cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
104.17.25.14200 OK 28 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 104.17.25.14:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 319985
expires: Thu, 24 Apr 2025 13:04:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4f5RfYTdHUKqlICFA8Lr4JOc57QUZpeQuLjLZSG8UcJ0GLnkuDMXrnHVBUw2S9wNOl%2B2Mojo2rgxrz4wnjwMDTWhsIbpdj9zQx2fIFX0BszP%2BlKyN1OSO1F38MtQtTr%2BzeKXA%2F5l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e8b2ed8911b4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.doodcdn.co/snaps/k11r4uikspwszuov.jpg
104.26.7.74200 OK 16 kB URL GET HTTP/3 img.doodcdn.co/snaps/k11r4uikspwszuov.jpg
IP 104.26.7.74:443
Requested by https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x470, components 3
Hash d13a429387b9f0ecf5a6c704c52e6914
aa3141857286788762875810928d3bf0d9a5f8a9
7ac29ba2c0d04eec8e7d8aa48721b5241ccb2ded3d6399756c74e9bff603c1d9
GET /snaps/k11r4uikspwszuov.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: image/jpeg
content-length: 15559
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15734
etag: "64e74c10-3d76"
expires: Fri, 17 May 2024 03:35:02 GMT
last-modified: Thu, 24 Aug 2023 12:24:48 GMT
cf-cache-status: HIT
age: 63482
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n6M71gG6%2FIs2YxLlmtX3u53e1hRKQSDxTikrHHhxDl3puzo8LVDwysB3pBjTwskcv8kTf9oXdYCpxy4yI5CO8Z9SUcK7uazJWfU0odsR0ag6%2F7aTc554vH3QkxQgI3oO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2efff4b56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
poop.com.co/theme_2/fonts/avertastd-regular-webfont.woff2
188.114.97.1200 OK 24 kB URL GET HTTP/3 poop.com.co/theme_2/fonts/avertastd-regular-webfont.woff2
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: font/woff2
content-length: 23812
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5d04"
cache-control: max-age=43200
cf-cache-status: HIT
age: 4263
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v074pnXGJb5FSkB%2FCHvHDRz%2FdrwBbpRbQrtnfGho78nnlrVaCdi9pWAnBxhv50UP2I8YwI%2FpEYe0hhWKe98nS%2FLpT%2B1J13AyYtEeBq%2FqNd%2FCyaj8BWSPagEg9xwOgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f0bc95b4f9-OSL
alt-svc: h3=":443"; ma=86400
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
142.250.74.72200 OK 102 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP 142.250.74.72:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (5955)
Size 102 kB (101686 bytes)
Hash e5e0d9e7a176d2f95e555445564c4d77
49b54d00cf2964afbd2fefd18749dcb514131b18
7e09a274dc507fdbd71ce89092c7b14b4604451bc75c741ee08d826bc474b4eb
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 13:04:51 GMT
expires: Sat, 04 May 2024 13:04:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101686
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
poop.com.co/theme_2/fonts/avertastd-bold-webfont.woff2
188.114.97.1200 OK 24 kB URL GET HTTP/3 poop.com.co/theme_2/fonts/avertastd-bold-webfont.woff2
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Hash e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /theme_2/fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: font/woff2
content-length: 23604
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-5c34"
cache-control: max-age=43200
cf-cache-status: HIT
age: 4262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vh12qW066SBE6ndpqbuyKGCMzQYL8roBCmG1jN8ogLKlzh9m1WAeC3Anl0KSy%2BrtUz0Hq4WBMWzk6xjqrIXn0hegyNh%2B9ue4cjLSk410DzandUFhXyOsiSxlJ%2BOlGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f25eb6b4f9-OSL
alt-svc: h3=":443"; ma=86400
poop.com.co/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
188.114.97.1200 OK 184 kB URL GET HTTP/3 poop.com.co/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253
Size 184 kB (184476 bytes)
Hash 2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/theme_2/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: font/woff2
content-length: 184476
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
etag: "6522101c-2d09c"
cache-control: max-age=43200
cf-cache-status: HIT
age: 4263
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wcm1EfyLtTcKUltGmgWrIYmnKJgrykYhGni2Bt46fjUiIIrOlVFzWI4OW5zprnkhH8LPtKQfnZOFK0zyML%2FsH0JrtuczEsq0qJCQL2E9E%2FzZgPBGZHhCrzfPweJrxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f25eb5b4f9-OSL
alt-svc: h3=":443"; ma=86400
poop.com.co/favicon-16x16.png
188.114.97.1200 OK 612 B URL GET HTTP/3 poop.com.co/favicon-16x16.png
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/d/FjijrvsPGF0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: image/png
content-length: 612
last-modified: Sun, 11 Feb 2024 12:12:37 GMT
etag: "65c8b9b5-264"
expires: Sat, 01 Jun 2024 07:06:39 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 194292
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1xU5jy%2F7l8NdeE%2Bhojy1R6bosfGOYvV4mfNQ5K7EsRItysEstZiWm7Czhf%2BYMX4Kx9ZCclLCWOvs%2FQS5jTNjoJEsv0cus%2BMZ4KxcR4j2ztPxhQ8b0IxVEl9UIor5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f31fc6b4f9-OSL
alt-svc: h3=":443"; ma=86400
poop.com.co/apple-touch-icon.png
188.114.97.1200 OK 2.8 kB URL GET HTTP/3 poop.com.co/apple-touch-icon.png
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Hash e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/d/FjijrvsPGF0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: image/png
content-length: 2766
last-modified: Mon, 25 Dec 2023 21:07:41 GMT
etag: "6589ef1d-ace"
expires: Sun, 02 Jun 2024 16:26:07 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 74324
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofBqXzWJvfY2E%2FT82QMPjLaFasSR2gX05wLQBaSEYa4rktJpVpec1uRbJI8vUqh1o3e2JttKSNNX2eD5QE7iDBB52e5NRKj37fN921wu4UVegO9BtgAv3K5vV%2BlLow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f31fc3b4f9-OSL
alt-svc: h3=":443"; ma=86400
fp.metricswpsh.com/fp?tag_id=114039
157.90.84.242204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 04 May 2024 13:04:52 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDgyMzcxMDg4Mjk0NDc2NDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
45.133.44.53200 OK 0 B URL GET HTTP/2 3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDgyMzcxMDg4Mjk0NDc2NDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject3fb4026cec.ffbd26c481.com
Fingerprint27:04:EE:66:BA:5B:49:EF:14:C8:8F:A8:F2:D9:35:3D:F6:0F:40:6A
ValidityWed, 01 May 2024 02:50:26 GMT - Tue, 30 Jul 2024 02:50:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDgyMzcxMDg4Mjk0NDc2NDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 3fb4026cec.ffbd26c481.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=114039
157.90.84.242204 No Content 58 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=114039
