gz8yiURPHjSqq5y6n9YqJ-dsbAhz4PXrmmL0hxw6Nx-Sqmrz_L_j43nBNKrmk2NTZI_T8weCYsD7FuRvYZrVnjIFVu_xtQ1WyZAEQSqXD0inJCouEYrzANNpuJGUeBIS_uCFQF9xgk-pGc8xpwhJU7EDu2uFNwZmP2K6Fx2VQ5etz4qS5Q5wTDYMys6jrSrc1saIYrW_2AaWpt0uemg74QZ4HlUqKvOzhIFAiVQ5bir6GerVm3p_5jvk8M7N-8bc6Y1DRL5la0jC0O8P615ky8CDYpRZ01PxYFclzsovC7cxKF8XOLBJ8Db1PTLs-1HKParenQZc0XC3y5M-gr7e989gvDUWyI62PH5ayv4cj9UyIbeXga9JQt7Dkx32FMjDItU_Exzv3zdGoRZFNIMeUVBhSJgbdHK4GApsq7c2u-Lxz_ECK4Dtb7pFDnYfWDTp56klAMswASrcpudDIv21QujT98-oiJFXK8-zhqnQvLaZiIvKxcLYXv-9HeZX9Efeajw8eslgGwqSsef4FIRpK9QHZbboS0KaRF1-W0yAt3Mbam7ooa44rdg7_3AQfrFTceDFOhEvmmvJYDIvZYyCF4aQ3T3PtGManUAu0WnkETUyG5fR39A51YI&ext_cid=224906&px_id=73418774&min_cpm=0.012434737377029147&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.03176602058410654&cpm=0.027941185295593522&verify_hash=c9151c71d9b6163b860872c7fbecaa12&is_native=1&real_bid=0.0278238328289705&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=5,98,130,4,90,33&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715267710&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777156%2Fconversions%2F3b69WTpe-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=c9ae5ed8-2030-4a87-a266-d732283e7157&prev_step_diff=848 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

img.doodcdn.co/snaps/rwd4dg4z3phsej62.jpg

104.26.7.74

200 OK

14 kB

URL GET HTTP/2
img.doodcdn.co/snaps/rwd4dg4z3phsej62.jpg
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x406, components 3
Size
14 kB (14338 bytes)
Hash
492dfb4086f19d4523775da155b0658f
70e89bdc0162971146fe55544953050354ee25fd
a0d49a5afdacb734ee33290b8204005c6fcaca6bd8ed85995ecdfc1abadccbf8

HTTP Headers

GET /snaps/rwd4dg4z3phsej62.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: image/jpeg
content-length: 14338
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=14562
etag: "662be138-38e2"
expires: Mon, 20 May 2024 19:08:57 GMT
last-modified: Fri, 26 Apr 2024 17:15:36 GMT
cf-cache-status: HIT
age: 69036
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUYI%2B32roaxSDYz%2Bh%2FUI%2BvzOzcOiu%2B460i%2FPQE7XOP4bU67RX%2FsBydBxQM%2BPiP4Vf%2FoLvLPTEf1H7yXUNuV%2BnG5qrHSiw%2FktEBtIph5PnBcfjHC5BbskC15vnoMaZ9Dq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880229f9797f56ba-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 498108
expires: Sun, 27 Apr 2025 15:15:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5IYULP%2Be5y8U5rXxKX24QHDiHpN7TlrvEGHeX2wnrXjHyfYBXBa6YyBr5douBge%2F9kLN0ahE4gGDQkxh47GTyTkH8i4rhxcX5cTTkFDLTVIecjXBocKCCRzk2eFLzQwz4Gr%2FxF%2B9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880229f9aeebb515-OSL
alt-svc: h3=":443"; ma=86400

63cc093d48.f336d0935e.com/in/multy

157.90.84.246

200 OK

3.0 kB

URL POST HTTP/2
63cc093d48.f336d0935e.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type
JSON text data
Size
3.0 kB (3038 bytes)
Hash
964bc4413a5c07c25acafff283d1a2e7
3432ec7d4e4825d9c30590ae986c4d03d5ec146d
adee63a51669e63cdadbfd7479197c0452199d2e0167e66a91a010db068dd985

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1736
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/json
content-length: 3038
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=ee13b4e9-ddf6-4a05-b47b-335dc1543254&prev_step_diff=848

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=ee13b4e9-ddf6-4a05-b47b-335dc1543254&prev_step_diff=848
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=ee13b4e9-ddf6-4a05-b47b-335dc1543254&prev_step_diff=848 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Wed, 07 May 2025 15:15:10 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Wed, 07 May 2025 15:15:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

p.a64x.com/in/tip_shows/?katds_ep=-wc_fw8Gt017Ay8eEO8cemWrjhMJuYaf46sMjgyR8HYJYw4BNDj9hNOPswJ99wUPCrlex3YjegYktaA8xehaoM868bDE5bcnmMj9ucU8h2VNFWUne-zRc-jLsmjjdxuxL1fu3QQu0hYoqYDRHFDjTRhoFPA4WYjwwNWRjMl_XsU6U2U-TutOe6fxGmon8sMRlNMj8AKwuUjlvzaXd8zt7QEaMNQdvBdCnFTvpFTvqNkbTkoAHMlcKXM3y7a5taWl1s01XuS0o4NNk3gRWixf3pEUzrMIWx_anUf5GkUJL7Yj-8xobM5wc9Ou7wJ2AvOg9jZ6mcOEsvFgXZ75kouxKZxLNCsoshV5QmMaFO_PryKTZZLdGcIikTXoBhHPtUjYqz55kcu9vK1z0c-PjrfFP0xcPMwus8vuB2WvhYtyhpq_VVRLKYtzn8BE6yrr0HJokaPJMDnq_DmNRl_vsGqKgk-br5no0C9XNk0KV1C7eMNWg8krQolYfBivc86HuOWJehcppFyI4GVcIc9Vg4NINkHhalhC9ehh3GMvjp7yDyGKy7tjwgvlreZWBFzpXhSeLKziZuHTqF1qInxwsRouiWeAYtwADZm47Qs3MgIl3dM0kRX9Le7fXSueUPUWnQ_nmpORzKK78f1MMtQAu9vHzTycXxlmdSoYp7dCsv6rzA0_2SrvGOzVeTkqJGJSoyllluTvSawkrTEVuE_J1rCTzj3z4cS-v-28qYBPIej8pndNcYvY0fNrN1Ntp4P1Kh_JFnciZ5Vjbri1BAOlqzw7vqwjAgKmXRs2x4YePB18xiCNbSiDIFD14zGvX30-vT31QZYWPl8bvgUYe80vrZXufuF48O1_8LlXZvlfouJ2Cgl3F2UwCAUZJ8EoP88&bid=0.027941185295593522&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=ba4c6d19-1bfa-4995-8078-a2d62b2e185f&prev_step_diff=848