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash 87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 May 2024 13:04:52 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.com.co
Set-Cookie: id=13681657748895799558; Expires=Sun, 04 May 2025 13:04:52 GMT; Secure; SameSite=None
Vary: Origin
nereserv.com/in/dip?site=native-push&wl=1&event_id=e619793c-bf60-4a54-8ca3-c2bb94560d29&subid=388464194&sid=3564336374&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
94.130.198.6200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=e619793c-bf60-4a54-8ca3-c2bb94560d29&subid=388464194&sid=3564336374&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
IP 94.130.198.6:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=e619793c-bf60-4a54-8ca3-c2bb94560d29&subid=388464194&sid=3564336374&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash 3645031ef5f6f4716ac03b4b215c66ae
171e6143b3f82135103ba23557e245f707316d5f
8afe49c3ae27a72524f6c9fa4cefbd86e42de507a6a7cb6cb106eec9a224863e
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080052a5ac8f418ff5ae41c3ca3eba21; expires=Sun, 04 May 2025 13:04:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
45.133.44.52200 OK 110 kB URL GET HTTP/2 da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 110 kB (109954 bytes)
Hash cacb84104ff1b8352e0ee8c801a29ef4
393c74e933ff2a417ca50df17347793a36c86055
0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 13:09:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/multy
167.235.163.216200 OK 0 B URL POST HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/multy
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:52 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/multy
167.235.163.216200 OK 0 B URL POST HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/multy
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:52 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
74.125.131.84302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 74.125.131.84:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:ubJLyt4RQEKfSyN7nkBOLmgRHDipXQ:esjJhzw743-dPfcW; Expires=Mon, 04-May-2026 13:04:52 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 13:04:52 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzPyo2oGHLqGkOOw7FccvZc4STTuBxaUImjNNS0GZdz9FDQKLljWkTAGAbbOxTHRT7h6ZJLig
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-2M6gtGSKnFP5NIRXgC5udg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzPyo2oGHLqGkOOw7FccvZc4STTuBxaUImjNNS0GZdz9FDQKLljWkTAGAbbOxTHRT7h6ZJLig
74.125.131.84302 Found 426 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzPyo2oGHLqGkOOw7FccvZc4STTuBxaUImjNNS0GZdz9FDQKLljWkTAGAbbOxTHRT7h6ZJLig
IP 74.125.131.84:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File type HTML document, ASCII text, with very long lines (404)
Hash ea55c9867ba8caa50b2d124c09c5a64f
94b9be3d91d17b69cd0f979079f9f3a7870c2596
224c4571bfc0b5ddd119bd3d82927e59604836bd244412ed6d19ecb621fd592f
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzPyo2oGHLqGkOOw7FccvZc4STTuBxaUImjNNS0GZdz9FDQKLljWkTAGAbbOxTHRT7h6ZJLig HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:_yY80NUxk1uVo0akEx53pRZjOPhzbQ:AFnFGjOX8YmR7WMj;Path=/;Expires=Mon, 04-May-2026 13:04:52 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 13:04:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQy8uwhx6sGsj_yovStbAQ6jehsQbZ-bYULgRhp06vxRZNhOuRTDIShMY9lnlbRh1KzP3BYN&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1714827893005286&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-hYo-smpyZyqR6e_oYWZhoA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/multy
167.235.163.216200 OK 4.3 kB URL POST HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/multy
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash 527ba7f9690b27be8046cd123254d4b1
5d75d0824cc784d2d516cc965c18a2ea8809227a
34080bff60fbdc9ef198e4ce2a923dd3b5620c7f230294342eaa92310a90f8cc
POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2018
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: application/json
content-length: 4271
content-encoding: gzip
vary: Origin,Accept-Encoding
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/multy
167.235.163.216200 OK 4.3 kB URL POST HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/multy
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash db42fec6eae9bf332a548594120629b8
8cf0d40c48a0727e9723b54e88ecaddb8ec1df38
e2cdf899bf2f7c8beae2302ba8fd0993103e3c6973da795bd9a8a336bdd01820
POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2018
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: application/json
content-length: 4260
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=CO4KpmpPFEEpmbTA37urUdLBPZ0hrT-H---1UVW--sTnDz-vMCRF6ICiTZNOYkBFGp49HizOhAFzPLTVYHG-6b0_GA04MkWRcSy_vXZWMz_zR5CigjjABqEuG05X4RRsQFkCiAVI1MhKNvpziEYTiSjRmgjbDBLDJpL5DflNUt1N6yGW3g&ext_cid=0&px_id=418776&min_cpm=0.07023259603885411&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=64055000969939026&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.007546324167074765&cpm=0&verify_hash=57dc91160d9b842e411a3585454c76ee&is_native=4&real_bid=0.00029594465485886405&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=9e1d2fe0-a8a3-4ac5-9928-12787b4ea40f&prev_step_diff=954
167.235.163.216200 OK 0 B URL GET HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=CO4KpmpPFEEpmbTA37urUdLBPZ0hrT-H---1UVW--sTnDz-vMCRF6ICiTZNOYkBFGp49HizOhAFzPLTVYHG-6b0_GA04MkWRcSy_vXZWMz_zR5CigjjABqEuG05X4RRsQFkCiAVI1MhKNvpziEYTiSjRmgjbDBLDJpL5DflNUt1N6yGW3g&ext_cid=0&px_id=418776&min_cpm=0.07023259603885411&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=64055000969939026&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.007546324167074765&cpm=0&verify_hash=57dc91160d9b842e411a3585454c76ee&is_native=4&real_bid=0.00029594465485886405&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=9e1d2fe0-a8a3-4ac5-9928-12787b4ea40f&prev_step_diff=954