172.67.185.171

302 Found

0 B

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=-wc_fw8Gt017Ay8eEO8cemWrjhMJuYaf46sMjgyR8HYJYw4BNDj9hNOPswJ99wUPCrlex3YjegYktaA8xehaoM868bDE5bcnmMj9ucU8h2VNFWUne-zRc-jLsmjjdxuxL1fu3QQu0hYoqYDRHFDjTRhoFPA4WYjwwNWRjMl_XsU6U2U-TutOe6fxGmon8sMRlNMj8AKwuUjlvzaXd8zt7QEaMNQdvBdCnFTvpFTvqNkbTkoAHMlcKXM3y7a5taWl1s01XuS0o4NNk3gRWixf3pEUzrMIWx_anUf5GkUJL7Yj-8xobM5wc9Ou7wJ2AvOg9jZ6mcOEsvFgXZ75kouxKZxLNCsoshV5QmMaFO_PryKTZZLdGcIikTXoBhHPtUjYqz55kcu9vK1z0c-PjrfFP0xcPMwus8vuB2WvhYtyhpq_VVRLKYtzn8BE6yrr0HJokaPJMDnq_DmNRl_vsGqKgk-br5no0C9XNk0KV1C7eMNWg8krQolYfBivc86HuOWJehcppFyI4GVcIc9Vg4NINkHhalhC9ehh3GMvjp7yDyGKy7tjwgvlreZWBFzpXhSeLKziZuHTqF1qInxwsRouiWeAYtwADZm47Qs3MgIl3dM0kRX9Le7fXSueUPUWnQ_nmpORzKK78f1MMtQAu9vHzTycXxlmdSoYp7dCsv6rzA0_2SrvGOzVeTkqJGJSoyllluTvSawkrTEVuE_J1rCTzj3z4cS-v-28qYBPIej8pndNcYvY0fNrN1Ntp4P1Kh_JFnciZ5Vjbri1BAOlqzw7vqwjAgKmXRs2x4YePB18xiCNbSiDIFD14zGvX30-vT31QZYWPl8bvgUYe80vrZXufuF48O1_8LlXZvlfouJ2Cgl3F2UwCAUZJ8EoP88&bid=0.027941185295593522&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=ba4c6d19-1bfa-4995-8078-a2d62b2e185f&prev_step_diff=848
IP
172.67.185.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88
ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=-wc_fw8Gt017Ay8eEO8cemWrjhMJuYaf46sMjgyR8HYJYw4BNDj9hNOPswJ99wUPCrlex3YjegYktaA8xehaoM868bDE5bcnmMj9ucU8h2VNFWUne-zRc-jLsmjjdxuxL1fu3QQu0hYoqYDRHFDjTRhoFPA4WYjwwNWRjMl_XsU6U2U-TutOe6fxGmon8sMRlNMj8AKwuUjlvzaXd8zt7QEaMNQdvBdCnFTvpFTvqNkbTkoAHMlcKXM3y7a5taWl1s01XuS0o4NNk3gRWixf3pEUzrMIWx_anUf5GkUJL7Yj-8xobM5wc9Ou7wJ2AvOg9jZ6mcOEsvFgXZ75kouxKZxLNCsoshV5QmMaFO_PryKTZZLdGcIikTXoBhHPtUjYqz55kcu9vK1z0c-PjrfFP0xcPMwus8vuB2WvhYtyhpq_VVRLKYtzn8BE6yrr0HJokaPJMDnq_DmNRl_vsGqKgk-br5no0C9XNk0KV1C7eMNWg8krQolYfBivc86HuOWJehcppFyI4GVcIc9Vg4NINkHhalhC9ehh3GMvjp7yDyGKy7tjwgvlreZWBFzpXhSeLKziZuHTqF1qInxwsRouiWeAYtwADZm47Qs3MgIl3dM0kRX9Le7fXSueUPUWnQ_nmpORzKK78f1MMtQAu9vHzTycXxlmdSoYp7dCsv6rzA0_2SrvGOzVeTkqJGJSoyllluTvSawkrTEVuE_J1rCTzj3z4cS-v-28qYBPIej8pndNcYvY0fNrN1Ntp4P1Kh_JFnciZ5Vjbri1BAOlqzw7vqwjAgKmXRs2x4YePB18xiCNbSiDIFD14zGvX30-vT31QZYWPl8bvgUYe80vrZXufuF48O1_8LlXZvlfouJ2Cgl3F2UwCAUZJ8EoP88&bid=0.027941185295593522&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&st=0.02&cpa=ba4c6d19-1bfa-4995-8078-a2d62b2e185f&prev_step_diff=848 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 May 2024 15:15:11 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2zjN%2B%2BIUN0%2Fekj%2FtNR8akhad%2F3SL6R0kgLUCEUODQ1Y4W3RFBbs84v8on7lY78FMrIiKWbA5gBaOhCoGY0Gf54lwaHp8AhcOFTtk9TAoJwct77spEqUbTJWwlfa1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f9c8ee56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=81745787-2360-4b8f-acbd-911fafa87a17&prev_step_diff=1096