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=CO4KpmpPFEEpmbTA37urUdLBPZ0hrT-H---1UVW--sTnDz-vMCRF6ICiTZNOYkBFGp49HizOhAFzPLTVYHG-6b0_GA04MkWRcSy_vXZWMz_zR5CigjjABqEuG05X4RRsQFkCiAVI1MhKNvpziEYTiSjRmgjbDBLDJpL5DflNUt1N6yGW3g&ext_cid=0&px_id=418776&min_cpm=0.07023259603885411&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=64055000969939026&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.007546324167074765&cpm=0&verify_hash=57dc91160d9b842e411a3585454c76ee&is_native=4&real_bid=0.00029594465485886405&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=9e1d2fe0-a8a3-4ac5-9928-12787b4ea40f&prev_step_diff=954 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D61dB1mqNEpCozHnZyyc504Qcgs4PTjaRWg6kqIvVYK5teRK_kcUZBqKJxY8VqojO8WtG8zTLsDn0Vw_ADfO9v-WuWvhvD0nvVD7nSUN-NKhHjx8qH_84V7Hb82dHNllLeGRqBHYVmEXJmj033nY0QN-4HzAqB8YVwMTAKyLSgt2k77987QS9UonSEGydZrGSCaQQydQeqDHRCX93CQwy8sF56XerV0HijPHzxAVOk1INZn7pldxhKKiogKLvaaenW2BhMUABu5PA2eQqe6xAgCmZ964TF32X9Q9XKuOMkpdwrvuHEPRzC02bSwhXCgkuceSYmTDooWheDat4pvLDwRSR_A9QWN6dF92hK7MICsL9kvyRaqKZ_PxpzDRu0hyMwpu3T5aF2QJ9y88A3Oii_i2PHvmzTS9ArHtCVs2rmh7eDLEbLvWPDFKlnTgvMRjzYWj6D8Si9NO0JFlZJOMVHRemHKAF_z8vj8oDkAtd-LkCQugct-4WcWIMAqmZqHgT9bLZ8yiltRQJfswtVFhK6WNcysj-nr8vUgF_1RddEMu9zenwMo2dXi-kc4esHOCG-CLyx9GF&icons=a18U_9rluGDaVr39EWClFDpTkzA-q6RIcijoRWs9L5rwllN0MVpE2GhLV1YGh5pP_bkPKT1ZVCKSPYo5MA9rA0SBJZHqmjhFHQa0vu2XsgVujJefKzWbJ4TnAcxVkyTvMdPDqkc7uLtHJtCceZ4XyJrHjCyJ_g-9SQ-q0WwTHjaCGWhVLDzBUnYFYw3elVOoBx1C0Xz6X3SpwWLoWajznNhWFe7Re36WSgehh_UhRWd83ygBaK6fghmYPpjLoKWCkhhBb6bYSPPTbV0sRO_LTcNuyX0DVaBWdnUOmllevISZf1JVZEsBq8u1xeh8flEA-UvV5jjs3GpeQqX8Vznd9hs7c5oOTaYi3pvpaFLPH0-aXbyze7bXUt6-vb-dpKqUCqEZB0RdSnsF3w87WLBqubNrQXmtYo89RFk7NZ0vnQWmuAcFRtYyiWyNSWQR3qOzcgSz02XK_m6NrIHoxgSe0x2t3F4zzIJCulTSKMROuMpS3pJafAMQnnOCD8n1O1t6vB2htevDYpwDGe_9TA4bWdbgLW2fuB5aw3WAgD-d9uNkl0_LO2RhGtp6jEJ1G7YE1yhJCGdS1lq7F0UB1CkYRNBdVkGbRam9-5JHJlhElcbTXod4MkO2GOlZZcx9W5O7HaGPanEvGtHPxYiOVImUsAVG-Nf6dUugbTF69Zps4oSqjwWKnOIkrW-40LTCuKeWNxW-Rrc&ext_cid=0&px_id=31418776&min_cpm=0.0507204551139262&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=64055000969939026&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.0587182131077489&cpm=0&verify_hash=a361be88e40d7c3a493fca67f94c0c89&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,93,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=19ed88bb-ff0c-4281-957a-feb20a46dd80&prev_step_diff=953
167.235.163.216200 OK 0 B URL GET HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D61dB1mqNEpCozHnZyyc504Qcgs4PTjaRWg6kqIvVYK5teRK_kcUZBqKJxY8VqojO8WtG8zTLsDn0Vw_ADfO9v-WuWvhvD0nvVD7nSUN-NKhHjx8qH_84V7Hb82dHNllLeGRqBHYVmEXJmj033nY0QN-4HzAqB8YVwMTAKyLSgt2k77987QS9UonSEGydZrGSCaQQydQeqDHRCX93CQwy8sF56XerV0HijPHzxAVOk1INZn7pldxhKKiogKLvaaenW2BhMUABu5PA2eQqe6xAgCmZ964TF32X9Q9XKuOMkpdwrvuHEPRzC02bSwhXCgkuceSYmTDooWheDat4pvLDwRSR_A9QWN6dF92hK7MICsL9kvyRaqKZ_PxpzDRu0hyMwpu3T5aF2QJ9y88A3Oii_i2PHvmzTS9ArHtCVs2rmh7eDLEbLvWPDFKlnTgvMRjzYWj6D8Si9NO0JFlZJOMVHRemHKAF_z8vj8oDkAtd-LkCQugct-4WcWIMAqmZqHgT9bLZ8yiltRQJfswtVFhK6WNcysj-nr8vUgF_1RddEMu9zenwMo2dXi-kc4esHOCG-CLyx9GF&icons=a18U_9rluGDaVr39EWClFDpTkzA-q6RIcijoRWs9L5rwllN0MVpE2GhLV1YGh5pP_bkPKT1ZVCKSPYo5MA9rA0SBJZHqmjhFHQa0vu2XsgVujJefKzWbJ4TnAcxVkyTvMdPDqkc7uLtHJtCceZ4XyJrHjCyJ_g-9SQ-q0WwTHjaCGWhVLDzBUnYFYw3elVOoBx1C0Xz6X3SpwWLoWajznNhWFe7Re36WSgehh_UhRWd83ygBaK6fghmYPpjLoKWCkhhBb6bYSPPTbV0sRO_LTcNuyX0DVaBWdnUOmllevISZf1JVZEsBq8u1xeh8flEA-UvV5jjs3GpeQqX8Vznd9hs7c5oOTaYi3pvpaFLPH0-aXbyze7bXUt6-vb-dpKqUCqEZB0RdSnsF3w87WLBqubNrQXmtYo89RFk7NZ0vnQWmuAcFRtYyiWyNSWQR3qOzcgSz02XK_m6NrIHoxgSe0x2t3F4zzIJCulTSKMROuMpS3pJafAMQnnOCD8n1O1t6vB2htevDYpwDGe_9TA4bWdbgLW2fuB5aw3WAgD-d9uNkl0_LO2RhGtp6jEJ1G7YE1yhJCGdS1lq7F0UB1CkYRNBdVkGbRam9-5JHJlhElcbTXod4MkO2GOlZZcx9W5O7HaGPanEvGtHPxYiOVImUsAVG-Nf6dUugbTF69Zps4oSqjwWKnOIkrW-40LTCuKeWNxW-Rrc&ext_cid=0&px_id=31418776&min_cpm=0.0507204551139262&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=64055000969939026&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.0587182131077489&cpm=0&verify_hash=a361be88e40d7c3a493fca67f94c0c89&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,93,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=19ed88bb-ff0c-4281-957a-feb20a46dd80&prev_step_diff=953
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=388464194&sid=3564336374&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D61dB1mqNEpCozHnZyyc504Qcgs4PTjaRWg6kqIvVYK5teRK_kcUZBqKJxY8VqojO8WtG8zTLsDn0Vw_ADfO9v-WuWvhvD0nvVD7nSUN-NKhHjx8qH_84V7Hb82dHNllLeGRqBHYVmEXJmj033nY0QN-4HzAqB8YVwMTAKyLSgt2k77987QS9UonSEGydZrGSCaQQydQeqDHRCX93CQwy8sF56XerV0HijPHzxAVOk1INZn7pldxhKKiogKLvaaenW2BhMUABu5PA2eQqe6xAgCmZ964TF32X9Q9XKuOMkpdwrvuHEPRzC02bSwhXCgkuceSYmTDooWheDat4pvLDwRSR_A9QWN6dF92hK7MICsL9kvyRaqKZ_PxpzDRu0hyMwpu3T5aF2QJ9y88A3Oii_i2PHvmzTS9ArHtCVs2rmh7eDLEbLvWPDFKlnTgvMRjzYWj6D8Si9NO0JFlZJOMVHRemHKAF_z8vj8oDkAtd-LkCQugct-4WcWIMAqmZqHgT9bLZ8yiltRQJfswtVFhK6WNcysj-nr8vUgF_1RddEMu9zenwMo2dXi-kc4esHOCG-CLyx9GF&icons=a18U_9rluGDaVr39EWClFDpTkzA-q6RIcijoRWs9L5rwllN0MVpE2GhLV1YGh5pP_bkPKT1ZVCKSPYo5MA9rA0SBJZHqmjhFHQa0vu2XsgVujJefKzWbJ4TnAcxVkyTvMdPDqkc7uLtHJtCceZ4XyJrHjCyJ_g-9SQ-q0WwTHjaCGWhVLDzBUnYFYw3elVOoBx1C0Xz6X3SpwWLoWajznNhWFe7Re36WSgehh_UhRWd83ygBaK6fghmYPpjLoKWCkhhBb6bYSPPTbV0sRO_LTcNuyX0DVaBWdnUOmllevISZf1JVZEsBq8u1xeh8flEA-UvV5jjs3GpeQqX8Vznd9hs7c5oOTaYi3pvpaFLPH0-aXbyze7bXUt6-vb-dpKqUCqEZB0RdSnsF3w87WLBqubNrQXmtYo89RFk7NZ0vnQWmuAcFRtYyiWyNSWQR3qOzcgSz02XK_m6NrIHoxgSe0x2t3F4zzIJCulTSKMROuMpS3pJafAMQnnOCD8n1O1t6vB2htevDYpwDGe_9TA4bWdbgLW2fuB5aw3WAgD-d9uNkl0_LO2RhGtp6jEJ1G7YE1yhJCGdS1lq7F0UB1CkYRNBdVkGbRam9-5JHJlhElcbTXod4MkO2GOlZZcx9W5O7HaGPanEvGtHPxYiOVImUsAVG-Nf6dUugbTF69Zps4oSqjwWKnOIkrW-40LTCuKeWNxW-Rrc&ext_cid=0&px_id=31418776&min_cpm=0.0507204551139262&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=64055000969939026&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.0587182131077489&cpm=0&verify_hash=a361be88e40d7c3a493fca67f94c0c89&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,93,11&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-1-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=19ed88bb-ff0c-4281-957a-feb20a46dd80&prev_step_diff=953 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=3OakO3yj58-ADwIvo1Lb46iLLkeTg70sWmnx2fjJxAQ5e-hxeL-pzr7lI0HFjW5ouRM_KtBLJm6_RNIHSJ9xt9Br3smTvzV0u22MILXWguGscO3g_PL821YtdPOwz_sHtRrnLtFeXOV4rQO7SSYRfAstqfjq33Br7WKRsLUVtgj1kj7x0w&ext_cid=0&px_id=418774&min_cpm=0.03214935269577828&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030219221651236338&cpm=0&verify_hash=848c2d4c22cac894a1ce324de4123a36&is_native=4&real_bid=0.0002588956813195076&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=d1e4645c-385b-4df6-a0ee-7eef0bab2b46&prev_step_diff=879
167.235.163.216200 OK 0 B URL GET HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=3OakO3yj58-ADwIvo1Lb46iLLkeTg70sWmnx2fjJxAQ5e-hxeL-pzr7lI0HFjW5ouRM_KtBLJm6_RNIHSJ9xt9Br3smTvzV0u22MILXWguGscO3g_PL821YtdPOwz_sHtRrnLtFeXOV4rQO7SSYRfAstqfjq33Br7WKRsLUVtgj1kj7x0w&ext_cid=0&px_id=418774&min_cpm=0.03214935269577828&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030219221651236338&cpm=0&verify_hash=848c2d4c22cac894a1ce324de4123a36&is_native=4&real_bid=0.0002588956813195076&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=d1e4645c-385b-4df6-a0ee-7eef0bab2b46&prev_step_diff=879