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=81745787-2360-4b8f-acbd-911fafa87a17&prev_step_diff=1096
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=81745787-2360-4b8f-acbd-911fafa87a17&prev_step_diff=1096 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Wed, 07 May 2025 15:15:11 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg

45.133.44.25

200 OK

10 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777156/conversions/3b69WTpe-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
10 kB (10147 bytes)
Hash
d27321438be78f72c18f84cecb85c11e
31084685ba871245f90f4ac23949bc4aa37ce39b
d08796c038822a8e5b0b8f249dda868ce114459c911091b0969acf32df501b98

HTTP Headers

GET /m/p/0/777/777156/conversions/3b69WTpe-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 10147
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:54 GMT
etag: "66159ab6-27a3"
x-request-id: a42fb51f65ac1ae8733899620e4ac07b
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&icons=reZTLvaFnwa-fuId8V0XnN8HsVixaX6Q2KnVHOs-SR1vrYQaIO_8GD9SGZAseK5dHY0uy5Q6JQ0BdKLAj7AiiTd442KsrIBMm3cO3Qx8iA4baLWtm9OTxoD9jVJ3nPzfLm03dJmSCGGXNdYqr3VAgYzXcIkaksnq7pyd0ryUn2YCq8cP6g&ext_cid=0&px_id=418776&min_cpm=0.14823459930274294&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5571339320996224645&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.02166371219196144&cpm=0&verify_hash=79eabc51173ad2eb89cba2479563c573&is_native=4&real_bid=0.00040372216473927124&original_bid_usd=0.0027624810000000002&original_bid=0.0027624810000000002&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027624810000000002&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027624810000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=4f289797-ab6d-4f61-8733-469a50eac06a&prev_step_diff=1096

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&icons=reZTLvaFnwa-fuId8V0XnN8HsVixaX6Q2KnVHOs-SR1vrYQaIO_8GD9SGZAseK5dHY0uy5Q6JQ0BdKLAj7AiiTd442KsrIBMm3cO3Qx8iA4baLWtm9OTxoD9jVJ3nPzfLm03dJmSCGGXNdYqr3VAgYzXcIkaksnq7pyd0ryUn2YCq8cP6g&ext_cid=0&px_id=418776&min_cpm=0.14823459930274294&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5571339320996224645&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.02166371219196144&cpm=0&verify_hash=79eabc51173ad2eb89cba2479563c573&is_native=4&real_bid=0.00040372216473927124&original_bid_usd=0.0027624810000000002&original_bid=0.0027624810000000002&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027624810000000002&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027624810000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=4f289797-ab6d-4f61-8733-469a50eac06a&prev_step_diff=1096
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&icons=reZTLvaFnwa-fuId8V0XnN8HsVixaX6Q2KnVHOs-SR1vrYQaIO_8GD9SGZAseK5dHY0uy5Q6JQ0BdKLAj7AiiTd442KsrIBMm3cO3Qx8iA4baLWtm9OTxoD9jVJ3nPzfLm03dJmSCGGXNdYqr3VAgYzXcIkaksnq7pyd0ryUn2YCq8cP6g&ext_cid=0&px_id=418776&min_cpm=0.14823459930274294&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=5571339320996224645&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.02166371219196144&cpm=0&verify_hash=79eabc51173ad2eb89cba2479563c573&is_native=4&real_bid=0.00040372216473927124&original_bid_usd=0.0027624810000000002&original_bid=0.0027624810000000002&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0027624810000000002&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000027624810000000003&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.03&cpa=4f289797-ab6d-4f61-8733-469a50eac06a&prev_step_diff=1096 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=2127069292&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Funaent.xyz%2Fdsp%2Fph%2Fclcm%3Faid%3D8933108689299194431%26mid%3D0%26t%3D1715094910%26s%3D1094673%26sid%3D1689&icons=pjgjtcxpTvVB9qp_xXyWiaedYEV7fYgjwadoytXL3PwatWLQUiSHzUcCFTRCPNo9Pw0dwv2dLQ5B8O0JZX4zFIbPpNP9Ku-vj0zoEbO16sZHeXrrjluHCmXzZ20gAU6VKCwQKa94Vejc7D4eCKTjBEfv87oZ6HLtPHAsTIPHNB4-Dj6M1vNyCg&ext_cid=0&px_id=73418776&min_cpm=0.013881299542513423&out_id=0&campaign_type=hq&aid=108&cid=13478&uniq=a334d1e8e0cf6e2008d0fa31d7efa98df1a55726e07de252251eed481d44c8e6&mid=5571339320996224645&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.023531939391157858&cpm=0&verify_hash=565b0cf54a0756d0c4051a6f668fff7d&is_native=1&real_bid=0.004683029514789559&original_bid_usd=0.005048&original_bid=0.005048&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=106,4,83,130,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715181310&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.005048&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000005048000000000001&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=6452917b-6b44-4021-bf3d-e82fde2bf1cb&prev_step_diff=1096

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=2127069292&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Funaent.xyz%2Fdsp%2Fph%2Fclcm%3Faid%3D8933108689299194431%26mid%3D0%26t%3D1715094910%26s%3D1094673%26sid%3D1689&icons=pjgjtcxpTvVB9qp_xXyWiaedYEV7fYgjwadoytXL3PwatWLQUiSHzUcCFTRCPNo9Pw0dwv2dLQ5B8O0JZX4zFIbPpNP9Ku-vj0zoEbO16sZHeXrrjluHCmXzZ20gAU6VKCwQKa94Vejc7D4eCKTjBEfv87oZ6HLtPHAsTIPHNB4-Dj6M1vNyCg&ext_cid=0&px_id=73418776&min_cpm=0.013881299542513423&out_id=0&campaign_type=hq&aid=108&cid=13478&uniq=a334d1e8e0cf6e2008d0fa31d7efa98df1a55726e07de252251eed481d44c8e6&mid=5571339320996224645&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.023531939391157858&cpm=0&verify_hash=565b0cf54a0756d0c4051a6f668fff7d&is_native=1&real_bid=0.004683029514789559&original_bid_usd=0.005048&original_bid=0.005048&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=106,4,83,130,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715181310&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.005048&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000005048000000000001&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=6452917b-6b44-4021-bf3d-e82fde2bf1cb&prev_step_diff=1096
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=388464194&sid=2549881410&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=62.84530700119384&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=2127069292&crtid=77c5a97501b803765249b9c86cd7c6a3&url=https%3A%2F%2Funaent.xyz%2Fdsp%2Fph%2Fclcm%3Faid%3D8933108689299194431%26mid%3D0%26t%3D1715094910%26s%3D1094673%26sid%3D1689&icons=pjgjtcxpTvVB9qp_xXyWiaedYEV7fYgjwadoytXL3PwatWLQUiSHzUcCFTRCPNo9Pw0dwv2dLQ5B8O0JZX4zFIbPpNP9Ku-vj0zoEbO16sZHeXrrjluHCmXzZ20gAU6VKCwQKa94Vejc7D4eCKTjBEfv87oZ6HLtPHAsTIPHNB4-Dj6M1vNyCg&ext_cid=0&px_id=73418776&min_cpm=0.013881299542513423&out_id=0&campaign_type=hq&aid=108&cid=13478&uniq=a334d1e8e0cf6e2008d0fa31d7efa98df1a55726e07de252251eed481d44c8e6&mid=5571339320996224645&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.023531939391157858&cpm=0&verify_hash=565b0cf54a0756d0c4051a6f668fff7d&is_native=1&real_bid=0.004683029514789559&original_bid_usd=0.005048&original_bid=0.005048&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=106,4,83,130,90&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1715181310&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FKJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png&site=native-push-adult&price=0.005048&hostname=auc-inpage-hz-8-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000005048000000000001&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=6452917b-6b44-4021-bf3d-e82fde2bf1cb&prev_step_diff=1096 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

paronymtethery.com/rSfAH4Kr7lm28/64343

23.109.170.224

200 OK

20 B

URL GET HTTP/1.1
paronymtethery.com/rSfAH4Kr7lm28/64343
IP
23.109.170.224:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerLet's Encrypt
Subjectparonymtethery.com
Fingerprint63:F2:88:89:1F:F8:81:BA:AE:2C:AE:99:FD:C3:5F:47:2F:0B:DE:F1
ValidityMon, 29 Apr 2024 18:59:43 GMT - Sun, 28 Jul 2024 18:59:42 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rSfAH4Kr7lm28/64343 HTTP/1.1
Host: paronymtethery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 15:15:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Wed, 08-May-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Wed, 08-May-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

unaent.xyz/dsp/ph/icm?aid=8933108689299194431&mid=0&sid=1689&t=1715094910&subid=73418776&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=e1b291b9-a26c-45dc-96c5-7eb441cb8c90&prev_step_diff=1095

185.162.87.219

302 Found

0 B

URL GET HTTP/2
unaent.xyz/dsp/ph/icm?aid=8933108689299194431&mid=0&sid=1689&t=1715094910&subid=73418776&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=e1b291b9-a26c-45dc-96c5-7eb441cb8c90&prev_step_diff=1095
IP
185.162.87.219:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectunaent.xyz
FingerprintA4:5D:7E:E9:B8:C4:A1:85:BE:36:7E:B5:BC:80:5E:C0:90:C7:BA:04
ValidityTue, 23 Apr 2024 15:51:48 GMT - Mon, 22 Jul 2024 15:51:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dsp/ph/icm?aid=8933108689299194431&mid=0&sid=1689&t=1715094910&subid=73418776&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.03&cpa=e1b291b9-a26c-45dc-96c5-7eb441cb8c90&prev_step_diff=1095 HTTP/1.1
Host: unaent.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 07 May 2024 15:15:11 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
location: https://i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png
X-Firefox-Spdy: h2

imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg

45.133.44.25

200 OK

3.0 kB

URL GET HTTP/2
imdn.pics/m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5
ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
3.0 kB (2972 bytes)
Hash
bbd50a964fd18363b647225883bbb908
960383ba8379454c49adc0ed9c0faf681a898d61
58deb046cbfa7bfae5ed5290686bda50b55be2bf0ea62f1577ca135a8fdeb10e

HTTP Headers

GET /m/p/0/777/777155/conversions/R6Fcvd3Z-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 2972
server: nginx
last-modified: Tue, 09 Apr 2024 19:44:46 GMT
etag: "66159aae-b9c"
x-request-id: bcbe6ea9e5034af8477860eea5b5ead2
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

11 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
11 kB (10722 bytes)
Hash
e3ab593ff2b35bcd9e832e06d44093c7
3ef50ae6fe8f7b66420b86f677305745a7a1b7d8
4c9188eb0af64f08fd131f5f9f3d36f7d03befc8b1d9a3cc3fbaaa2b0faf5c53

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 973
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Tue, 07 May 2024 15:15:11 GMT
content-type: application/json
content-length: 10722
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mordoops.com/5/6651943/?oo=1&aab=1