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&icons=3OakO3yj58-ADwIvo1Lb46iLLkeTg70sWmnx2fjJxAQ5e-hxeL-pzr7lI0HFjW5ouRM_KtBLJm6_RNIHSJ9xt9Br3smTvzV0u22MILXWguGscO3g_PL821YtdPOwz_sHtRrnLtFeXOV4rQO7SSYRfAstqfjq33Br7WKRsLUVtgj1kj7x0w&ext_cid=0&px_id=418774&min_cpm=0.03214935269577828&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030219221651236338&cpm=0&verify_hash=848c2d4c22cac894a1ce324de4123a36&is_native=4&real_bid=0.0002588956813195076&original_bid_usd=0.002754316&original_bid=0.002754316&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,20,27&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002754316&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002754316&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=d1e4645c-385b-4df6-a0ee-7eef0bab2b46&prev_step_diff=879 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DMngwM1QtIijp5_D-DlSOs_ezC3ThMILS0pR36lxGM6vfg4d4p9F_Ozk3KsZ3zW1Ai7BR5GvfPSsXBDJXkwZAQQwliXrOOxWSujm6IFVfUEfpsJTdOZ9qfRdirjpB5j62AiHpi3twN0PnJkrAmFnzhLRZCZ_7J2DDIzIVxAH4rv-wktgXff44bRIDGmBj7AINVGTtQ86NurJpR6cXmGFa3U_vKoSnx865wIEX_WkANDMVv5XdHGZJBxV3fciLbUtn0nKcgAvdbl0kGTaDuhG8SeskSqp2VBpTOB3nWJGORIn1nrHLPfCL3DiM3tRoAP_EfSe-gltTpVvjIRKKVhYgw2vSME8yxPqVh0kv9jPO0QT1TQRoWeygSRzvGJLEki4beeeUPFA_2PN8DlCVTr_tAO-YCKhfj5N-U1sNpbro1MWKw4Jw9FQ8s0TYP9Dh6gsrcIHtFvAWQHJWT3rujEXkMWBCAWWPieCvLNxePhgBAAmMbgVphHzmd-1bD2KAFMCLuJ8vH9FPpxI_gO94E63OqzwwAJMy_o0pQJShsOewawDbfj2MLIl1sMAbOx8yuSF-iJ4KJYVl&icons=ygV_Hb43j0j0orwlEXf-bpe4DK3pQUTb6Xpn3OUg-0SToTR7gnf2UlCgiKCsKhu3-Yx3NssMKFp4-CBPjESBnSy9zG8cKYHzkb1R-IUU-7vUaxnvtLKC5Xos72AZQbSybXaXQ-FPNl2lducaDd6QB7ndeioUEXBkuBEV5fSWan9SdnCJqIh85JTHqbmAF-ZIFxNguHwcR6KhcZ2pdO4WsV5jdxhWSt7WMVTgYexSPKdMZQm3izZ94ZpXPn6IUEDEEDgQq4uujokmmurDfGiXceKwAqdwQed_pcQNo18h8Bq6wyV2uHEr2L2SKpRquIzAehOcHJrEHQLdHNFSwR4xDhz8LKgm65RXprwxJiqOyv0HMr7wdTkmOXwx0NiILEeoNuD8MdCZoyPCGR6e2I37musbLW5IV3qqJBYXdF0CQNpV-lg5w-pLrRZe15NsUZ3mtD-Vgwb6W4QlMSK85aWwyzV5qkFWstJNhHdm2ype2lyPTsSoCyUtDLEGJkllEuPxu2wmzcbW7hI-xVTu8fSPDDrQVfNkNdiRNMW4rVGK_kxKejiSEJPUv5rfYg5nYBOaI7TBGm5anG36yvffOY1UbHRvboGml5vSTeg-HrMr9p6uj9X-svBA-OYhRJeaI2Ig9kTjkjBji5_7ERDB9ZXVitNHQad70Gcxrn-3ha2S6_gxQYRGXkMBciusudSXXEhNZHcbgrc&ext_cid=0&px_id=31418774&min_cpm=0.1187610927152129&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13748770856447454&cpm=0&verify_hash=95db89c191a6fee679708cb1ec5281f2&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=5663f79f-923a-4850-9f03-acd3494daa01&prev_step_diff=879
167.235.163.216200 OK 0 B URL GET HTTP/2 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DMngwM1QtIijp5_D-DlSOs_ezC3ThMILS0pR36lxGM6vfg4d4p9F_Ozk3KsZ3zW1Ai7BR5GvfPSsXBDJXkwZAQQwliXrOOxWSujm6IFVfUEfpsJTdOZ9qfRdirjpB5j62AiHpi3twN0PnJkrAmFnzhLRZCZ_7J2DDIzIVxAH4rv-wktgXff44bRIDGmBj7AINVGTtQ86NurJpR6cXmGFa3U_vKoSnx865wIEX_WkANDMVv5XdHGZJBxV3fciLbUtn0nKcgAvdbl0kGTaDuhG8SeskSqp2VBpTOB3nWJGORIn1nrHLPfCL3DiM3tRoAP_EfSe-gltTpVvjIRKKVhYgw2vSME8yxPqVh0kv9jPO0QT1TQRoWeygSRzvGJLEki4beeeUPFA_2PN8DlCVTr_tAO-YCKhfj5N-U1sNpbro1MWKw4Jw9FQ8s0TYP9Dh6gsrcIHtFvAWQHJWT3rujEXkMWBCAWWPieCvLNxePhgBAAmMbgVphHzmd-1bD2KAFMCLuJ8vH9FPpxI_gO94E63OqzwwAJMy_o0pQJShsOewawDbfj2MLIl1sMAbOx8yuSF-iJ4KJYVl&icons=ygV_Hb43j0j0orwlEXf-bpe4DK3pQUTb6Xpn3OUg-0SToTR7gnf2UlCgiKCsKhu3-Yx3NssMKFp4-CBPjESBnSy9zG8cKYHzkb1R-IUU-7vUaxnvtLKC5Xos72AZQbSybXaXQ-FPNl2lducaDd6QB7ndeioUEXBkuBEV5fSWan9SdnCJqIh85JTHqbmAF-ZIFxNguHwcR6KhcZ2pdO4WsV5jdxhWSt7WMVTgYexSPKdMZQm3izZ94ZpXPn6IUEDEEDgQq4uujokmmurDfGiXceKwAqdwQed_pcQNo18h8Bq6wyV2uHEr2L2SKpRquIzAehOcHJrEHQLdHNFSwR4xDhz8LKgm65RXprwxJiqOyv0HMr7wdTkmOXwx0NiILEeoNuD8MdCZoyPCGR6e2I37musbLW5IV3qqJBYXdF0CQNpV-lg5w-pLrRZe15NsUZ3mtD-Vgwb6W4QlMSK85aWwyzV5qkFWstJNhHdm2ype2lyPTsSoCyUtDLEGJkllEuPxu2wmzcbW7hI-xVTu8fSPDDrQVfNkNdiRNMW4rVGK_kxKejiSEJPUv5rfYg5nYBOaI7TBGm5anG36yvffOY1UbHRvboGml5vSTeg-HrMr9p6uj9X-svBA-OYhRJeaI2Ig9kTjkjBji5_7ERDB9ZXVitNHQad70Gcxrn-3ha2S6_gxQYRGXkMBciusudSXXEhNZHcbgrc&ext_cid=0&px_id=31418774&min_cpm=0.1187610927152129&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13748770856447454&cpm=0&verify_hash=95db89c191a6fee679708cb1ec5281f2&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=5663f79f-923a-4850-9f03-acd3494daa01&prev_step_diff=879
IP 167.235.163.216:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subject2ac4fce9b8.com
Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1
ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FFjijrvsPGF0&refdom=poop.com.co&auction_time=1714827892&subid=357529620&sid=1856177010&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FFjijrvsPGF0%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DMngwM1QtIijp5_D-DlSOs_ezC3ThMILS0pR36lxGM6vfg4d4p9F_Ozk3KsZ3zW1Ai7BR5GvfPSsXBDJXkwZAQQwliXrOOxWSujm6IFVfUEfpsJTdOZ9qfRdirjpB5j62AiHpi3twN0PnJkrAmFnzhLRZCZ_7J2DDIzIVxAH4rv-wktgXff44bRIDGmBj7AINVGTtQ86NurJpR6cXmGFa3U_vKoSnx865wIEX_WkANDMVv5XdHGZJBxV3fciLbUtn0nKcgAvdbl0kGTaDuhG8SeskSqp2VBpTOB3nWJGORIn1nrHLPfCL3DiM3tRoAP_EfSe-gltTpVvjIRKKVhYgw2vSME8yxPqVh0kv9jPO0QT1TQRoWeygSRzvGJLEki4beeeUPFA_2PN8DlCVTr_tAO-YCKhfj5N-U1sNpbro1MWKw4Jw9FQ8s0TYP9Dh6gsrcIHtFvAWQHJWT3rujEXkMWBCAWWPieCvLNxePhgBAAmMbgVphHzmd-1bD2KAFMCLuJ8vH9FPpxI_gO94E63OqzwwAJMy_o0pQJShsOewawDbfj2MLIl1sMAbOx8yuSF-iJ4KJYVl&icons=ygV_Hb43j0j0orwlEXf-bpe4DK3pQUTb6Xpn3OUg-0SToTR7gnf2UlCgiKCsKhu3-Yx3NssMKFp4-CBPjESBnSy9zG8cKYHzkb1R-IUU-7vUaxnvtLKC5Xos72AZQbSybXaXQ-FPNl2lducaDd6QB7ndeioUEXBkuBEV5fSWan9SdnCJqIh85JTHqbmAF-ZIFxNguHwcR6KhcZ2pdO4WsV5jdxhWSt7WMVTgYexSPKdMZQm3izZ94ZpXPn6IUEDEEDgQq4uujokmmurDfGiXceKwAqdwQed_pcQNo18h8Bq6wyV2uHEr2L2SKpRquIzAehOcHJrEHQLdHNFSwR4xDhz8LKgm65RXprwxJiqOyv0HMr7wdTkmOXwx0NiILEeoNuD8MdCZoyPCGR6e2I37musbLW5IV3qqJBYXdF0CQNpV-lg5w-pLrRZe15NsUZ3mtD-Vgwb6W4QlMSK85aWwyzV5qkFWstJNhHdm2ype2lyPTsSoCyUtDLEGJkllEuPxu2wmzcbW7hI-xVTu8fSPDDrQVfNkNdiRNMW4rVGK_kxKejiSEJPUv5rfYg5nYBOaI7TBGm5anG36yvffOY1UbHRvboGml5vSTeg-HrMr9p6uj9X-svBA-OYhRJeaI2Ig9kTjkjBji5_7ERDB9ZXVitNHQad70Gcxrn-3ha2S6_gxQYRGXkMBciusudSXXEhNZHcbgrc&ext_cid=0&px_id=31418774&min_cpm=0.1187610927152129&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6304250301965274926&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13748770856447454&cpm=0&verify_hash=95db89c191a6fee679708cb1ec5281f2&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714885492&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=5663f79f-923a-4850-9f03-acd3494daa01&prev_step_diff=879 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=c379d1bd-a2c3-4a78-9411-e9dcb5b4103c&prev_step_diff=953
45.133.44.25200 OK 486 B URL GET HTTP/2 static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=c379d1bd-a2c3-4a78-9411-e9dcb5b4103c&prev_step_diff=953
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Hash ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=c379d1bd-a2c3-4a78-9411-e9dcb5b4103c&prev_step_diff=953 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 13:04:53 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=080d46f3-800c-4e81-9ccd-df05c2a6c0e5&prev_step_diff=879
45.133.44.25200 OK 486 B URL GET HTTP/2 static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=080d46f3-800c-4e81-9ccd-df05c2a6c0e5&prev_step_diff=879
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Hash ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=080d46f3-800c-4e81-9ccd-df05c2a6c0e5&prev_step_diff=879 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 13:04:53 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
45.133.44.25200 OK 1.1 kB URL GET HTTP/2 static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 13:04:53 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
poop.com.co/d/FjijrvsPGF0
188.114.97.1200 OK 5.3 kB URL User Request GET HTTP/2 poop.com.co/d/FjijrvsPGF0
IP 188.114.97.1:443
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (6446)
Hash 60591b09594fb30ec1fb7ea5bb90ccc4
fbc13ceb47a42fbbf1c31e32b8b2b308142e5ac5
ec2154d7ae5b65c19515f025ff89a500130ca17e11744073ec9fa2cb5b7aff06
GET /d/FjijrvsPGF0 HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=43200
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 13:04:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSSdrJIjC5%2B%2FzRJlF15KrXB8%2F3Dcu3CtUYvL6vfo%2FWNpDa2OkwljzMxIgoMmvQctOfv3T1v1EvdhrUcfvInSTMFo59pV6MutBJJq0iNEcDGBVHlhZ%2BHfP5f4WTyDSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2ea6c4156b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
imgsdn.com/ie?v=4&c=gjJLWqkX7B8vu1c4vGxwOWSl5lclmhcNbZGk5SU9f7LIdseGfuJaFMv_UFleQgSodYFYXzjOePBD26r7PF4KCQXxpbZKDPyThJ8Iq0rNRWy0jLEATetsygd39z1-py8ZE6kNF8dYHverqsZLjmj4pGiJslbmDYh3LVH7lvGzfz2VYqs8e3qjxgscUXWOwnBgQ6PqSvsJYodR-NoAjbOqh_NIa3bB5FkqktuFeuPxWvegAqhItdW1LYdv-NCgyg2hUOH1rypg1wovnjcSca6e6B8cbS0RXSqr_URWPtA_rYBrqCkG32yRYzaPXA7sO6R2PzNLRWDuHt2DZYsRrkefv1QjuURIMplb2-zZ15_oVW40vg4Y9rTk0rdxGR2XmG5CTl4ZJqLVJ9MtVrtJAQBgi4kCXWZ4m2PvtMnZMOfXEnLH-3amDu8iUD1KP7S1_Q==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=5698f660-9730-41c7-948b-4cb7c11bb051&prev_step_diff=953
162.55.246.161301 Moved Permanently 0 B URL GET HTTP/1.1 imgsdn.com/ie?v=4&c=gjJLWqkX7B8vu1c4vGxwOWSl5lclmhcNbZGk5SU9f7LIdseGfuJaFMv_UFleQgSodYFYXzjOePBD26r7PF4KCQXxpbZKDPyThJ8Iq0rNRWy0jLEATetsygd39z1-py8ZE6kNF8dYHverqsZLjmj4pGiJslbmDYh3LVH7lvGzfz2VYqs8e3qjxgscUXWOwnBgQ6PqSvsJYodR-NoAjbOqh_NIa3bB5FkqktuFeuPxWvegAqhItdW1LYdv-NCgyg2hUOH1rypg1wovnjcSca6e6B8cbS0RXSqr_URWPtA_rYBrqCkG32yRYzaPXA7sO6R2PzNLRWDuHt2DZYsRrkefv1QjuURIMplb2-zZ15_oVW40vg4Y9rTk0rdxGR2XmG5CTl4ZJqLVJ9MtVrtJAQBgi4kCXWZ4m2PvtMnZMOfXEnLH-3amDu8iUD1KP7S1_Q==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=5698f660-9730-41c7-948b-4cb7c11bb051&prev_step_diff=953
IP 162.55.246.161:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=gjJLWqkX7B8vu1c4vGxwOWSl5lclmhcNbZGk5SU9f7LIdseGfuJaFMv_UFleQgSodYFYXzjOePBD26r7PF4KCQXxpbZKDPyThJ8Iq0rNRWy0jLEATetsygd39z1-py8ZE6kNF8dYHverqsZLjmj4pGiJslbmDYh3LVH7lvGzfz2VYqs8e3qjxgscUXWOwnBgQ6PqSvsJYodR-NoAjbOqh_NIa3bB5FkqktuFeuPxWvegAqhItdW1LYdv-NCgyg2hUOH1rypg1wovnjcSca6e6B8cbS0RXSqr_URWPtA_rYBrqCkG32yRYzaPXA7sO6R2PzNLRWDuHt2DZYsRrkefv1QjuURIMplb2-zZ15_oVW40vg4Y9rTk0rdxGR2XmG5CTl4ZJqLVJ9MtVrtJAQBgi4kCXWZ4m2PvtMnZMOfXEnLH-3amDu8iUD1KP7S1_Q==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=5698f660-9730-41c7-948b-4cb7c11bb051&prev_step_diff=953 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
location: https://img.vmmcdn.com/get/31532110/551815_icon.png
x-app-id: 11
img.vmmcdn.com/get/44563324/551815_image.jpg
46.4.121.113200 OK 12 kB URL GET HTTP/2 img.vmmcdn.com/get/44563324/551815_image.jpg
IP 46.4.121.113:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Hash ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/44563324/551815_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
45.133.44.52200 OK 122 kB URL GET HTTP/2 da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File type gzip compressed data, from Unix
Size 122 kB (122029 bytes)
Hash 166a06684c62887aefec05ab08a8ee2b
43ce9374cabb3d66129d88be801546c80cd05d57
a955373c4e190f7a3ec758a35b3ac71bdd3c638c951d4fff3fb255081ae0c956
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 13:09:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
img.vmmcdn.com/get/54189012/551810_icon.png
46.4.121.113200 OK 7.8 kB URL GET HTTP/2 img.vmmcdn.com/get/54189012/551810_icon.png
IP 46.4.121.113:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Hash 0650546bbbcd67dd93173a189442d1a7
2e11ca6e252fbfdeab364e9729a0558816df3b6c
e5edb8a6c4e0cb1376b15832c2140fa6037ed69042cb988102d5b0c1edcbcd11
GET /get/54189012/551810_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/png
content-length: 7770
last-modified: Wed, 27 Mar 2024 08:37:19 GMT
cache-control: public, max-age=604800
etag: "6603dabf-1e5a"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
img.vmmcdn.com/get/31532110/551815_icon.png
46.4.121.113200 OK 13 kB URL GET HTTP/2 img.vmmcdn.com/get/31532110/551815_icon.png
IP 46.4.121.113:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Hash d33d90c506dc28ad22627e5bb03234f0
2ab58d0b5c7ba191391bdc5f9ac011276f0aa281
87ca14c510fabadfcdde2e1bf5211f364d6f441aa156fb0c3426318d6d33cc4f
GET /get/31532110/551815_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/png
content-length: 12875
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-324b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
mcpuwpsh.com/get/
94.130.197.240200 OK 5.7 kB IP 94.130.197.240:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash 38ab80d88f1ad899835102ccb0f8e555
958cd2e7a84a671e5290b14fc8a3574a92537a11
1c462d935d25a886847d9400e646b9b747c1c4d1782292ee139213531524064c
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1254
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 04 May 2024 13:04:53 GMT
content-type: application/json
content-length: 5726
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
metrolagu.cam/jembud/304647507376726a696a46
188.114.97.1200 OK 16 kB URL GET HTTP/3 metrolagu.cam/jembud/304647507376726a696a46
IP 188.114.97.1:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File type HTML document, ASCII text
Hash 96a7ff09b75dac607669032477dd446b
8d024179e7c530b46a318beb6a005d92ccfcb35e
ea3df9d83ee635aa8895715c8c5ec9125b63970ec45adfca7275afffac64e422
GET /jembud/304647507376726a696a46 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FX8HavXOp9ivhvdjBYt6rwE43UE2OMwvaXS3Zqwn0zHyMt1A%2FY04p%2BygmRZz5KsvBmau%2FFPg866hkxfqzs18vpxpn0Q1QqcCVuxUfWbzofso2HpZa0TaWXTDuGhr2YA5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2f67f030b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
meenetiy.com/5/6678850
139.45.197.245200 OK 65 kB IP 139.45.197.245:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT
File type gzip compressed data, max speed, from Unix
Hash 4aa621422470dded88d73cddae2a89c7
03562ada8b830ee78ae13928763a91f4705fcad7
5e484d1be30d41c81fa104e2b1725058f2586cb2a40a04943445a9a2810ddd23
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/javascript
x-trace-id: f1e6d35523f0f4d79232cbff9a6d7755