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
mordoops.com/5/6651943/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3083), with no line terminators
Size
2.8 kB (2839 bytes)
Hash
0df79073b90c141f0c0074e22b72e989
3c4db53e4da3d83e917beb496a86c69e943bd9c6
fd1ec1b06c54c3802d8cf0363e6610e3da2dad85b300d3c56630f97694c7fbff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 15:15:10 GMT
content-type: application/json
x-trace-id: d7fdd38e15bccd773d5dbb7382e4f0a9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080551a45da4105e44bbb1fcafb893e; expires=Wed, 07 May 2025 15:15:10 GMT; path=/; secure; SameSite=None
oaidts=1715094910; expires=Wed, 07 May 2025 15:15:10 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

metrolagu.cam/video?q=jiwa+yang+bersedih

172.67.147.56

200 OK

6.9 kB

URL POST HTTP/3
metrolagu.cam/video?q=jiwa+yang+bersedih
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with very long lines (6943), with no line terminators
Size
6.9 kB (6858 bytes)
Hash
8573b92270cff4b65c31f38323112e30
3218121367f738240be7dc34c747cf19ac88eb03
96d5a386a5aab4068dbe05a0ccd54301cd4e6b90452749c5177449ae52e0165e

HTTP Headers

POST /video?q=jiwa+yang+bersedih HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/6148464f3471734f635642
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UfPRYKLXfJTbGN2IJ94ENwTcNDpE%2FdV%2BQM46uVfRzh6qyQBZAltw8%2FdtU97p7reANb2F4ob%2BfLh%2B5UnSKVPyH1T1xR1jDiq6wvc7Mu90zI84%2B1W9hQKFY4tIsDd6jazq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f768090b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i.wmgtr.com/cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png

0.0.0.0

0 B

URL GET
i.wmgtr.com/cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
FingerprintC3:69:C8:AD:52:95:77:79:3A:41:14:93:DE:ED:EA:B0:DA:18:DE:0E
ValiditySat, 20 Apr 2024 03:01:12 GMT - Fri, 19 Jul 2024 03:01:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cim/KJpVFEpVyZI-GXQzzfsoQce6d-yHkdN8.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=82800
expires: Wed, 08 May 2024 14:15:11 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

assets.poopcdn.com/style.css

104.21.11.28

200 OK

259 kB

URL GET HTTP/2
assets.poopcdn.com/style.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text
Size
259 kB (259373 bytes)
Hash
f94acf4d0db64b4a710fc6fce3bc2a49
63753e2bb0367b37084eba7690d9fb752667ecd3
f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340

HTTP Headers

GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7I%2BHeuK%2FaFv3nX3%2BXv5z10ZVUJJ1jAeUKWYqiBc29Jkzj1fmGNVwtcOJf5naFgJpyz5xWGQkAsuZt3op8KPSlC9K9VSZXljZ%2BO4Vze21SL%2F60uzdT%2Bd%2Bup4dVitKz9lbH1dvgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ea4f2e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png

45.133.44.33

200 OK

13 kB

URL GET HTTP/2
i.wmgtr.com/cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png
IP
45.133.44.33:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
FingerprintC3:69:C8:AD:52:95:77:79:3A:41:14:93:DE:ED:EA:B0:DA:18:DE:0E
ValiditySat, 20 Apr 2024 03:01:12 GMT - Fri, 19 Jul 2024 03:01:11 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2022:08:30 20:15:26], baseline, precision 8, 192x192, components 3
Size
13 kB (13188 bytes)
Hash
47a01952086fc563140600937f1cfe58
6ce721ef10c9299d95613a32b1d1f201e20d6b3c
4db017b689878a5b038bf012414b30d924ed1c78475ade9f44d9737195df62ba

HTTP Headers

GET /cic/uwe0gwF2RXoswvsh6KyW-iimZos3_6ts.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/jpeg
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
cache-control: max-age=82800
expires: Wed, 08 May 2024 14:15:11 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/7826d47d15d49907a38c80b89e2d6674.js

45.133.44.53

200 OK

168 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/7826d47d15d49907a38c80b89e2d6674.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type

Size
168 kB (168338 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7826d47d15d49907a38c80b89e2d6674.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 24 Apr 2024 09:09:17 GMT
etag: W/"6628cc3d-29192"
content-encoding: gzip
expires: Tue, 07 May 2024 15:20:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js

45.133.44.53

200 OK

101 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/110a65cc169b283c3c7819a3fe77e180.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /110a65cc169b283c3c7819a3fe77e180.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Tue, 07 May 2024 15:20:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/dcd78e9358b6891f8d594bc7153a3bce/114039?version_name=c

45.133.44.53

200 OK

3.3 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/dcd78e9358b6891f8d594bc7153a3bce/114039?version_name=c
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators
Size
3.3 kB (3257 bytes)
Hash
dc49c38e3f555ac28d084fe73360b6c6
a8681f0f4b710d5a8377f894650e04899c2c23c9
1785fd86f4f2224664fb199065e9104a00430b6c9b4c41565f5a6efa3bfde04e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dcd78e9358b6891f8d594bc7153a3bce/114039?version_name=c HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Tue, 07 May 2024 15:20:09 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap

142.250.74.106

200 OK

18 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
18 kB (17685 bytes)
Hash
942d6c103643a3b457d90844f34a9b37
e2594da697f0082ee92f0f1d9b163aed142e09e7
654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54

HTTP Headers

GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 15:15:08 GMT
date: Tue, 07 May 2024 15:15:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

yu2be.com/embud/6148464f3471734f635642

188.114.97.1

200 OK

241 B

URL GET HTTP/2
yu2be.com/embud/6148464f3471734f635642
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
4a59a2295c59e4b5a968e00eed08289a
c3ff30a75df27d3f3e80fa50809f47a43668c3c5
c7ac8edfdd235ee7c8bef5b464dcb5188314c992ed7c613f29023d735a070a38

HTTP Headers

GET /embud/6148464f3471734f635642 HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nxKBCdo6m6Ae06FsPhIvChjZtrlJzjnO5Q1fvWmQJAktkc0n6ZmLs0nqVAZzFcNzImDkQ2KE%2BIZfkLNSvMz8yfG%2FbGJg99Fob%2FQs9o4l0mV%2BZGXVtU7wPh%2BoDQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229edfdd456be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/jembud/6148464f3471734f635642

172.67.147.56

200 OK

249 B

URL GET HTTP/2
metrolagu.cam/jembud/6148464f3471734f635642
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=Ay04zDYuaZA
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with no line terminators
Size
249 B (249 bytes)
Hash
0daec24ba6d82d571ffd163a3456a25b
d87398ccacb2fce709123842aaeee1d14b5a2292
d029334c3f39110b3347f7d8f0eb1ac76bcc659c455934b1ecc38c2940d0aa41

HTTP Headers

GET /jembud/6148464f3471734f635642 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2qRq16rQgFq913o0MV5TGo968B2MxYdUgL3f1p8mLN0p7Mi9NlDH9aC3s%2BrGe3MGMxKf%2BmfiTfruT0L6pv3kZk66PE3weViZORQjUlumtrjSV7Tc2zqSWul5qFTPq%2F8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f4efbab50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=2237372&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbNsiIMWMGxo0WZWKQwdGCxpgwZlqEKSNGTAsYMszcIGPjRpkxZg6KcDjGjUIdMXLAwOEwTJ0xGGWYxEEDB4waOG_QsCG1RowYOIaKEJOGTNSpVa9m3dr1a9imZOwslDFjK9OMdcRMlLHVRlM4F3XMuIFDRkMRc-BI1EFjRo0cNOg6LIOHzpfEi0XUqEED7A2tYse0CTwjxgwYVeGaWXhYjBs3c-neGCzDYRs3HhnTWFo74-3cN2LAsAHDYZ0YGNHQsThHx4sXZ964uB0mcRsXY960eTGnTRg5Fje--FlDjI0cZmyMMRkjzAygZOiGoWEmBo0ws8tYVU9DzFaYZORQxmxhDGeQf2XIYIMNNGxGBhmfxUDSD3XMgVASZPRwAww5wDTGDDiUUcMMZtBUw2yF5WCDGY3hgIMZY9xwohgyEiYDZDXwFEYNZQRVon5i6LfZGDiEJAMZMMTARR0w4GRDG2W0EaQcGPbwRRBl1NECFUi0oUYQSVyBRRxZXPGGDXiAeQYdYoxhRElkNPZYZI7hkANIV2FBAxxJ3HDFDVDIIcQXY0ShxxdM5IGGG0rA4cYdUGS5xhBLTLGGFlkIYQMcORhRBxVMyIFaGDbQEUMSaJyBwxdwFDFDGHd8IQYWWdgJhxEtMBHEFYpCAUUSddyRhB1EwBFDDXKUBscUYdphhBZplEEGHhAS0QQSUNSBBB55yKBHGmn4V8UNY3xxRhVJECFFFWks2aSCc7xRhxxjlFGlnJDR5a6TcMjQg50u3rmvgsb24MQTA286Qw9ikaEdRnaogcfE2D1MVBiLbVFaFw7BQe9CMLjQ5HBEwdEGqx_rEPIMfokghx2B7TbZGCaD7ELLddSRRlSEnRjDbJuJlUZgIuQQgwtKuRCZC8fSIFYdYWDUxBvfssFGGC_UIDIIKGDx1Q4gMJGGG3XgAQIeRX7BINgv66CiyCmAcMRPa7zxglTCJZkkCEakIUePb-DxwtswhAaVDiIcLNYbchB6eOJPiMXG40U40XAZdnzxNxsTnUgYy1YV5_IZsOkgQw04HHZQ5mLIsZCLDq3-RRtvmGV6kRSJQIYcbyw0g0NvHNWbx4HnsVANDs3xMka804Ex4y3U4UYadLRQmgtkxLi48nKZboNnCtpQWuyPH_RF9jeIRUcbEwWHFWRGi76-DO0fyyEN8dMwG1yal5HYFxir3_vwJ5zJZC4MbEAIHY6isRpw7CFiyMxBzOAUNkikY5MDGVFyA4M-KCAg%2526s%253D8827a12b58a9c3435c588a041a842385db0e4ea6963c6c0ef6f8f7c6a6b397361715094910%2526ev%253D0.015064992244959222&icons=V91xe1z1nXY3Luk7aH4hG4l3tZ9u_qfa6TWBYvjvmgrdoGNOQf26kaB66YBLmHDUhNLjpFESCRL7_nUjWrtylyEWwyuJXaj-yxpEO-2TzwSAnjyhJUOTt4Ugg4dtRviEDUe4V3Eh5WOtXw_W5pxJDhRruALpQuxuYE8_JKpjjVFDp6Axuw&ext_cid=313048&px_id=55418774&min_cpm=0.11560209678290889&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.010869391595845478&cpm=0&verify_hash=b5d0430f556ccb65125d00d6ce0db768&is_native=2&real_bid=0.00025973999261856&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000036&ext_campaign_id_str=313048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=79b342eb-34bc-442b-a556-c2eb47890e0c&prev_step_diff=848