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008052ec69e74ee3f6c372ce7ae85be0; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
oaidts=1714827892; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fikedaquabib.com/rotaInGRWQGA24/64343
23.109.170.20200 OK 20 B URL GET HTTP/1.1 fikedaquabib.com/rotaInGRWQGA24/64343
IP 23.109.170.20:443
Requested by https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate IssuerLet's Encrypt
Subjectfikedaquabib.com
FingerprintB2:55:98:8B:5C:B3:05:1D:91:A5:02:43:2D:0B:18:86:4D:1E:E9:38
ValidityThu, 28 Mar 2024 23:27:44 GMT - Wed, 26 Jun 2024 23:27:43 GMT
File type gzip compressed data, from Unix
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 13:04:54 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 13:04:54 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 13:04:54 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
142.250.74.106200 OK 18 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP 142.250.74.106:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash 942d6c103643a3b457d90844f34a9b37
e2594da697f0082ee92f0f1d9b163aed142e09e7
654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 13:04:50 GMT
date: Sat, 04 May 2024 13:04:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
metrolagu.cam/play.svg
188.114.97.1200 OK 633 B IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File type SVG Scalable Vector Graphics image
Hash fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4262
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dYa%2FoPFrN35VMEjhpCPMWAi9yvOi4yIE6%2FFXfyJ1KNoXbuVH%2BfUnXUOhlB6%2BKzTm6ZiXUhYJoAoEHU5ExWi1ZmXnb%2BXT9j%2FKpqm70AWBSKHF1vo19SdjVQqi7%2F7m3ra"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b2f0fd1c1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
meenetiy.com/?rb=91D-_Dqnb6iTIgiTmJ_xBbgdix5nqeI5Sp2L0WYnYdwxRNbKUbRWAy6eVo0hZ5vOh5dpDVEHZUt2RXcolVFTcrjHVrq2vniIM3fTadbTTV032tyYmSWghyyehWCFYEh96NFFjeqBbdxTbLHGSMlg4EQir0FiIzpBXw0s5cmRxF6KRQ0SNRlbNGszb2k78bLMXCJKGwNdFlSMHVHSQv65mrbVbVfP9ktSdzgdzpDJmaxIFDxHLhysZcEmR3TaI_zaMiDvOc6eOj8%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DPCyN4TuzZ5M&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F304647507376726a696a46&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e555a5bf-c192-4a0c-b9c8-0ff1646f3f9a&userId=080052a5ac8f418ff5ae41c3ca3eba21&m=link
139.45.197.245200 OK 3.0 kB URL GET HTTP/2 meenetiy.com/?rb=91D-_Dqnb6iTIgiTmJ_xBbgdix5nqeI5Sp2L0WYnYdwxRNbKUbRWAy6eVo0hZ5vOh5dpDVEHZUt2RXcolVFTcrjHVrq2vniIM3fTadbTTV032tyYmSWghyyehWCFYEh96NFFjeqBbdxTbLHGSMlg4EQir0FiIzpBXw0s5cmRxF6KRQ0SNRlbNGszb2k78bLMXCJKGwNdFlSMHVHSQv65mrbVbVfP9ktSdzgdzpDJmaxIFDxHLhysZcEmR3TaI_zaMiDvOc6eOj8%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DPCyN4TuzZ5M&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F304647507376726a696a46&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e555a5bf-c192-4a0c-b9c8-0ff1646f3f9a&userId=080052a5ac8f418ff5ae41c3ca3eba21&m=link
IP 139.45.197.245:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2988), with no line terminators
Hash e5b1dd642acae438cce7d3b01342de64
f3e63373b2a2e13c565514113955c5bb7e822a95
6ef18fa3726254c60489b203871e3130425726fb09859d5d270d2c186d0a0693
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?rb=91D-_Dqnb6iTIgiTmJ_xBbgdix5nqeI5Sp2L0WYnYdwxRNbKUbRWAy6eVo0hZ5vOh5dpDVEHZUt2RXcolVFTcrjHVrq2vniIM3fTadbTTV032tyYmSWghyyehWCFYEh96NFFjeqBbdxTbLHGSMlg4EQir0FiIzpBXw0s5cmRxF6KRQ0SNRlbNGszb2k78bLMXCJKGwNdFlSMHVHSQv65mrbVbVfP9ktSdzgdzpDJmaxIFDxHLhysZcEmR3TaI_zaMiDvOc6eOj8%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DPCyN4TuzZ5M&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F304647507376726a696a46&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e555a5bf-c192-4a0c-b9c8-0ff1646f3f9a&userId=080052a5ac8f418ff5ae41c3ca3eba21&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=080052a5ac8f418ff5ae41c3ca3eba21; oaidts=1714827892; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/json
x-trace-id: 54debb3f8bb4f82d706b0327fd5ca87a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=080052a5ac8f418ff5ae41c3ca3eba21; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
oaidts=1714827892; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 13:04:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
mp4skin.com/embud/304647507376726a696a46
188.114.96.1200 OK 241 B URL GET HTTP/2 mp4skin.com/embud/304647507376726a696a46
IP 188.114.96.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT
File type HTML document, ASCII text, with no line terminators
Hash e2db09574d55f31646a5e65c164a6b18
f051978e4b4f5c212dafb939b57e556e22724c19
b57071197315719f7642c9055ac362ddcf84e789ad2acda38d63141030d0b3da
GET /embud/304647507376726a696a46 HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VtpDWuSQ7%2Fy94YuAOhdp3QdbaE%2FcHAANven0gQMIvzKYGRcri6754%2B4hK0kaFJOWYM%2BMSsuLF2u2MWdvxZrAaTAq8t2S5Mw%2BpyaD8Hh%2B6OqDWXneuPTS5jiKuixoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2f2a81056c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.vmmcdn.com/get/5741293/551810_image.jpg
46.4.121.113200 OK 12 kB URL GET HTTP/2 img.vmmcdn.com/get/5741293/551810_image.jpg
IP 46.4.121.113:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Hash ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/5741293/551810_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 13:04:53 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
poop.com.co/theme_2/css/bootstrap.min.css
188.114.97.1200 OK 209 kB URL GET HTTP/3 poop.com.co/theme_2/css/bootstrap.min.css
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type ASCII text, with very long lines (625)
Size 209 kB (208810 bytes)
Hash 3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/d/FjijrvsPGF0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:50 GMT
content-type: text/css
last-modified: Sun, 08 Oct 2023 02:12:44 GMT
vary: Accept-Encoding
etag: W/"6522101c-32faa"
expires: Sat, 04 May 2024 14:20:54 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 38636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvqpBRvhxwQyek1qek5f9YOePq8uBm0P4RDopBBf7vaHFaoUx%2B6d8pCChnaq7bGaZdcaAcRxImWI20wknzxTCGJjOfzbx7fY89zIo1t6rNdDgXaoMH%2F6AVbwLhq0yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2ed6821b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
metrolagu.cam/embed.css
188.114.97.1200 OK 1.1 kB IP 188.114.97.1:443
Requested by https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File type ASCII text, with very long lines (1145), with no line terminators