157.90.84.246

200 OK

0 B

URL GET HTTP/2
63cc093d48.f336d0935e.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=2237372&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbNsiIMWMGxo0WZWKQwdGCxpgwZlqEKSNGTAsYMszcIGPjRpkxZg6KcDjGjUIdMXLAwOEwTJ0xGGWYxEEDB4waOG_QsCG1RowYOIaKEJOGTNSpVa9m3dr1a9imZOwslDFjK9OMdcRMlLHVRlM4F3XMuIFDRkMRc-BI1EFjRo0cNOg6LIOHzpfEi0XUqEED7A2tYse0CTwjxgwYVeGaWXhYjBs3c-neGCzDYRs3HhnTWFo74-3cN2LAsAHDYZ0YGNHQsThHx4sXZ964uB0mcRsXY960eTGnTRg5Fje--FlDjI0cZmyMMRkjzAygZOiGoWEmBo0ws8tYVU9DzFaYZORQxmxhDGeQf2XIYIMNNGxGBhmfxUDSD3XMgVASZPRwAww5wDTGDDiUUcMMZtBUw2yF5WCDGY3hgIMZY9xwohgyEiYDZDXwFEYNZQRVon5i6LfZGDiEJAMZMMTARR0w4GRDG2W0EaQcGPbwRRBl1NECFUi0oUYQSVyBRRxZXPGGDXiAeQYdYoxhRElkNPZYZI7hkANIV2FBAxxJ3HDFDVDIIcQXY0ShxxdM5IGGG0rA4cYdUGS5xhBLTLGGFlkIYQMcORhRBxVMyIFaGDbQEUMSaJyBwxdwFDFDGHd8IQYWWdgJhxEtMBHEFYpCAUUSddyRhB1EwBFDDXKUBscUYdphhBZplEEGHhAS0QQSUNSBBB55yKBHGmn4V8UNY3xxRhVJECFFFWks2aSCc7xRhxxjlFGlnJDR5a6TcMjQg50u3rmvgsb24MQTA286Qw9ikaEdRnaogcfE2D1MVBiLbVFaFw7BQe9CMLjQ5HBEwdEGqx_rEPIMfokghx2B7TbZGCaD7ELLddSRRlSEnRjDbJuJlUZgIuQQgwtKuRCZC8fSIFYdYWDUxBvfssFGGC_UIDIIKGDx1Q4gMJGGG3XgAQIeRX7BINgv66CiyCmAcMRPa7zxglTCJZkkCEakIUePb-DxwtswhAaVDiIcLNYbchB6eOJPiMXG40U40XAZdnzxNxsTnUgYy1YV5_IZsOkgQw04HHZQ5mLIsZCLDq3-RRtvmGV6kRSJQIYcbyw0g0NvHNWbx4HnsVANDs3xMka804Ex4y3U4UYadLRQmgtkxLi48nKZboNnCtpQWuyPH_RF9jeIRUcbEwWHFWRGi76-DO0fyyEN8dMwG1yal5HYFxir3_vwJ5zJZC4MbEAIHY6isRpw7CFiyMxBzOAUNkikY5MDGVFyA4M-KCAg%2526s%253D8827a12b58a9c3435c588a041a842385db0e4ea6963c6c0ef6f8f7c6a6b397361715094910%2526ev%253D0.015064992244959222&icons=V91xe1z1nXY3Luk7aH4hG4l3tZ9u_qfa6TWBYvjvmgrdoGNOQf26kaB66YBLmHDUhNLjpFESCRL7_nUjWrtylyEWwyuJXaj-yxpEO-2TzwSAnjyhJUOTt4Ugg4dtRviEDUe4V3Eh5WOtXw_W5pxJDhRruALpQuxuYE8_JKpjjVFDp6Axuw&ext_cid=313048&px_id=55418774&min_cpm=0.11560209678290889&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.010869391595845478&cpm=0&verify_hash=b5d0430f556ccb65125d00d6ce0db768&is_native=2&real_bid=0.00025973999261856&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000036&ext_campaign_id_str=313048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=79b342eb-34bc-442b-a556-c2eb47890e0c&prev_step_diff=848
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectf336d0935e.com
FingerprintFC:39:EE:08:B2:B5:A2:11:69:1D:03:8B:B3:C4:CA:05:DB:3E:B1:82
ValidityFri, 03 May 2024 14:01:54 GMT - Thu, 01 Aug 2024 14:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FBVcOsq4OFHa&refdom=poop.com.co&auction_time=1715094910&subid=357529620&sid=2785717355&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-07&iabcat=IAB25-3&keywords=&user_fp=5258541072280280995&score=69.18670420511522&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FBVcOsq4OFHa%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=2237372&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDMYbNsiIMWMGxo0WZWKQwdGCxpgwZlqEKSNGTAsYMszcIGPjRpkxZg6KcDjGjUIdMXLAwOEwTJ0xGGWYxEEDB4waOG_QsCG1RowYOIaKEJOGTNSpVa9m3dr1a9imZOwslDFjK9OMdcRMlLHVRlM4F3XMuIFDRkMRc-BI1EFjRo0cNOg6LIOHzpfEi0XUqEED7A2tYse0CTwjxgwYVeGaWXhYjBs3c-neGCzDYRs3HhnTWFo74-3cN2LAsAHDYZ0YGNHQsThHx4sXZ964uB0mcRsXY960eTGnTRg5Fje--FlDjI0cZmyMMRkjzAygZOiGoWEmBo0ws8tYVU9DzFaYZORQxmxhDGeQf2XIYIMNNGxGBhmfxUDSD3XMgVASZPRwAww5wDTGDDiUUcMMZtBUw2yF5WCDGY3hgIMZY9xwohgyEiYDZDXwFEYNZQRVon5i6LfZGDiEJAMZMMTARR0w4GRDG2W0EaQcGPbwRRBl1NECFUi0oUYQSVyBRRxZXPGGDXiAeQYdYoxhRElkNPZYZI7hkANIV2FBAxxJ3HDFDVDIIcQXY0ShxxdM5IGGG0rA4cYdUGS5xhBLTLGGFlkIYQMcORhRBxVMyIFaGDbQEUMSaJyBwxdwFDFDGHd8IQYWWdgJhxEtMBHEFYpCAUUSddyRhB1EwBFDDXKUBscUYdphhBZplEEGHhAS0QQSUNSBBB55yKBHGmn4V8UNY3xxRhVJECFFFWks2aSCc7xRhxxjlFGlnJDR5a6TcMjQg50u3rmvgsb24MQTA286Qw9ikaEdRnaogcfE2D1MVBiLbVFaFw7BQe9CMLjQ5HBEwdEGqx_rEPIMfokghx2B7TbZGCaD7ELLddSRRlSEnRjDbJuJlUZgIuQQgwtKuRCZC8fSIFYdYWDUxBvfssFGGC_UIDIIKGDx1Q4gMJGGG3XgAQIeRX7BINgv66CiyCmAcMRPa7zxglTCJZkkCEakIUePb-DxwtswhAaVDiIcLNYbchB6eOJPiMXG40U40XAZdnzxNxsTnUgYy1YV5_IZsOkgQw04HHZQ5mLIsZCLDq3-RRtvmGV6kRSJQIYcbyw0g0NvHNWbx4HnsVANDs3xMka804Ex4y3U4UYadLRQmgtkxLi48nKZboNnCtpQWuyPH_RF9jeIRUcbEwWHFWRGi76-DO0fyyEN8dMwG1yal5HYFxir3_vwJ5zJZC4MbEAIHY6isRpw7CFiyMxBzOAUNkikY5MDGVFyA4M-KCAg%2526s%253D8827a12b58a9c3435c588a041a842385db0e4ea6963c6c0ef6f8f7c6a6b397361715094910%2526ev%253D0.015064992244959222&icons=V91xe1z1nXY3Luk7aH4hG4l3tZ9u_qfa6TWBYvjvmgrdoGNOQf26kaB66YBLmHDUhNLjpFESCRL7_nUjWrtylyEWwyuJXaj-yxpEO-2TzwSAnjyhJUOTt4Ugg4dtRviEDUe4V3Eh5WOtXw_W5pxJDhRruALpQuxuYE8_JKpjjVFDp6Axuw&ext_cid=313048&px_id=55418774&min_cpm=0.11560209678290889&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=2078480502746205118&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.010869391595845478&cpm=0&verify_hash=b5d0430f556ccb65125d00d6ce0db768&is_native=2&real_bid=0.00025973999261856&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000036&ext_campaign_id_str=313048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=79b342eb-34bc-442b-a556-c2eb47890e0c&prev_step_diff=848 HTTP/1.1
Host: 63cc093d48.f336d0935e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 07 May 2024 15:15:10 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