Hash 69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sat, 04 May 2024 16:01:18 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 32615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rqBbYtm6DDJeLnDzYtY6Rgf8e3OHz4GZD1AV5pfUsRIv7eySSyY8e9ahPHxGILZU9aod2iZoBv6cEg%2FiXg34x9sauYxiplUol6GppWHMEjJXbS08MC%2B0x8PcUXATHxI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b30138f80b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
poop.com.co/theme_2/css/embed2.css
188.114.97.1200 OK 2.2 kB URL GET HTTP/3 poop.com.co/theme_2/css/embed2.css
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type ASCII text, with very long lines (2233), with no line terminators
Hash f5fb3ee7c6fb0e1251ea82a1e5aebcb2
206571f7be59d12b06d5dde5b031b1a0ef15cb0a
fa12669187e8ec4fbfab56c697b86f838717458b831e3784d60ab93b2f6248f3
GET /theme_2/css/embed2.css HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/d/FjijrvsPGF0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=2267
etag: W/"653c4c47-8db"
expires: Sat, 04 May 2024 17:31:37 GMT
last-modified: Fri, 27 Oct 2023 23:48:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 27194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3KN68E2KtUVHcL3pYbbu19MQCY%2BDMmSRUpx9X9V2vn6GMNOi320rqaXnkOwmzK03XtRhpv7MUZrvmvK0YgW%2FkASbc3xjqLDYqr8Ek4dKB6VbkJ9QSAeHpAcsJ74MiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2efaaf5b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
storage.multstorage.com/log/count.html
172.67.174.51200 OK 882 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP 172.67.174.51:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File type HTML document, ASCII text, with very long lines (919), with no line terminators
Hash 053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 7a2bb68b7684b3ae066d7f64a15823c8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iO3kRiPRaLXhomavgdxhqucW9mzsJQi6Wkk6PXRNz0v%2BcyGiFEnuAkO5SfYfzMGla5QcFmXcye4hAt9vi9i3EEYVIxSwcgcDx4pBZi4HLWOUPGecnp8fWvq0VIKG2xkY%2Fgcwh%2FQy5bXSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2f5cab2b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js
45.133.44.52200 OK 168 kB URL GET HTTP/2 da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Size 168 kB (168338 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /19d44b098ab6aa7dfec36de417c310f1.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 24 Apr 2024 09:09:17 GMT
etag: W/"6628cc3d-29192"
content-encoding: gzip
expires: Sat, 04 May 2024 13:09:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js
45.133.44.52200 OK 109 kB URL GET HTTP/2 da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Size 109 kB (109340 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /0ae085698cad0960a86703ca969164ab.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sat, 04 May 2024 13:09:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
mp4skin.com/watch?V=PCyN4TuzZ5M
188.114.96.1200 OK 633 B URL POST HTTP/3 mp4skin.com/watch?V=PCyN4TuzZ5M
IP 188.114.96.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT
File type HTML document, ASCII text, with very long lines (672), with no line terminators
Hash f9a536887396c6f2d09deaa54f53b124
10a2fd7c38237877f59a1e4f9bae5909ca3537ab
a7526a4971676f0d6bd7cc16c698553d9f78f9e6f16cea31f9c3b610111b0415
POST /watch?V=PCyN4TuzZ5M HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/304647507376726a696a46
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIUIVIuOP5TfIRZ8fk0HF98gRBMVm0G9SAl3CxE19E%2BQL8qxaFeALiRZP5nAHI01EQnYw9o9p83%2B7e6%2FZzvAwEw%2FWTPsosRmA62mXnMGlyRKNOp41ZuIsF3V%2BaeE5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2f55d3356bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
metrolagu.cam/video?q=nanti+kita+seperti+ini
188.114.97.1200 OK 6.9 kB URL POST HTTP/3 metrolagu.cam/video?q=nanti+kita+seperti+ini
IP 188.114.97.1:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File type HTML document, ASCII text, with very long lines (6946), with no line terminators
Hash 41dcab5e6f336209db5a71b74763c220
172baaed97a462122ee76aca57d053d9d513dfe0
3f570817f8517e6f10ef85f356bcf6f602383f6f3452bc8c895f4de5c96122be
POST /video?q=nanti+kita+seperti+ini HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/304647507376726a696a46
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uh7oTfF%2Fhkcpq8DkhV7F2M6u4q2MfXzBqwekLc0dZ1glfPxZrJbl1EsnIlHkeVqr4YYCzmqN4plow0g%2FJwBiNfr0XMKyVhmxyIIq%2Bq7M0cTg2YPT5n6zJYWnNUeriL6M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b3003f920b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQy8uwhx6sGsj_yovStbAQ6jehsQbZ-bYULgRhp06vxRZNhOuRTDIShMY9lnlbRh1KzP3BYN&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1714827893005286&theme=mn&ddm=0
74.125.131.84403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQy8uwhx6sGsj_yovStbAQ6jehsQbZ-bYULgRhp06vxRZNhOuRTDIShMY9lnlbRh1KzP3BYN&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1714827893005286&theme=mn&ddm=0
IP 74.125.131.84:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQy8uwhx6sGsj_yovStbAQ6jehsQbZ-bYULgRhp06vxRZNhOuRTDIShMY9lnlbRh1KzP3BYN&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1358285550%3A1714827893005286&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 13:04:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-xGFNO_bxrov8Ig4izgE_6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
imgsdn.com/ie?v=4&c=UnGxPIviywb05UnS5Aj37DV1kSOzQhDn983nrqbRUl7HHiUKDrhn5yMYc226zbAqptSOBwnSRPmy6sTX_0uoCIQOZB-5EscN7krrKrixG2ehanFp6K9kYRNFlhCVb6oDhYx3KFIE5hLsUbUxqyfHjR4aYgR1Xspt1G45pUlCvl4P8BxBsCf_1m3WBahF2jE7g1ssm05NGyUDMAuKfolclP51Z2QfLWB0ZDYaPCArWRQyOvy34uV_UlZSadRICIfK1TpzVLMWPoJTpnYA1LcLIRAwD0KTy-Hd2YkCPLuof4_h4Mx2cnEH5bUcb9c175h9c6dsF91SIPXHBzNV_9aj2Yhg3OqkALmHEYwkcJrslTJKtvvHp0537SwkLVxJDK51FKB_VuK-Xc2A5B0UuE_V_1FUl0smrpUOeTmDSTZ8ooN1XpytenZ98w0EG_Z7_A==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=4ccf3483-61f0-4b21-a03b-4a07d7c1d292&prev_step_diff=879
162.55.246.161301 Moved Permanently 7.8 kB URL GET HTTP/1.1 imgsdn.com/ie?v=4&c=UnGxPIviywb05UnS5Aj37DV1kSOzQhDn983nrqbRUl7HHiUKDrhn5yMYc226zbAqptSOBwnSRPmy6sTX_0uoCIQOZB-5EscN7krrKrixG2ehanFp6K9kYRNFlhCVb6oDhYx3KFIE5hLsUbUxqyfHjR4aYgR1Xspt1G45pUlCvl4P8BxBsCf_1m3WBahF2jE7g1ssm05NGyUDMAuKfolclP51Z2QfLWB0ZDYaPCArWRQyOvy34uV_UlZSadRICIfK1TpzVLMWPoJTpnYA1LcLIRAwD0KTy-Hd2YkCPLuof4_h4Mx2cnEH5bUcb9c175h9c6dsF91SIPXHBzNV_9aj2Yhg3OqkALmHEYwkcJrslTJKtvvHp0537SwkLVxJDK51FKB_VuK-Xc2A5B0UuE_V_1FUl0smrpUOeTmDSTZ8ooN1XpytenZ98w0EG_Z7_A==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=4ccf3483-61f0-4b21-a03b-4a07d7c1d292&prev_step_diff=879
IP 162.55.246.161:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnimrute.com
FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4
ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=UnGxPIviywb05UnS5Aj37DV1kSOzQhDn983nrqbRUl7HHiUKDrhn5yMYc226zbAqptSOBwnSRPmy6sTX_0uoCIQOZB-5EscN7krrKrixG2ehanFp6K9kYRNFlhCVb6oDhYx3KFIE5hLsUbUxqyfHjR4aYgR1Xspt1G45pUlCvl4P8BxBsCf_1m3WBahF2jE7g1ssm05NGyUDMAuKfolclP51Z2QfLWB0ZDYaPCArWRQyOvy34uV_UlZSadRICIfK1TpzVLMWPoJTpnYA1LcLIRAwD0KTy-Hd2YkCPLuof4_h4Mx2cnEH5bUcb9c175h9c6dsF91SIPXHBzNV_9aj2Yhg3OqkALmHEYwkcJrslTJKtvvHp0537SwkLVxJDK51FKB_VuK-Xc2A5B0UuE_V_1FUl0smrpUOeTmDSTZ8ooN1XpytenZ98w0EG_Z7_A==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=4ccf3483-61f0-4b21-a03b-4a07d7c1d292&prev_step_diff=879 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sat, 04 May 2024 13:04:53 GMT
content-length: 0
location: https://img.vmmcdn.com/get/54189012/551810_icon.png
x-app-id: 11
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.25.14200 OK 90 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.25.14:443
Requested by https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 231091
expires: Thu, 24 Apr 2025 13:04:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ds6oybrIAeSApLgVM1oiNcqJeYQzMD%2B91aGG61pk2jN81zBFr5ZEVNh0EA5jZiO1AYe1z7TSm8Hdltn7sWgpygNDqZ4EHvuxfncJdZDaWAQsS41kJpo5Ys%2FrF66qOEGMdE4TS99F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e8b3015b4b56aa-OSL
alt-svc: h3=":443"; ma=86400
poop.com.co/theme_2/css/style.css
188.114.97.1200 OK 209 kB URL GET HTTP/3 poop.com.co/theme_2/css/style.css
IP 188.114.97.1:443
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File type ASCII text, with very long lines (65465)
Size 209 kB (209032 bytes)
Hash 040e80c238371d4172a34a4fb5b24fd3
92ccd50c595590d8b8a4b71275ed15ae25eb8120
b5d197171351e1ddaebb1bfe4f70c9103109d98395ff67c3aac7064ac474a22c
GET /theme_2/css/style.css HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/d/FjijrvsPGF0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:50 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=259373
etag: W/"652211c2-3f52d"
expires: Sat, 04 May 2024 17:31:37 GMT
last-modified: Sun, 08 Oct 2023 02:19:46 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 27193
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gYgIIDcNPrYZ7rgZdCaHtkqDdBeRgoQKvmgAltIss7q0wLoKix9l92nutpW1IU0wZh1tvp6xVk1dolJESEIR9nz1%2BWRFWyPTbcEpReFNnY%2BtFsnEnRRwd6J%2FHk4NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2ed7835b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
mp4skin.com/embed.css
188.114.96.1200 OK 755 B IP 188.114.96.1:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT
File type ASCII text, with very long lines (757), with no line terminators
Hash 893c3050971d660ec53ed6ea64582a05
a06d1563bdeb65aa5f5d68b7f0cefdd6778b6056
a2e4ffd0ece96aa94f183f77575fb2dcdf08483df0fbb8f1324cc9f088e9d1c9
GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?V=PCyN4TuzZ5M
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Sat, 04 May 2024 14:24:39 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 38413
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSvJ6wlIjDjVZ7TlvTZTWxwaY4x3SscS%2FtQH8ylYAFfp7wb334QbwTQOhsREjasRrMmGvRf%2Bjfn6D5AW6sqaevrRwWSa4px%2FtEROOFUp92AMfAJLhl3YryUVcMxxwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e8b2f66f0f56bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
nereserv.com/in/dip?site=native-push&wl=1&event_id=a752c008-8082-4416-856c-3cded58cf83d&subid=357529620&sid=1856177010&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
94.130.198.6200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=a752c008-8082-4416-856c-3cded58cf83d&subid=357529620&sid=1856177010&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1
IP 94.130.198.6:443
ASN #24940 Hetzner Online GmbH
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=a752c008-8082-4416-856c-3cded58cf83d&subid=357529620&sid=1856177010&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 13:04:52 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=c
45.133.44.52200 OK 3.3 kB URL GET HTTP/2 da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=c
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File type troff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators
Hash 0d1dc937ab55b7ae059fe4e7ceaf07df
c3851a3b9d8b91e8d552b86d7113b841581998fc
231e28a8f33353449a65b6afb13ede075b175a52f7876f08257fedf7a56902f7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /22802538876b351854c895125b33cfd1/114039?version_name=c HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:51 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 04 May 2024 13:09:51 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=080052a5ac8f418ff5ae41c3ca3eba21
139.45.197.245200 OK 2.9 kB URL GET HTTP/2 meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=080052a5ac8f418ff5ae41c3ca3eba21
IP 139.45.197.245:443
Requested by https://mp4skin.com/watch?V=PCyN4TuzZ5M
Certificate IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT
File type troff or preprocessor input, ASCII text, with very long lines (3097), with no line terminators
Hash 02e9c226322408b74a50a62acc0109ee
60ca4e8bf86a2f91c3b49751ddb7dace01de111f
0edf478c5ac9d1ff741a898c4dcc637822a0c9eb427d8726d2318fd22bdae965
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/6678850/?abt_opts=1&js_build=iclick-v1.788.6-auto&userId=080052a5ac8f418ff5ae41c3ca3eba21 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=008052ec69e74ee3f6c372ce7ae85be0; oaidts=1714827892
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/json
x-trace-id: a9bcab237a2f0afde78dfa66b6457182
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=080052a5ac8f418ff5ae41c3ca3eba21; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
oaidts=1714827892; expires=Sun, 04 May 2025 13:04:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 13:04:52 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js
45.133.44.52200 OK 97 kB URL GET HTTP/2 da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://poop.com.co/d/FjijrvsPGF0
Certificate IssuerLet's Encrypt
Subjectda7b22a400.13199960a1.com
Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD
ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /69e850fd67f4bef7c987ce894adc6a8e.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 13:04:52 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sat, 04 May 2024 13:09:52 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
metrolagu.cam/play.svg
188.114.97.1200 OK 633 B IP 188.114.97.1:443
Requested by https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File type SVG Scalable Vector Graphics image
Hash fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 13:04:54 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4265
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUJawtaXi0%2BAbmQEnXalUG9ct%2F%2B6j3mpfZM0fyIlxK0W4tmSxaY6dcX12HCpQIR%2FjfmkWUj%2F5q%2BGF4%2FHAO%2Fd1Hcz1EExuNfUfchgPyUTPrjfqpIrR3ZshZy%2Fh6eEvoZk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e8b301b97f0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400