metrolagu.cam/play.svg

172.67.147.56

200 OK

633 B

URL GET HTTP/3
metrolagu.cam/play.svg
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:11 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XfnHM1eHq3GUE8g%2FkHrQKuRBCeafZ9isS8YEWMUgTKx0cn3mUiRx%2FYWnsLT7aliwsLVLJbqlC7ZWs9hWumO4qj63CTcRg5v0sqSEVduTn%2Bb6UC9tOeZn1cIDiKgDWv4w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880229fa6cec0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

assets.poopcdn.com/bootstrap.min.css

104.21.11.28

200 OK

209 kB

URL GET HTTP/2
assets.poopcdn.com/bootstrap.min.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text, with very long lines (625)
Size
209 kB (208810 bytes)
Hash
3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b

HTTP Headers

GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sACwGgmCkVNmK4O7sfXkJWg64hdelqVQYP0FGLEh8qynlYibJbofAGJLp4uSMg5k4dLW8DB2BkkQBANl7mxSQESmy8FbI2%2F6M3Tr5SVlLimLRf%2BrNhqFVbxM8mumbFOv80Qd93U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ea3f0c712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poop.com.co/d/BVcOsq4OFHa

188.114.97.1

200 OK

14 kB

URL User Request GET HTTP/2
poop.com.co/d/BVcOsq4OFHa
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
HTML document, ASCII text, with very long lines (6447)
Size
14 kB (14453 bytes)
Hash
7a1f1d465bb1968111984855b7651068
b6529c10185db71c53d43df7d512d9ae886d2f21
72e505bb3d56ad06027fbfe6e24776432d882825b69ecf685f7837bdebdb01ff

HTTP Headers

GET /d/BVcOsq4OFHa HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=43200
cf-cache-status: MISS
last-modified: Tue, 07 May 2024 15:15:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=flHcxAd7vekx3RAFsg0TjLZWGpkkTKEnarOLoWInbcUmxBh%2FbckFd3xR%2BiB6zZG6jCjmVBdS%2B1ML2w3rFvSKcjQK0Jc%2FKdUBlH8Iz9dc0o9VyJSejN8do8oVSVEfkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229e67bff56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2

104.21.11.28

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:08 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.com.co
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3047
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQCfxzg5upF7IzSYzU78FA7SZZHxdxtHXPk0O4xphN6PrLuhlsbbc4G%2FQWTd0MnSkwQGKs65Pj6OpLsKjWxJBEqgruxqeMJgz7kd%2Bl2YtFJeQSSmYbwR2trAo%2B81%2BO38hPNpqkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229ecec4a712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js

45.133.44.53

200 OK

109 kB

URL GET HTTP/2
8d80fcb421.a700fb9c8d.com/63864341c121fc80a909f55d1d6303d1.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/BVcOsq4OFHa
Certificate
IssuerLet's Encrypt
Subject8d80fcb421.a700fb9c8d.com
Fingerprint42:A0:FF:40:15:C5:29:E2:8E:7E:8F:55:FE:A4:8A:15:E0:17:77:CF
ValiditySat, 04 May 2024 02:20:27 GMT - Fri, 02 Aug 2024 02:20:26 GMT

File type

Size
109 kB (109374 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /63864341c121fc80a909f55d1d6303d1.js HTTP/1.1
Host: 8d80fcb421.a700fb9c8d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 15:15:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 07 May 2024 12:02:58 GMT
etag: W/"663a1872-1ab3e"
content-encoding: gzip
expires: Tue, 07 May 2024 15:20:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

metrolagu.cam/embed.css

172.67.147.56

200 OK

1.1 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=jiwa+yang+bersedih
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:15:10 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Tue, 07 May 2024 17:57:52 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 33438
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vA0otNUaRk1isu6pmnndESMQg0lyybQNJ8He9pxXmFt9Tf1cbX3Q%2F%2BI%2BmviRlvoNGRnaqjp%2BbHjqASByfagHd53tVubPj0MT2TXkXTcggOni19dmMBHwu21KFnFMulwJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880229f97b480b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML