Report - poop.com.co/e/uJ3Rj9WxJVG

Report Overview

Submitted URL
poop.com.co/e/uJ3Rj9WxJVG
IP
172.67.136.38
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 05:44:48
Access
public
Website Title
YEbGL-2990-Bokep-Indo-JoeTheLego-Konten-Ngentot-Binor-Montok - PoopHD
Final URL
poop.com.co/e/uJ3Rj9WxJVG
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	898 B	58 kB	104.17.25.14
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-08	1.0 kB	808 B	157.90.84.242
mp4skin.com	unknown	2023-05-01	2023-05-11	2024-02-24	1.6 kB	3.5 kB	172.67.154.189
poop.com.co	unknown	2024-02-11	2024-02-11	2024-04-18	479 B	33 kB	104.21.78.178
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-09	1.7 kB	5.3 kB	74.125.131.84
assets.poopcdn.com	unknown	2024-03-14	2024-03-14	2024-04-13	1.3 kB	6.9 kB	188.114.97.1
ef34ee98f7.0b2d458c45.com	unknown	unknown	No data	No data	819 B	320 B	45.133.44.53
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-09	2.3 kB	1.3 kB	157.90.84.246
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-04-15	2.5 kB	13 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	418 B	103 kB	142.250.74.168
img.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-05-09	446 B	26 kB	172.67.70.190
362e373497.4a5936c82e.com	unknown	unknown	No data	No data	2.7 kB	1.3 MB	45.133.44.52
paronymtethery.com	unknown	unknown	No data	No data	410 B	1.5 kB	23.109.170.224
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-09	1.8 kB	3.0 kB	45.133.44.25
img.vmmcdn.com	36292	2019-11-26	2019-11-26	2024-05-09	1.6 kB	72 kB	138.201.51.142
1734081ce4.64c8149326.com	unknown	unknown	No data	No data	17 kB	17 kB	157.90.84.246
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-09	415 B	740 B	139.45.195.8
meenetiy.com	unknown	2023-01-04	2023-01-04	2024-03-14	2.2 kB	99 kB	139.45.197.245
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-09	650 B	1.4 kB	142.250.74.131
imgsdn.com	unknown	2024-02-12	2024-02-12	2024-05-09	2.0 kB	366 B	162.55.246.161
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-08	474 B	4.1 kB	94.130.197.240
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-08	523 B	1.6 kB	172.67.174.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	0b2d458c45.com	Sinkholed
2024-05-10	medium	meenetiy.com	Sinkholed
2024-05-09	medium	paronymtethery.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	meenetiy.com	Sinkholed
2024-05-10	medium	meenetiy.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	metrolagu.cam/video?q=nanti+kita+seperti+ini	0 B	2023-03-07	2024-05-20
Pretty URL metrolagu.cam/video?q=nanti+kita+seperti+ini IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 17:15:57 Times Seen37883273 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js	470 kB	2024-04-16	2024-05-20
Pretty URL 362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-20 09:32:15 Times Seen1388 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-20 16:47:25 Times Seen145840 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	metrolagu.cam/adus.js	532 B	2023-12-26	2024-05-11
Pretty URL metrolagu.cam/adus.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-26 23:58:07 Last Seen2024-05-11 06:28:33 Times Seen59 Hash 7a2d2561eaf88d82195fe34370371250 c17411a06bb47553493e3f8363304bdfe7a4e56d edd026699ef3c73fff84b39eb624af3bcb6d5732513ceef2ef1c36068e311eea Loading...

	poop.com.co/e/uJ3Rj9WxJVG	71 B	2024-02-17	2024-05-10
Pretty URL poop.com.co/e/uJ3Rj9WxJVG IP 104.21.78.178 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:42 Last Seen2024-05-10 22:02:24 Times Seen13 Hash 7f501cacc01b5e0f71c3ce73f9c93698 5297dc82a372e9d77137d0ed5a67363da8f9855d 86c4bac97553510c47acc6e915f1738e3bb40f919350dd8f76ea216e84e90b16 Loading...

	poop.com.co/e/uJ3Rj9WxJVG	6.4 kB	2023-10-24	2024-05-11
Pretty URL poop.com.co/e/uJ3Rj9WxJVG IP 104.21.78.178 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38:45 Last Seen2024-05-11 00:50:07 Times Seen88 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	poop.com.co/e/uJ3Rj9WxJVG	1.9 kB	2024-05-10	2024-05-10
Pretty URL poop.com.co/e/uJ3Rj9WxJVG IP 104.21.78.178 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 07:44:55 Last Seen2024-05-10 07:44:55 Times Seen1 Hash a9266f0c5427d9145cbf9b4969ab5b0f 91698581e5b209c304f69010da53d3e21d62b900 e00f60cb0d468b186a0574f89f2dad10b2d8f5354b396e772ec507b7771e2f1b Loading...

	362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js	169 kB	2024-04-25	2024-05-16
Pretty URL 362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-16 08:49:21 Times Seen1042 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js	101 kB	2024-05-06	2024-05-16
Pretty URL 362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-20 17:08:32 Times Seen99224 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js	109 kB	2024-05-08	2024-05-14
Pretty URL 362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 14:11:42 Last Seen2024-05-14 14:15:38 Times Seen387 Hash 392da8c33f7fec0078e15e7cb7dec615 9a58299ea074848763f9b3e0d0b3ed82ed92614a e4dd634416e83566cd4235d596b6292bdcca640a6fb47da3b9330a3113e35c47 Loading...

	paronymtethery.com/rSfAH4Kr7lm28/64343	0 B	2023-03-07	2024-05-20
Pretty URL paronymtethery.com/rSfAH4Kr7lm28/64343 IP 23.109.170.224 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 17:15:57 Times Seen37883273 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	poop.com.co/e/uJ3Rj9WxJVG	153 B	2024-02-17	2024-05-11
Pretty URL poop.com.co/e/uJ3Rj9WxJVG IP 104.21.78.178 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:43 Last Seen2024-05-11 00:50:08 Times Seen37 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	309 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:44:55 Last Seen2024-05-10 07:44:56 Times Seen2 Hash 64d7d462c6d760faae85c6e4836e3361 5054d28d69b995af6a4dd025b814ec4eb4c9e1c3 687702e34f76593bdf149c38693dcd0689a07177733e02fd87f516e3a5c32627 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-20
Pretty URL storage.multstorage.com/log/count.html IP 172.67.174.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-20 17:05:07 Times Seen5663 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	meenetiy.com/5/6678850	90 kB	2024-05-10	2024-05-10
Pretty URL meenetiy.com/5/6678850 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:44:56 Last Seen2024-05-10 07:44:56 Times Seen2 Hash d9532df08ddaf40b95ead2db288554d2 70f5f8b1ed47a3bf0a51c152c55a6e0bb308942a 54b064820fe14f703b0c5d578c57e1d99686ed1992d980b1a3561b5e307faf00 Loading...

HTTP Transactions (57)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 15200
expires: Wed, 30 Apr 2025 05:44:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3tkpYPt1C5ajHKlap%2Bws1EX%2BwbjnwiiWLF%2BxOhOOs%2FZQj7xMJSzSRUXSt%2BiPeYIrj9YaNuBUlzJKgrg9cX3vgpqVmUCaYWjrzNfsfBssSC9WRsfYT1BcOb1JVcBUv7clzn3322j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88179df09bef5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (102340 bytes)
Hash
64d7d462c6d760faae85c6e4836e3361
5054d28d69b995af6a4dd025b814ec4eb4c9e1c3
687702e34f76593bdf149c38693dcd0689a07177733e02fd87f516e3a5c32627

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 05:44:21 GMT
expires: Fri, 10 May 2024 05:44:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102340
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img.doodcdn.co/snaps/wos1uzerzu92554c.jpg

172.67.70.190

200 OK

26 kB

URL GET HTTP/2
img.doodcdn.co/snaps/wos1uzerzu92554c.jpg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x405, components 3
Size
26 kB (25707 bytes)
Hash
02f33e56ccf5c2a68dd46c231fa84d08
1b6dd18d0e4776bdc75dbb87e9afd70ee9854020
f971f010e81ba80171d630e5fc235c1018f9f8a37049855a904489bd13f172db

HTTP Headers

GET /snaps/wos1uzerzu92554c.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: image/jpeg
content-length: 25707
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25909
etag: "65e907f7-6535"
expires: Thu, 23 May 2024 17:06:09 GMT
last-modified: Thu, 07 Mar 2024 00:19:03 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxGQqunRgcYzLMGwpsJ2cRnW%2FQSsROvRCkkNHeXTE3ABafKaHtZE%2BY0AHwV%2ByYVdiqjF3OOqaTRWoq1v6czl3Rk0QiZYiyKpuQVRo%2BVEQedI%2FwlGArWcyfjez%2FK9ICjN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179df0cdf8b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/apple-touch-icon.png

188.114.97.1

200 OK

2.8 kB

URL GET HTTP/2
assets.poopcdn.com/apple-touch-icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4697
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fIS0LXkFg0ArtVuM7BTLGBRiqEL6u0uVm5GSR9qHqetXRt%2BW%2BRSNGKJa8lZHIfMzgtgRSvoUuBecXa2yvm932WbR21%2F6aXHHyUe%2BTtRlOUoJy%2F6ubo3NgajLILYSBKVxbHiphU0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df2ac2e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/favicon-16x16.png

188.114.97.1

200 OK

612 B

URL GET HTTP/2
assets.poopcdn.com/favicon-16x16.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4697
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TgLZF%2BqStG4Kq3bcKmWOuLZGbUUGYQmMN2lag1dcxMw2mztwmy0zmJo0mgB1tmRGmBZcn9A9NRGHDe6XSEsKFqh60HMrenrkiaC92UMZr7UB04W%2FBaXq29EAaW8Z0RdzRjZCMCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df2ac3256c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js

45.133.44.52

200 OK

36 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
gzip compressed data, from Unix
Size
36 kB (36171 bytes)
Hash
e9d209f7053a86d8466d2ff108f0664f
11700b68607978ca24f0ebdaa5949817cf839be0
2c448dd494c621f253b736903a471ef3e304f4cb769127ce1ec1bf19203b2de4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8e57871395155b58a79a1f183241e252.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:20 GMT
etag: W/"663b58ec-1ab25"
content-encoding: gzip
expires: Fri, 10 May 2024 05:49:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 10 May 2024 05:44:22 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1Njg3NzcxMTQzMzQ0Nzc5MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1Njg3NzcxMTQzMzQ0Nzc5MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectef34ee98f7.0b2d458c45.com
Fingerprint7E:FF:35:2B:6F:6E:5F:D7:37:70:83:6B:E4:B9:B9:4C:4B:D8:3A:6B
ValidityTue, 07 May 2024 02:50:30 GMT - Mon, 05 Aug 2024 02:50:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1Njg3NzcxMTQzMzQ0Nzc5MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: ef34ee98f7.0b2d458c45.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1837
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 05:44:22 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.com.co
Set-Cookie: id=6816179295938087385; Expires=Sat, 10 May 2025 05:44:22 GMT; Secure; SameSite=None
Vary: Origin

nereserv.com/in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/multy

157.90.84.246

204 No Content

0 B

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=e56fd5e3-e8a0-4b43-a590-b449116706eb&subid=388464194&sid=116553444&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=e56fd5e3-e8a0-4b43-a590-b449116706eb&subid=388464194&sid=116553444&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=e56fd5e3-e8a0-4b43-a590-b449116706eb&subid=388464194&sid=116553444&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mp4skin.com/watch?V=ZgLlabyz7oY

172.67.154.189

200 OK

610 B

URL POST HTTP/3
mp4skin.com/watch?V=ZgLlabyz7oY
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
HTML document, ASCII text
Size
610 B (610 bytes)
Hash
b9799bf8f3812325756d181c788092d7
741870b4ce01aa18283f57c9cf75dc23ced3730f
43813bb52a165e499247c19e0e452a6f58a3bf306b7a463978dfdbe3720651d6

HTTP Headers

POST /watch?V=ZgLlabyz7oY HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/47564a7857396a52334a75
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FfT9CWf0QdSZVNy5V%2F0q0LLZoFtDso6PyjpcOvfP5Y6Ul0s6fc2tFpczHoQ7SC7GxMM%2FRWHBQ94Is0z1jib5ROl4MjzhDrLux9kQAjilCiouI8JUvi4YDKpldMetaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df4295e56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
a4d3d6ec5b1940e7adcee9279c5b61dd
cecc43456557df4d2cc339824535e8f15a1d6105
d0f2ea4bfce24f8da435ed4683ae367894262b7f74740cbcde1d396ecb2df834

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080058c1e50941ddf5546c075be8ce81; expires=Sat, 10 May 2025 05:44:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.792.1-auto&userId=080058c1e50941ddf5546c075be8ce81

139.45.197.245

200 OK

1.9 kB

URL GET HTTP/2
meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.792.1-auto&userId=080058c1e50941ddf5546c075be8ce81
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.9 kB (1909 bytes)
Hash
f47272b0adeb0ef851533d915fd44f78
6618012e761802834be994b7f5fc077688a08053
5e43ffddeb38097179c3dd7fa94a18a5939e0ba8d0b2ed92dced4f64f25d7930

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850/?abt_opts=1&js_build=iclick-v1.792.1-auto&userId=080058c1e50941ddf5546c075be8ce81 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=00805826bf064789ef5f2ae5de3dbc17; oaidts=1715319863
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/json
x-trace-id: 870e86a5ad98947329f2c003327b919c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=080058c1e50941ddf5546c075be8ce81; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
oaidts=1715319863; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 05:44:23 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

poop.com.co/e/uJ3Rj9WxJVG

104.21.78.178

200 OK

33 kB

URL User Request GET HTTP/2
poop.com.co/e/uJ3Rj9WxJVG
IP
104.21.78.178:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
JavaScript source, ASCII text, with very long lines (6442)
Size
33 kB (32732 bytes)
Hash
458d516288334d997b32eafb1d5188e9
42839274ef3e4559210e3310ccb08f6561b077ad
8708c56af075ab1fcc05a308db3d0548a7dee10f8e3faba98647e48e40d1de60

HTTP Headers

GET /e/uJ3Rj9WxJVG HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: MISS
last-modified: Fri, 10 May 2024 05:44:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P2hK1kuTjp%2B4rN2pGJQcWt2ZzAfuTRURVjviar7ixN9NOBkw4HL6mK7n%2B5e5MM%2BSXu8Mw%2BIs%2BlUspO4LceWN%2F6IMOOt%2BQKdTORmbzpCEJpKY%2BvPbtvnnt5J7nNoY2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179decb8035687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 186984
expires: Wed, 30 Apr 2025 05:44:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2FL1vm%2Ff%2FXtUqdud66ytesCrCKaV1ld%2FOjzKSpphKnxd4vUT6YFkHWgavKOuHHcUQI7zos5fFajbzqLUZM1F1dyA%2Bbn6I5NJcj3ZqNg3mMxImcqO%2Bjjk9RLEh2PyP%2FdzAgxNhLVj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88179dfa9836568b-OSL
alt-svc: h3=":443"; ma=86400

1734081ce4.64c8149326.com/in/multy

157.90.84.246

204 No Content

7.1 kB

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type
JSON text data
Size
7.1 kB (7140 bytes)
Hash
1757989ee2b4d4c3b2a773c650df1ded
0f7e4a9673a91cd9cbc845679e7c032909680319
b277f075814a5039ab82b65784604a58258dec77afda26e5929e65b664224683

HTTP Headers

POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1726
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/json
content-length: 7140
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9a42e37278e1480da7ec417eb8b7285e
2ebb273a9d30622c0371647e60d4323937a9d5bc
0c3686dcbc184d61e8fd14b50520a7d83880a655fa38a7f14443a275130a446e

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 05:44:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYYMMTYyJEDR5gWOcqYgdGChkgyLXCQuWGmRZkyZGyYqVEj5I0xMEQ4HONGoY4YOWDgcBimzhiMM3rCiIHDxowYMWbAsIEDaY4aMYSKEJOGDFSpVK1i1crVK1ixBu0slDGDBleHcOqImSjDrg2mcC7qmHEDh4yGIubAkaiDRtQcNOg6LIOHzhfFjEXwpEH1xg0aYse0EWzjMI4aM5iSMbMQsRg3bhYSzmqjhgyHbdx4bExD6e2MuXffiLEVhsM6YXUMpGNxjo4XL868cZE7jOI2Lsa8afNiTpswcixufFFmTA2ROczYADo8zIwxZsjQDUPDTAwaYW7MKINj6xiXdoURX0r6hbGVQWLQUIYMNthAA09kzDScGWb8UMccCCVBRg83wJCDgGPMgEMZqJlRhhg16GdYDjo5hgMOZoxxQ4pizFiYDJDVkFMYNai02k04iMEfT2NUJR8ZU3FRB0gMtlFGG0LKoWEPbshARRJWxDAHHmQgMQYZNKCxhBFI1KGEGHYEYcYaM0TlFw2O1QAZXXXd0GAMZdRBBQ43QFHHHS2YAQUVajCBRF9paCHHdzWgcQcUcpCxhBZZ2BAFHFZQAYUNciihUxZn1LjGFULc8cYQRuDRAhNX6EGGEmh8EccVWtyghxVwaHEGE26Q8cYZbBwhxBtx1CHHG0pkkUQeOcTBRKQywMDEG07cEQcRWaDhRhQw4MEEDkFoYUYRc7TwxhdfnFFFEkRIUUUaSjJpwxxvGDtGGVPGOecM8cLAIBwy9IBDSQPf0O-_MfTgxBMH2wDHDD2I5WsbGNmhBh4YZ7ddaGEwtsVVXeAlx1M6wOACSFsNBUcbX8Ax8kImz_CXCHLYIVhvk42xMswuzFxHHWlgRFcOdjb41QxipSGYCDnE4EJSLkTmQgw1gHZcGBg18YYeabDBRhgv1HAyCChggdUOIDCRhht14AECHlV94SDaNevA4skpgHBEeWu88UK0xE01FQhGpCGHSm_g8cLdQQ1FsggLi_WGHF-M8XjkDrHxeBFOSFyGHV8czsZEKRYmc3_G0XxGbDrIUAOfDh0EuhhyLPRi7J9_0cYbZrVeFUUikHGsbA69YdRvLieex0I1ODRHzRgdS0fHk7dQhxtp0NECgy6QIaPkz8s1GA40DMzVVEsF__hBX3h_g1h0UHzUcKghVVVqIsQvw0T0X1WSWjJIn0FCVwbFfKFj_KOa_-43GdCFgQ0IoYNRPlaDkD1EDJk5iBmawgaJ4EVzMBvKbmDQBwUEBA%25253D%25253D%2526s%253Dfdb5b3ef987fa02e47f87446c456d27d7fa7967bc5f8815738dfc7b5836acced1715319863%2526ev%253D0.003633539559246677&icons=7RJnsXMdv5DVhSy5zC59F2-Y1FVLrFAamdQw2ogTxH0qF4x3tuTOOEo8hHfgBSB3_1CXc9nfH_Hww_EmxERccUIxV1iHJcaH2R7D26Ng_M8tBe5gC45oUg484hXxxGlxagk4ZU1YvaK3hsTHBBnFOrt1DTfpOiTfSAK4Vx407xER24U4Yw&ext_cid=627853&px_id=55418774&min_cpm=0.007758434598557929&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002520949646407201&cpm=0&verify_hash=3a18bb9b6d0fecfa9bff24c0327c70d0&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=376111de-eb51-49ee-88fc-7a12e305d471&prev_step_diff=702

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYYMMTYyJEDR5gWOcqYgdGChkgyLXCQuWGmRZkyZGyYqVEj5I0xMEQ4HONGoY4YOWDgcBimzhiMM3rCiIHDxowYMWbAsIEDaY4aMYSKEJOGDFSpVK1i1crVK1ixBu0slDGDBleHcOqImSjDrg2mcC7qmHEDh4yGIubAkaiDRtQcNOg6LIOHzhfFjEXwpEH1xg0aYse0EWzjMI4aM5iSMbMQsRg3bhYSzmqjhgyHbdx4bExD6e2MuXffiLEVhsM6YXUMpGNxjo4XL868cZE7jOI2Lsa8afNiTpswcixufFFmTA2ROczYADo8zIwxZsjQDUPDTAwaYW7MKINj6xiXdoURX0r6hbGVQWLQUIYMNthAA09kzDScGWb8UMccCCVBRg83wJCDgGPMgEMZqJlRhhg16GdYDjo5hgMOZoxxQ4pizFiYDJDVkFMYNai02k04iMEfT2NUJR8ZU3FRB0gMtlFGG0LKoWEPbshARRJWxDAHHmQgMQYZNKCxhBFI1KGEGHYEYcYaM0TlFw2O1QAZXXXd0GAMZdRBBQ43QFHHHS2YAQUVajCBRF9paCHHdzWgcQcUcpCxhBZZ2BAFHFZQAYUNciihUxZn1LjGFULc8cYQRuDRAhNX6EGGEmh8EccVWtyghxVwaHEGE26Q8cYZbBwhxBtx1CHHG0pkkUQeOcTBRKQywMDEG07cEQcRWaDhRhQw4MEEDkFoYUYRc7TwxhdfnFFFEkRIUUUaSjJpwxxvGDtGGVPGOecM8cLAIBwy9IBDSQPf0O-_MfTgxBMH2wDHDD2I5WsbGNmhBh4YZ7ddaGEwtsVVXeAlx1M6wOACSFsNBUcbX8Ax8kImz_CXCHLYIVhvk42xMswuzFxHHWlgRFcOdjb41QxipSGYCDnE4EJSLkTmQgw1gHZcGBg18YYeabDBRhgv1HAyCChggdUOIDCRhht14AECHlV94SDaNevA4skpgHBEeWu88UK0xE01FQhGpCGHSm_g8cLdQQ1FsggLi_WGHF-M8XjkDrHxeBFOSFyGHV8czsZEKRYmc3_G0XxGbDrIUAOfDh0EuhhyLPRi7J9_0cYbZrVeFUUikHGsbA69YdRvLieex0I1ODRHzRgdS0fHk7dQhxtp0NECgy6QIaPkz8s1GA40DMzVVEsF__hBX3h_g1h0UHzUcKghVVVqIsQvw0T0X1WSWjJIn0FCVwbFfKFj_KOa_-43GdCFgQ0IoYNRPlaDkD1EDJk5iBmawgaJ4EVzMBvKbmDQBwUEBA%25253D%25253D%2526s%253Dfdb5b3ef987fa02e47f87446c456d27d7fa7967bc5f8815738dfc7b5836acced1715319863%2526ev%253D0.003633539559246677&icons=7RJnsXMdv5DVhSy5zC59F2-Y1FVLrFAamdQw2ogTxH0qF4x3tuTOOEo8hHfgBSB3_1CXc9nfH_Hww_EmxERccUIxV1iHJcaH2R7D26Ng_M8tBe5gC45oUg484hXxxGlxagk4ZU1YvaK3hsTHBBnFOrt1DTfpOiTfSAK4Vx407xER24U4Yw&ext_cid=627853&px_id=55418774&min_cpm=0.007758434598557929&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002520949646407201&cpm=0&verify_hash=3a18bb9b6d0fecfa9bff24c0327c70d0&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=376111de-eb51-49ee-88fc-7a12e305d471&prev_step_diff=702
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYYMMTYyJEDR5gWOcqYgdGChkgyLXCQuWGmRZkyZGyYqVEj5I0xMEQ4HONGoY4YOWDgcBimzhiMM3rCiIHDxowYMWbAsIEDaY4aMYSKEJOGDFSpVK1i1crVK1ixBu0slDGDBleHcOqImSjDrg2mcC7qmHEDh4yGIubAkaiDRtQcNOg6LIOHzhfFjEXwpEH1xg0aYse0EWzjMI4aM5iSMbMQsRg3bhYSzmqjhgyHbdx4bExD6e2MuXffiLEVhsM6YXUMpGNxjo4XL868cZE7jOI2Lsa8afNiTpswcixufFFmTA2ROczYADo8zIwxZsjQDUPDTAwaYW7MKINj6xiXdoURX0r6hbGVQWLQUIYMNthAA09kzDScGWb8UMccCCVBRg83wJCDgGPMgEMZqJlRhhg16GdYDjo5hgMOZoxxQ4pizFiYDJDVkFMYNai02k04iMEfT2NUJR8ZU3FRB0gMtlFGG0LKoWEPbshARRJWxDAHHmQgMQYZNKCxhBFI1KGEGHYEYcYaM0TlFw2O1QAZXXXd0GAMZdRBBQ43QFHHHS2YAQUVajCBRF9paCHHdzWgcQcUcpCxhBZZ2BAFHFZQAYUNciihUxZn1LjGFULc8cYQRuDRAhNX6EGGEmh8EccVWtyghxVwaHEGE26Q8cYZbBwhxBtx1CHHG0pkkUQeOcTBRKQywMDEG07cEQcRWaDhRhQw4MEEDkFoYUYRc7TwxhdfnFFFEkRIUUUaSjJpwxxvGDtGGVPGOecM8cLAIBwy9IBDSQPf0O-_MfTgxBMH2wDHDD2I5WsbGNmhBh4YZ7ddaGEwtsVVXeAlx1M6wOACSFsNBUcbX8Ax8kImz_CXCHLYIVhvk42xMswuzFxHHWlgRFcOdjb41QxipSGYCDnE4EJSLkTmQgw1gHZcGBg18YYeabDBRhgv1HAyCChggdUOIDCRhht14AECHlV94SDaNevA4skpgHBEeWu88UK0xE01FQhGpCGHSm_g8cLdQQ1FsggLi_WGHF-M8XjkDrHxeBFOSFyGHV8czsZEKRYmc3_G0XxGbDrIUAOfDh0EuhhyLPRi7J9_0cYbZrVeFUUikHGsbA69YdRvLieex0I1ODRHzRgdS0fHk7dQhxtp0NECgy6QIaPkz8s1GA40DMzVVEsF__hBX3h_g1h0UHzUcKghVVVqIsQvw0T0X1WSWjJIn0FCVwbFfKFj_KOa_-43GdCFgQ0IoYNRPlaDkD1EDJk5iBmawgaJ4EVzMBvKbmDQBwUEBA%25253D%25253D%2526s%253Dfdb5b3ef987fa02e47f87446c456d27d7fa7967bc5f8815738dfc7b5836acced1715319863%2526ev%253D0.003633539559246677&icons=7RJnsXMdv5DVhSy5zC59F2-Y1FVLrFAamdQw2ogTxH0qF4x3tuTOOEo8hHfgBSB3_1CXc9nfH_Hww_EmxERccUIxV1iHJcaH2R7D26Ng_M8tBe5gC45oUg484hXxxGlxagk4ZU1YvaK3hsTHBBnFOrt1DTfpOiTfSAK4Vx407xER24U4Yw&ext_cid=627853&px_id=55418774&min_cpm=0.007758434598557929&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.002520949646407201&cpm=0&verify_hash=3a18bb9b6d0fecfa9bff24c0327c70d0&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=376111de-eb51-49ee-88fc-7a12e305d471&prev_step_diff=702 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DtiY3X-C9K6HA6r3CHM8xE8r5oHoq0XVKJZElrTz_exkhRnzqe2anhddUdfbEBn_O8duFEQwzMH4prkJVJUMEau0E9BuCxxFPieTQyijoGIT6kM4dn6Mnyh8oXicCSEqrljamAAtXZHf87Pe0NfMWf3yE37C896shdFQt_4oGjVTDSf5UU4S4QfuIOFzHMB89zKRx60SMp28RCF7Wr_GndUqqLvVzPUgrN71628_msmRkbgSrvZqi2OcBwI_6jN9siBrWlzVqCWJj0W-2U_o038jXmnUp2Lzm8TivX8qBhWv9V0ZC7pin7KlYFkRUEZgO0NgaIhUPdJPfs8MqfFUm8lbnscSMvW_Ugxn2sjw79ylnbhLzsR9PV9J5jEr1UyOmLZYRZXm-87ovPYpohNQjtn5lb2iEIZoY8gB0D3EfsTVl0tVHRQ2GYlyVOTcO3g-S3qN71bI3zmRLA9yWD8DK0YwNGABMNLNOLPy9s8cgqiYpEpEElGdwr4pKTilETogJ_GzQq4E9AsB18_KmmY4B4UPGTOSIxDzPglX1RzGOkt8s2v7Rbl4ElSq6_3ExSmvU-Am3gRzdfw%3D%3D&icons=5C8XWFLUNW2CKwQ0RNDcUeq_4lGufjCFlR4fp1hZcBJplCTDZl_0kmsy1R93clELCRdKXtc3p7Ty4UyvdfEVafmWhg6xbv_3HavtRVD_v1Lf1BGyEkeAqNdYeGTgXzs6pm0ueSjiLGPHGwUx-hQA7Gr4e6-OydVFGMIQkzbcfBcVi2Zr_3dH6IfRArWaI8qtwU4qYLNZztDgeVN2Bavm2bynFcLJSZUDXuD4ADjD6ulNGTPhdGfVNFU7OGuv2AKbdNZiYsz5IJyqS1DoXGOzKsVW3OsU3dOpvbJqVjkBOfjN3BHPD-UAuR8wyQ3DU44UDiPGfpS8J2REuj7gc4a80rJcJ5Gq7BdIc_Empzhn_Wy7E3f9mX1K1JV1-su1BMEFjVNi06aBg58iyGisBxe8ffDrQc2EtFF8d37wGMT5tTv-jOK__uNB5HkxwTxC8orqxq7Yt5VOSXii7O9-NvTUne7FtJf2CbacWTiN07EmlYlNBsK5QXuNygXZvbtdct2wIoscyHucIUHzAhcXOCf2q2ptB2bSzMKMk4U88SNgwnNl1g7bZhRsspafgrULYRZmuHHkjDP99D84-HX8QI5g38y3kGhHE8vPPAeN438hrjpYC5N_0_LobD3rOezoINOG6MANuumfr6vgzahkYcMTW4TiQoAQQm0I7A4NVD5jUVYDvqsQkzXTEQ5W0UcaG9fo6LNqAy8&ext_cid=0&px_id=31418774&min_cpm=0.03074547684713892&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13311719118888457&cpm=0&verify_hash=6897e8d4db676778dd154cd472e29b78&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=cead6904-c996-4043-83ea-4e02845cb92a&prev_step_diff=702

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DtiY3X-C9K6HA6r3CHM8xE8r5oHoq0XVKJZElrTz_exkhRnzqe2anhddUdfbEBn_O8duFEQwzMH4prkJVJUMEau0E9BuCxxFPieTQyijoGIT6kM4dn6Mnyh8oXicCSEqrljamAAtXZHf87Pe0NfMWf3yE37C896shdFQt_4oGjVTDSf5UU4S4QfuIOFzHMB89zKRx60SMp28RCF7Wr_GndUqqLvVzPUgrN71628_msmRkbgSrvZqi2OcBwI_6jN9siBrWlzVqCWJj0W-2U_o038jXmnUp2Lzm8TivX8qBhWv9V0ZC7pin7KlYFkRUEZgO0NgaIhUPdJPfs8MqfFUm8lbnscSMvW_Ugxn2sjw79ylnbhLzsR9PV9J5jEr1UyOmLZYRZXm-87ovPYpohNQjtn5lb2iEIZoY8gB0D3EfsTVl0tVHRQ2GYlyVOTcO3g-S3qN71bI3zmRLA9yWD8DK0YwNGABMNLNOLPy9s8cgqiYpEpEElGdwr4pKTilETogJ_GzQq4E9AsB18_KmmY4B4UPGTOSIxDzPglX1RzGOkt8s2v7Rbl4ElSq6_3ExSmvU-Am3gRzdfw%3D%3D&icons=5C8XWFLUNW2CKwQ0RNDcUeq_4lGufjCFlR4fp1hZcBJplCTDZl_0kmsy1R93clELCRdKXtc3p7Ty4UyvdfEVafmWhg6xbv_3HavtRVD_v1Lf1BGyEkeAqNdYeGTgXzs6pm0ueSjiLGPHGwUx-hQA7Gr4e6-OydVFGMIQkzbcfBcVi2Zr_3dH6IfRArWaI8qtwU4qYLNZztDgeVN2Bavm2bynFcLJSZUDXuD4ADjD6ulNGTPhdGfVNFU7OGuv2AKbdNZiYsz5IJyqS1DoXGOzKsVW3OsU3dOpvbJqVjkBOfjN3BHPD-UAuR8wyQ3DU44UDiPGfpS8J2REuj7gc4a80rJcJ5Gq7BdIc_Empzhn_Wy7E3f9mX1K1JV1-su1BMEFjVNi06aBg58iyGisBxe8ffDrQc2EtFF8d37wGMT5tTv-jOK__uNB5HkxwTxC8orqxq7Yt5VOSXii7O9-NvTUne7FtJf2CbacWTiN07EmlYlNBsK5QXuNygXZvbtdct2wIoscyHucIUHzAhcXOCf2q2ptB2bSzMKMk4U88SNgwnNl1g7bZhRsspafgrULYRZmuHHkjDP99D84-HX8QI5g38y3kGhHE8vPPAeN438hrjpYC5N_0_LobD3rOezoINOG6MANuumfr6vgzahkYcMTW4TiQoAQQm0I7A4NVD5jUVYDvqsQkzXTEQ5W0UcaG9fo6LNqAy8&ext_cid=0&px_id=31418774&min_cpm=0.03074547684713892&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13311719118888457&cpm=0&verify_hash=6897e8d4db676778dd154cd472e29b78&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=cead6904-c996-4043-83ea-4e02845cb92a&prev_step_diff=702
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=357529620&sid=2397666953&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=68.98915086857517&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DtiY3X-C9K6HA6r3CHM8xE8r5oHoq0XVKJZElrTz_exkhRnzqe2anhddUdfbEBn_O8duFEQwzMH4prkJVJUMEau0E9BuCxxFPieTQyijoGIT6kM4dn6Mnyh8oXicCSEqrljamAAtXZHf87Pe0NfMWf3yE37C896shdFQt_4oGjVTDSf5UU4S4QfuIOFzHMB89zKRx60SMp28RCF7Wr_GndUqqLvVzPUgrN71628_msmRkbgSrvZqi2OcBwI_6jN9siBrWlzVqCWJj0W-2U_o038jXmnUp2Lzm8TivX8qBhWv9V0ZC7pin7KlYFkRUEZgO0NgaIhUPdJPfs8MqfFUm8lbnscSMvW_Ugxn2sjw79ylnbhLzsR9PV9J5jEr1UyOmLZYRZXm-87ovPYpohNQjtn5lb2iEIZoY8gB0D3EfsTVl0tVHRQ2GYlyVOTcO3g-S3qN71bI3zmRLA9yWD8DK0YwNGABMNLNOLPy9s8cgqiYpEpEElGdwr4pKTilETogJ_GzQq4E9AsB18_KmmY4B4UPGTOSIxDzPglX1RzGOkt8s2v7Rbl4ElSq6_3ExSmvU-Am3gRzdfw%3D%3D&icons=5C8XWFLUNW2CKwQ0RNDcUeq_4lGufjCFlR4fp1hZcBJplCTDZl_0kmsy1R93clELCRdKXtc3p7Ty4UyvdfEVafmWhg6xbv_3HavtRVD_v1Lf1BGyEkeAqNdYeGTgXzs6pm0ueSjiLGPHGwUx-hQA7Gr4e6-OydVFGMIQkzbcfBcVi2Zr_3dH6IfRArWaI8qtwU4qYLNZztDgeVN2Bavm2bynFcLJSZUDXuD4ADjD6ulNGTPhdGfVNFU7OGuv2AKbdNZiYsz5IJyqS1DoXGOzKsVW3OsU3dOpvbJqVjkBOfjN3BHPD-UAuR8wyQ3DU44UDiPGfpS8J2REuj7gc4a80rJcJ5Gq7BdIc_Empzhn_Wy7E3f9mX1K1JV1-su1BMEFjVNi06aBg58iyGisBxe8ffDrQc2EtFF8d37wGMT5tTv-jOK__uNB5HkxwTxC8orqxq7Yt5VOSXii7O9-NvTUne7FtJf2CbacWTiN07EmlYlNBsK5QXuNygXZvbtdct2wIoscyHucIUHzAhcXOCf2q2ptB2bSzMKMk4U88SNgwnNl1g7bZhRsspafgrULYRZmuHHkjDP99D84-HX8QI5g38y3kGhHE8vPPAeN438hrjpYC5N_0_LobD3rOezoINOG6MANuumfr6vgzahkYcMTW4TiQoAQQm0I7A4NVD5jUVYDvqsQkzXTEQ5W0UcaG9fo6LNqAy8&ext_cid=0&px_id=31418774&min_cpm=0.03074547684713892&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3500186311306819951&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13311719118888457&cpm=0&verify_hash=6897e8d4db676778dd154cd472e29b78&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=cead6904-c996-4043-83ea-4e02845cb92a&prev_step_diff=702 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

paronymtethery.com/rSfAH4Kr7lm28/64343

23.109.170.224

200 OK

20 B

URL GET HTTP/1.1
paronymtethery.com/rSfAH4Kr7lm28/64343
IP
23.109.170.224:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate
IssuerLet's Encrypt
Subjectparonymtethery.com
Fingerprint63:F2:88:89:1F:F8:81:BA:AE:2C:AE:99:FD:C3:5F:47:2F:0B:DE:F1
ValidityMon, 29 Apr 2024 18:59:43 GMT - Sun, 28 Jul 2024 18:59:42 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rSfAH4Kr7lm28/64343 HTTP/1.1
Host: paronymtethery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 05:44:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 11-May-2024 05:44:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 11-May-2024 05:44:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Z6v2R6mtd3XYFMMifu9X8JPxW-kQyA:35C2w-KNmeD0GNLd; Expires=Sun, 10-May-2026 05:44:23 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 05:44:23 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwcCLLhqNXfU-sEJdzQU-IYKAH92eab7JKD5Je2FxXT3zvgUx_tXBxuEwfj3hFo6UqEi0FY8g
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-0WS8aITmO6w4USbUsJ2csg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.poopcdn.com/play.svg

188.114.97.1

200 OK

1.4 kB

URL GET HTTP/2
assets.poopcdn.com/play.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1403 bytes)
Hash
85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

HTTP Headers

GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krmJpOSq1mEMlcDoBCb0oayPdONhEksItOnGbUifl6buHH41ZsF3r4uAdFxJ23rYmnRdocF3yy9eB1%2FFlMXRdMQ%2Fo6IcrV1Qrn9iJ9YiDW238yXXwOTU2pF01kgHNrUULypjHh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df18b0956c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=b28e86b8-0a49-459c-9365-b4d7f060a66d&prev_step_diff=702

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=b28e86b8-0a49-459c-9365-b4d7f060a66d&prev_step_diff=702
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=b28e86b8-0a49-459c-9365-b4d7f060a66d&prev_step_diff=702 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 05:44:23 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/multy

157.90.84.246

204 No Content

7.1 kB

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type
JSON text data
Size
7.1 kB (7146 bytes)
Hash
c87388ad86c446965bcadac495141df5
db5f624361219aac85bb198fd4b9c3d095b2c060
54b94030fdd07523cc8d27722a91f2ac38e2ca0762d4ab166e6ee3a185a25664

HTTP Headers

POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1725
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/json
content-length: 7146
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=osIutPOp51ofBpj5JdEGNs4kA-AvRxNM1dFAVQjntZIV5dtHgQLFvcR-QrkAzz7l7KQtI4ki3YYqvvLO1JMjU3jtdHsn8PLk3bhWOExWo0DyJp-MzA7nDhWMkNZ_SJImio057VsO4AsRaypodfsbsFhQ9fmVvyYc33HtFi5dSqil-mEKnVUHtJ_IuA07-nWCG8CiyB00kmd3xroUlfXH5bHPFFntg5_h1fZOXbNCIzO5TShAbfbnZC5gr58XOD5d8BF6XFwlCCK4oCX0OM63aTZ04RVcIHBLdA-RotiebzFi3phP9LVfvdBRNx90Hbump9jKTAgjzGr6m-ReNgUdyK9kUbZfti15xMcoeZnf0P2mcR16krqpDetrK-mHvorbzwSzOXNDgZ2BmmsDzy-3jJvP5ZGTK7ONUdK4HKBrJhE2qZzDaw3eozY5ayJz2rA=&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=bb4d9a78-7e4b-492c-8fed-8908960142d8&prev_step_diff=702

162.55.246.161

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=osIutPOp51ofBpj5JdEGNs4kA-AvRxNM1dFAVQjntZIV5dtHgQLFvcR-QrkAzz7l7KQtI4ki3YYqvvLO1JMjU3jtdHsn8PLk3bhWOExWo0DyJp-MzA7nDhWMkNZ_SJImio057VsO4AsRaypodfsbsFhQ9fmVvyYc33HtFi5dSqil-mEKnVUHtJ_IuA07-nWCG8CiyB00kmd3xroUlfXH5bHPFFntg5_h1fZOXbNCIzO5TShAbfbnZC5gr58XOD5d8BF6XFwlCCK4oCX0OM63aTZ04RVcIHBLdA-RotiebzFi3phP9LVfvdBRNx90Hbump9jKTAgjzGr6m-ReNgUdyK9kUbZfti15xMcoeZnf0P2mcR16krqpDetrK-mHvorbzwSzOXNDgZ2BmmsDzy-3jJvP5ZGTK7ONUdK4HKBrJhE2qZzDaw3eozY5ayJz2rA=&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=bb4d9a78-7e4b-492c-8fed-8908960142d8&prev_step_diff=702
IP
162.55.246.161:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52
ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=osIutPOp51ofBpj5JdEGNs4kA-AvRxNM1dFAVQjntZIV5dtHgQLFvcR-QrkAzz7l7KQtI4ki3YYqvvLO1JMjU3jtdHsn8PLk3bhWOExWo0DyJp-MzA7nDhWMkNZ_SJImio057VsO4AsRaypodfsbsFhQ9fmVvyYc33HtFi5dSqil-mEKnVUHtJ_IuA07-nWCG8CiyB00kmd3xroUlfXH5bHPFFntg5_h1fZOXbNCIzO5TShAbfbnZC5gr58XOD5d8BF6XFwlCCK4oCX0OM63aTZ04RVcIHBLdA-RotiebzFi3phP9LVfvdBRNx90Hbump9jKTAgjzGr6m-ReNgUdyK9kUbZfti15xMcoeZnf0P2mcR16krqpDetrK-mHvorbzwSzOXNDgZ2BmmsDzy-3jJvP5ZGTK7ONUdK4HKBrJhE2qZzDaw3eozY5ayJz2rA=&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=bb4d9a78-7e4b-492c-8fed-8908960142d8&prev_step_diff=702 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
location: https://img.vmmcdn.com/get/76386463/551811_icon.png
x-app-id: 11

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=33b2ef55-c9ee-4aeb-b2b6-380f49489a56&prev_step_diff=1013

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=33b2ef55-c9ee-4aeb-b2b6-380f49489a56&prev_step_diff=1013
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=33b2ef55-c9ee-4aeb-b2b6-380f49489a56&prev_step_diff=1013 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 05:44:23 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4addd78a1ebbfbfd98f962bee30de93e
113326456169ddeb584e9bc96365d93c913e40be
5aabd865e6cf2769f401a6bb4b0059dcf57bc7b5e0cc8e015a2fe0e0d85d9717

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 05:44:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

metrolagu.cam/jembud/47564a7857396a52334a75

188.114.96.1

200 OK

495 B

URL GET HTTP/2
metrolagu.cam/jembud/47564a7857396a52334a75
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text
Size
495 B (495 bytes)
Hash
95261525b50c888101aac839d9902c2c
66c71f95f7e03b14c02c6a90faec7ffc48eab1fb
5a32bacf7d8b69c9c457a9e21d621cee3664d9296b2079302bfbc65575129885

HTTP Headers

GET /jembud/47564a7857396a52334a75 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FpOQApor6HEMdbf%2B20Mj1gTKxF4vThVT5ZbU5tMDfLf66DRBca9jl7QTD9F0ALzleV%2FBpLXOXUL9Bu7tkrnHaA2mqndbk7OknJhj%2FBXjtrWLtl11lrIT8CSVttW5QPk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df73d7e56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.vmmcdn.com/get/32508910/551811_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/32508910/551811_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/32508910/551811_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:44:23 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DzWSBaGj6bqhAQHhQM9DzuU0aECi84bdNzQ_PIp_1Eb-stTurBfNIyD51a4d4tq9QhR9BbTevDMX31irPkuq4-DWIIfzYEDrC7EN9JOtoLra-Vm26HmHpy8T_q-btPlEtTM3r6Uk2XzLrdgSRCGF-1iS7cW8hSR3qoyn1m_BkChMtQ9EMDnqBinGhqTQAgIozVzVu2NJwsyj4fedrNMaios-GLU1qcRl0-S6xkJ9FVS9K4CUB-PJ_yfH7l0x0Pz0gxsEd3pbQMCg28uphixWdq2sF08GDUy_BZNMDdK6Z84A43AeU-FsgSZPeHN2NwsjG6qkWhKqQULJpP-Cl_QViP3sEXJgUsnSgor5K0ms3KM2XvYS-j26cDuQyNKuSsNuevRZ8Yq7qPn1DtvqxlNVOv_qeMdssKagYmOR4N5vdMzin0r9-IluWSX7gi-cHhJw10HCJzfs1d0eTvixCR6OUHi_nS7bMZFQobAbGeCM0NmiqLYVvtzt_E7PKUwQxmYSN2n-SUkVUqXXzEjVrT6tkuO5IHgDjKVVHppVYwStGvPmKb_XoV6X7iZjsgUdsiAmKU9kaGrAP&icons=u7Gb-uMZaXalP-1HTeoYmlcpXCtxYjEgRJzYnXyIB2QFfyGC4HYUTe911ZvLdoI1Dpo0JpbOb9kvssKDuKZE5z3YF2DwZrgNtTkqY6G_sL95xK7d-bhTjaH9HlzI-nHLMLFYvvK3UtAjEhpXE-X9h2mtc2nDPH1PQYzMAaFy9bGBgaUmn1aVln9dnioVXmSDffq5RHIJVilu_L-psrzi3a8sErIsi7Pu5gltSvijErADrsEdp0pxalX7mgnJ6Kp7IL4ZXAnBxaeSF_KJK1lvUWQ1LMlyME0Nq6GoSvLurTn8kj4gyi1ikZi8RY8jAAmbhbNiNCxqYqKx5_fFl99yJ1MaJSN0pqorSGOR2H4AfZR2W5bR5oNLq4ARl4PqcP3r1cRfd2OXzQlHICTqKOQ05bCVhFLccrw3elQA8cTfslw91ENbBt_d6SNWDkgsbUG1GOZ3y4c-3tQsxjS9rQYiM4gmmJ1wpdI9jour_VTyBa5FdruVzTQLp70nRNEPWwOY8JgBR51Sej5JX5-0h4N21ijiXRQ1C3P6uIH3IqCNGGYF2dg91IvOYmxYN55ffIrhR_LJs9NUBgoyQawuXWp6NISuh8CLFEYIz6DJ6j_Tgt58eEG1Ucw6Vwtmnc4NaT6pwL5MYnhUTHeNdvpZfOGieIPoFcHPryUGayS7ZMxv6oQa0K8XaZWhqdSLAoOOS-5k-jAZnu0&ext_cid=0&px_id=31418776&min_cpm=0.015333744771353802&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06638976668074706&cpm=0&verify_hash=688bdb13f3b68f4a93e544d6f991d4c9&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=75bde350-59f9-4188-9ed5-2bedd5838cf9&prev_step_diff=1013

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DzWSBaGj6bqhAQHhQM9DzuU0aECi84bdNzQ_PIp_1Eb-stTurBfNIyD51a4d4tq9QhR9BbTevDMX31irPkuq4-DWIIfzYEDrC7EN9JOtoLra-Vm26HmHpy8T_q-btPlEtTM3r6Uk2XzLrdgSRCGF-1iS7cW8hSR3qoyn1m_BkChMtQ9EMDnqBinGhqTQAgIozVzVu2NJwsyj4fedrNMaios-GLU1qcRl0-S6xkJ9FVS9K4CUB-PJ_yfH7l0x0Pz0gxsEd3pbQMCg28uphixWdq2sF08GDUy_BZNMDdK6Z84A43AeU-FsgSZPeHN2NwsjG6qkWhKqQULJpP-Cl_QViP3sEXJgUsnSgor5K0ms3KM2XvYS-j26cDuQyNKuSsNuevRZ8Yq7qPn1DtvqxlNVOv_qeMdssKagYmOR4N5vdMzin0r9-IluWSX7gi-cHhJw10HCJzfs1d0eTvixCR6OUHi_nS7bMZFQobAbGeCM0NmiqLYVvtzt_E7PKUwQxmYSN2n-SUkVUqXXzEjVrT6tkuO5IHgDjKVVHppVYwStGvPmKb_XoV6X7iZjsgUdsiAmKU9kaGrAP&icons=u7Gb-uMZaXalP-1HTeoYmlcpXCtxYjEgRJzYnXyIB2QFfyGC4HYUTe911ZvLdoI1Dpo0JpbOb9kvssKDuKZE5z3YF2DwZrgNtTkqY6G_sL95xK7d-bhTjaH9HlzI-nHLMLFYvvK3UtAjEhpXE-X9h2mtc2nDPH1PQYzMAaFy9bGBgaUmn1aVln9dnioVXmSDffq5RHIJVilu_L-psrzi3a8sErIsi7Pu5gltSvijErADrsEdp0pxalX7mgnJ6Kp7IL4ZXAnBxaeSF_KJK1lvUWQ1LMlyME0Nq6GoSvLurTn8kj4gyi1ikZi8RY8jAAmbhbNiNCxqYqKx5_fFl99yJ1MaJSN0pqorSGOR2H4AfZR2W5bR5oNLq4ARl4PqcP3r1cRfd2OXzQlHICTqKOQ05bCVhFLccrw3elQA8cTfslw91ENbBt_d6SNWDkgsbUG1GOZ3y4c-3tQsxjS9rQYiM4gmmJ1wpdI9jour_VTyBa5FdruVzTQLp70nRNEPWwOY8JgBR51Sej5JX5-0h4N21ijiXRQ1C3P6uIH3IqCNGGYF2dg91IvOYmxYN55ffIrhR_LJs9NUBgoyQawuXWp6NISuh8CLFEYIz6DJ6j_Tgt58eEG1Ucw6Vwtmnc4NaT6pwL5MYnhUTHeNdvpZfOGieIPoFcHPryUGayS7ZMxv6oQa0K8XaZWhqdSLAoOOS-5k-jAZnu0&ext_cid=0&px_id=31418776&min_cpm=0.015333744771353802&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06638976668074706&cpm=0&verify_hash=688bdb13f3b68f4a93e544d6f991d4c9&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=75bde350-59f9-4188-9ed5-2bedd5838cf9&prev_step_diff=1013
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DzWSBaGj6bqhAQHhQM9DzuU0aECi84bdNzQ_PIp_1Eb-stTurBfNIyD51a4d4tq9QhR9BbTevDMX31irPkuq4-DWIIfzYEDrC7EN9JOtoLra-Vm26HmHpy8T_q-btPlEtTM3r6Uk2XzLrdgSRCGF-1iS7cW8hSR3qoyn1m_BkChMtQ9EMDnqBinGhqTQAgIozVzVu2NJwsyj4fedrNMaios-GLU1qcRl0-S6xkJ9FVS9K4CUB-PJ_yfH7l0x0Pz0gxsEd3pbQMCg28uphixWdq2sF08GDUy_BZNMDdK6Z84A43AeU-FsgSZPeHN2NwsjG6qkWhKqQULJpP-Cl_QViP3sEXJgUsnSgor5K0ms3KM2XvYS-j26cDuQyNKuSsNuevRZ8Yq7qPn1DtvqxlNVOv_qeMdssKagYmOR4N5vdMzin0r9-IluWSX7gi-cHhJw10HCJzfs1d0eTvixCR6OUHi_nS7bMZFQobAbGeCM0NmiqLYVvtzt_E7PKUwQxmYSN2n-SUkVUqXXzEjVrT6tkuO5IHgDjKVVHppVYwStGvPmKb_XoV6X7iZjsgUdsiAmKU9kaGrAP&icons=u7Gb-uMZaXalP-1HTeoYmlcpXCtxYjEgRJzYnXyIB2QFfyGC4HYUTe911ZvLdoI1Dpo0JpbOb9kvssKDuKZE5z3YF2DwZrgNtTkqY6G_sL95xK7d-bhTjaH9HlzI-nHLMLFYvvK3UtAjEhpXE-X9h2mtc2nDPH1PQYzMAaFy9bGBgaUmn1aVln9dnioVXmSDffq5RHIJVilu_L-psrzi3a8sErIsi7Pu5gltSvijErADrsEdp0pxalX7mgnJ6Kp7IL4ZXAnBxaeSF_KJK1lvUWQ1LMlyME0Nq6GoSvLurTn8kj4gyi1ikZi8RY8jAAmbhbNiNCxqYqKx5_fFl99yJ1MaJSN0pqorSGOR2H4AfZR2W5bR5oNLq4ARl4PqcP3r1cRfd2OXzQlHICTqKOQ05bCVhFLccrw3elQA8cTfslw91ENbBt_d6SNWDkgsbUG1GOZ3y4c-3tQsxjS9rQYiM4gmmJ1wpdI9jour_VTyBa5FdruVzTQLp70nRNEPWwOY8JgBR51Sej5JX5-0h4N21ijiXRQ1C3P6uIH3IqCNGGYF2dg91IvOYmxYN55ffIrhR_LJs9NUBgoyQawuXWp6NISuh8CLFEYIz6DJ6j_Tgt58eEG1Ucw6Vwtmnc4NaT6pwL5MYnhUTHeNdvpZfOGieIPoFcHPryUGayS7ZMxv6oQa0K8XaZWhqdSLAoOOS-5k-jAZnu0&ext_cid=0&px_id=31418776&min_cpm=0.015333744771353802&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06638976668074706&cpm=0&verify_hash=688bdb13f3b68f4a93e544d6f991d4c9&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715377463&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F32508910%2F551811_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=75bde350-59f9-4188-9ed5-2bedd5838cf9&prev_step_diff=1013 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=SRz7CC_WW1y0_y6Lv_P3TEYJlh-wZ8AE3_sn3WTZTulrGkfZOKVXmdunpGu5pJaAJ6LEYdXi6oXYHtxKYtEjrjMWsze1Qu5nDWE9d_AOhAwCtJQLOj02XrYzOYYFCtc6jQsTqrEyfgRkuE7PvW4uMOyIVX3Fsn6sDBQtXmJ0Fuo6QibXtks3w-LeepZhV5G_SrlHE5PujDki6_3f6XmONnGkohe92c_-f3UoVi8m2m8taDuwQQ_GsFZ4NrQ_OTa9p0RxDQmDC7F2qDpQnH-9iSxhKsG2fsNpOf17VMwsgrIHv1m9cR5ptrVf_eechINYLptfeH5kbBO6uumpCwEf0uDiJYzQJOF6keNcV7s4NU_Wlgc7L0SRDvUNB1P3wCawVGHscQKM5Eb8frVGX50EubBhmeVr9kQIq-4HCXUVzg_4grKag4DoHTJ3VDMjSg==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=0c01d206-6877-401a-a380-740c663eb3bf&prev_step_diff=1013

162.55.246.161

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=SRz7CC_WW1y0_y6Lv_P3TEYJlh-wZ8AE3_sn3WTZTulrGkfZOKVXmdunpGu5pJaAJ6LEYdXi6oXYHtxKYtEjrjMWsze1Qu5nDWE9d_AOhAwCtJQLOj02XrYzOYYFCtc6jQsTqrEyfgRkuE7PvW4uMOyIVX3Fsn6sDBQtXmJ0Fuo6QibXtks3w-LeepZhV5G_SrlHE5PujDki6_3f6XmONnGkohe92c_-f3UoVi8m2m8taDuwQQ_GsFZ4NrQ_OTa9p0RxDQmDC7F2qDpQnH-9iSxhKsG2fsNpOf17VMwsgrIHv1m9cR5ptrVf_eechINYLptfeH5kbBO6uumpCwEf0uDiJYzQJOF6keNcV7s4NU_Wlgc7L0SRDvUNB1P3wCawVGHscQKM5Eb8frVGX50EubBhmeVr9kQIq-4HCXUVzg_4grKag4DoHTJ3VDMjSg==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=0c01d206-6877-401a-a380-740c663eb3bf&prev_step_diff=1013
IP
162.55.246.161:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52
ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=SRz7CC_WW1y0_y6Lv_P3TEYJlh-wZ8AE3_sn3WTZTulrGkfZOKVXmdunpGu5pJaAJ6LEYdXi6oXYHtxKYtEjrjMWsze1Qu5nDWE9d_AOhAwCtJQLOj02XrYzOYYFCtc6jQsTqrEyfgRkuE7PvW4uMOyIVX3Fsn6sDBQtXmJ0Fuo6QibXtks3w-LeepZhV5G_SrlHE5PujDki6_3f6XmONnGkohe92c_-f3UoVi8m2m8taDuwQQ_GsFZ4NrQ_OTa9p0RxDQmDC7F2qDpQnH-9iSxhKsG2fsNpOf17VMwsgrIHv1m9cR5ptrVf_eechINYLptfeH5kbBO6uumpCwEf0uDiJYzQJOF6keNcV7s4NU_Wlgc7L0SRDvUNB1P3wCawVGHscQKM5Eb8frVGX50EubBhmeVr9kQIq-4HCXUVzg_4grKag4DoHTJ3VDMjSg==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=0c01d206-6877-401a-a380-740c663eb3bf&prev_step_diff=1013 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
location: https://img.vmmcdn.com/get/76386463/551811_icon.png
x-app-id: 11

img.vmmcdn.com/get/32508910/551811_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/32508910/551811_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/32508910/551811_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:44:23 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/76386463/551811_icon.png

138.201.51.142

200 OK

23 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/76386463/551811_icon.png
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
23 kB (23156 bytes)
Hash
fa9fd991974e2df8cc89cbc5a1626511
2a4cd11f3291c32140ab3c2c5345bfdce3a96f8c
e26acf59e0dd004f780c92d14c4ccbe8271ceac7260bac5377e3c98dde058c1c

HTTP Headers

GET /get/76386463/551811_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:44:23 GMT
Content-Type: image/png
Content-Length: 23156
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-5a74"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/76386463/551811_icon.png

46.4.121.113

200 OK

23 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/76386463/551811_icon.png
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
23 kB (23156 bytes)
Hash
fa9fd991974e2df8cc89cbc5a1626511
2a4cd11f3291c32140ab3c2c5345bfdce3a96f8c
e26acf59e0dd004f780c92d14c4ccbe8271ceac7260bac5377e3c98dde058c1c

HTTP Headers

GET /get/76386463/551811_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 10 May 2024 05:44:23 GMT
content-type: image/png
content-length: 23156
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-5a74"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwcCLLhqNXfU-sEJdzQU-IYKAH92eab7JKD5Je2FxXT3zvgUx_tXBxuEwfj3hFo6UqEi0FY8g

74.125.131.84

302 Found

425 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwcCLLhqNXfU-sEJdzQU-IYKAH92eab7JKD5Je2FxXT3zvgUx_tXBxuEwfj3hFo6UqEi0FY8g
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type
HTML document, ASCII text, with very long lines (404)
Size
425 B (425 bytes)
Hash
bd2bb02793f51d509e3e30f5d9508765
0474796c07a04a59ab1ee1d74cc2f27618f9e215
2ee02921cd500099bc7d50820e8ec011547aa8fa0377e258ab17f2aae53bd853

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwcCLLhqNXfU-sEJdzQU-IYKAH92eab7JKD5Je2FxXT3zvgUx_tXBxuEwfj3hFo6UqEi0FY8g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:wVdQXqn089O1piQKlWG02_yTsWMNzA:nC1S90fALcYON2n2;Path=/;Expires=Sun, 10-May-2026 05:44:23 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 05:44:23 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzXgwqQp-MXnNwYRtNBvUpcc03E4NsWzWsahIUpn5in-ta0xfDY3WRsrlKVOGi9cI-am5PXDg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-83268489%3A1715319863969426&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-nuM90-295EaiKicX1gS56g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 425
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nereserv.com/in/dip?site=native-push&wl=1&event_id=04306bea-95fa-4abf-b087-ffc2e19b21f1&subid=357529620&sid=2397666953&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=04306bea-95fa-4abf-b087-ffc2e19b21f1&subid=357529620&sid=2397666953&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=04306bea-95fa-4abf-b087-ffc2e19b21f1&subid=357529620&sid=2397666953&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=10449021-8c76-4d14-8f68-1d1f4ef449ac&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

3.7 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
3.7 kB (3720 bytes)
Hash
a7e1b0b2c0cf0945a5a0fa9c92f7c6de
d229e30e5565222b71262d82e0e074ca380276de
161a03a689bb0bfede6b03da34449fad3b8d92c143d41cbbc328a0df99da2073

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 965
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 10 May 2024 05:44:24 GMT
content-type: application/json
content-length: 3720
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

metrolagu.cam/adus.js

188.114.96.1

200 OK

532 B

URL GET HTTP/3
metrolagu.cam/adus.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text, with very long lines (554), with no line terminators
Size
532 B (532 bytes)
Hash
ea4c97c51b21f8d3e04f3ed0dfbd6ec6
6e81ca9991d8e8136ae65bb97546c1c2fbe97669
014945fd916d3e166950b057a4498a6ef7bff879d1692e4bb71ea5ff81dbfb37

HTTP Headers

GET /adus.js HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/javascript
last-modified: Fri, 15 Dec 2023 02:26:22 GMT
etag: W/"657bb94e-214"
expires: Fri, 10 May 2024 10:21:56 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 26547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSGLB55FHxEld5iUdcZCFNzDUE7vgFAgHC%2BXVDHsnG9ifB3KbkfAS%2BMWWAHC%2Ftu7Ln9aU5s97ogIYpB4IV3ofHFosbyhgZCfqVbgu2XxvTrQ4AbM8poED6I0V26%2B9iw9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179dfa8da70b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mp4skin.com/embed.css

172.67.154.189

200 OK

755 B

URL GET HTTP/3
mp4skin.com/embed.css
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
ASCII text, with very long lines (757), with no line terminators
Size
755 B (755 bytes)
Hash
893c3050971d660ec53ed6ea64582a05
a06d1563bdeb65aa5f5d68b7f0cefdd6778b6056
a2e4ffd0ece96aa94f183f77575fb2dcdf08483df0fbb8f1324cc9f088e9d1c9

HTTP Headers

GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?V=ZgLlabyz7oY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Fri, 10 May 2024 07:32:05 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 36737
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2F3MaIKrrLjw2WqJFMIzVk7TmMcI1Omedr9hZ7Nq6KmrpmBop88oaCEHsAhmxhoZzrFVTZ8ptsv7ZEL%2BUzR%2FKl2xEHqZEyDMbpbi%2Fi6aUO5W%2B9XBE65f9KGKhXfZXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df72c8056a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /923e52a9407423e98fa8942070686998.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 10 May 2024 05:49:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

mp4skin.com/embud/47564a7857396a52334a75

172.67.154.189

200 OK

241 B

URL GET HTTP/2
mp4skin.com/embud/47564a7857396a52334a75
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services LLC
Subjectmp4skin.com
Fingerprint55:B2:0B:78:12:64:92:D0:D5:59:1F:F5:58:E3:9D:B5:B1:A7:10:3F
ValidityTue, 30 Apr 2024 03:13:34 GMT - Mon, 29 Jul 2024 03:13:33 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
fa399267e06a045d5a37eb994dad475a
101ba3390dfb32585c838299f96ee6a8da4c02a8
cf18f5a1de1e0c3a9761aa51196235e6cbc3a86bd4cb309aa24c744b7678c410

HTTP Headers

GET /embud/47564a7857396a52334a75 HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pn6JFn0WPwUoDDkMJFXtETWolmJvuujX9TyrLpKDBp5Tqocwj9IT0ci%2B7gyh0WIETKY184IT3b0itpLR8slZrY2JgBZktufU5fnKWT4YZDa%2ByEm0ItHq2T4PBf9RWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df1aa3c568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYbOcTcMGODxpgWOGDgyNGCBo4xZFrkoBFDRgsxNXLEIGNGTJgcZWzUEOFwjBuFOmLkUOkwTJ0xGGfUwEGDhg0YLnXGoDEjxw0cN2IQFSEmDZmoU6tezRpja9evYccatLNQxgyrOBzCqSNmogyrNprCuahjxlcZDUXMgSNRB9ecNqg6LIOHzpfFjUXUqEET7A0bY8e0IWwDMY4aM5ryXJhYjBs3Cw3HmCFUhsM2bjw6pqHSdkbcusPCuOqwjlgdA-lYnKPjxYszb1zgDrO4jYsxb9q8mNMmjByLG1-UGVNDDEiSY2CEDTNjjBkydsPQMLM1zI0ZZVLaGENDjNUw7wF1XxjDGeRfGTLYUNJmZJBxQ1hmmPFDHXMglAQZPdwAQw4AjjEDDmWgZkYZON2Hgww52GAGVzjgYMYYN9Rwg0gynjhTDWTYEEYNZbw3Yn5i5LfZGDjYAB8ZMMTARR0wwJBgG2W0EaQcF_bghgxUJGFFDHPgQQYSMNGAxhJGIFGHEmLYEYQZa8wgFWBVSZUiVXd9ZkMMZdRBBVg1tKAHEXMgccYaQWiRxhtMkDEHG3GMccQRedBhRBFqsJHHGjCoYcMVTZgBgxtEPGGFE2jIcUMYTEQhRRowPJHHEzPcIQMeMUBxgxE2uGEGFWboMQYbTtAghxFLnIGVEojRIYUdbEBRRBKIQvGEEkWMMYQSNlTBRhhGiOoEFkIEYccVNhAhBgxfnFFFEkRIUUUaSzaZ4Bxv1CHHGGVU-dicNMTrpA1wyNDDSi165W-CcMTQgxNPHAzwDD2MRUZ2GNmhBh4YX0dxUWE0tsUMMXSh170LweBCk8MVBUcbX8BBsg4m0-aQHHYQxttkY6xcsguBiVBHHWlg1JZQqFVFw1hpECaCTi4s5QINMrgQA2dj1REGRk28oUcabGz7Qg0ng4ACFm3tAAITabhRBx4g4FHkFyWZTbMOKZ6cAghHjLfGGy_IkGSTMSQJghFpyNHjG3i8UDcMoUGFHMNjvSHHF2M4LgLkDrFheRFOSFyGHV8YzsZEMn5FW0owzHwGbDrIMFViB4EuhhwLtehQ7F-08cZZrRdJkQhkyPFGbA69gZRvLiOex0I1ODQHzRgJT0fHkrdQhxtp0NFCTS6QAWPkz9PVeg1_nRaWS7dbftAX3t8wFh1tTBQWakoVmZoI8Msg_9Qg52B_4L8zSOjKsJgvdGx_9POfDe73OQOyASF0QMrHaiCyh4ghMwcxg1PYIBG9aK5kRdENDPqggIAA%2526s%253D4c2ebbf8c60adc180553516df2f1f3b14184895db82f30281d86fb9fdea9b7c21715319863%2526ev%253D0.005146466209652459&icons=ERKxRKIjeRhxmPYi7f728sMohmdL4dwr7hMIdUI9ioFuFDx2LsoS4suGOfXaRoj4xH-SkwnnvF5qOGZ1lYxVI3cO8QIgT8DyXvgQxEdzgGnrdWQIwDlr1YSyDGeOWJ6bJT5TnxgTuMg4RY-ltyYg0D52NnwSAGlIW56cGN9T5DK1020tmA&ext_cid=627853&px_id=55418776&min_cpm=0.018063654755487685&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.005869426814158176&cpm=0&verify_hash=b1640749ad82338ce17776ef9fdbfc1c&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=20422f7a-0601-4e5d-9b4a-2428d0012eb0&prev_step_diff=1013

157.90.84.246

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYbOcTcMGODxpgWOGDgyNGCBo4xZFrkoBFDRgsxNXLEIGNGTJgcZWzUEOFwjBuFOmLkUOkwTJ0xGGfUwEGDhg0YLnXGoDEjxw0cN2IQFSEmDZmoU6tezRpja9evYccatLNQxgyrOBzCqSNmogyrNprCuahjxlcZDUXMgSNRB9ecNqg6LIOHzpfFjUXUqEET7A0bY8e0IWwDMY4aM5ryXJhYjBs3Cw3HmCFUhsM2bjw6pqHSdkbcusPCuOqwjlgdA-lYnKPjxYszb1zgDrO4jYsxb9q8mNMmjByLG1-UGVNDDEiSY2CEDTNjjBkydsPQMLM1zI0ZZVLaGENDjNUw7wF1XxjDGeRfGTLYUNJmZJBxQ1hmmPFDHXMglAQZPdwAQw4AjjEDDmWgZkYZON2Hgww52GAGVzjgYMYYN9Rwg0gynjhTDWTYEEYNZbw3Yn5i5LfZGDjYAB8ZMMTARR0wwJBgG2W0EaQcF_bghgxUJGFFDHPgQQYSMNGAxhJGIFGHEmLYEYQZa8wgFWBVSZUiVXd9ZkMMZdRBBVg1tKAHEXMgccYaQWiRxhtMkDEHG3GMccQRedBhRBFqsJHHGjCoYcMVTZgBgxtEPGGFE2jIcUMYTEQhRRowPJHHEzPcIQMeMUBxgxE2uGEGFWboMQYbTtAghxFLnIGVEojRIYUdbEBRRBKIQvGEEkWMMYQSNlTBRhhGiOoEFkIEYccVNhAhBgxfnFFFEkRIUUUaSzaZ4Bxv1CHHGGVU-dicNMTrpA1wyNDDSi165W-CcMTQgxNPHAzwDD2MRUZ2GNmhBh4YX0dxUWE0tsUMMXSh170LweBCk8MVBUcbX8BBsg4m0-aQHHYQxttkY6xcsguBiVBHHWlg1JZQqFVFw1hpECaCTi4s5QINMrgQA2dj1REGRk28oUcabGz7Qg0ng4ACFm3tAAITabhRBx4g4FHkFyWZTbMOKZ6cAghHjLfGGy_IkGSTMSQJghFpyNHjG3i8UDcMoUGFHMNjvSHHF2M4LgLkDrFheRFOSFyGHV8YzsZEMn5FW0owzHwGbDrIMFViB4EuhhwLtehQ7F-08cZZrRdJkQhkyPFGbA69gZRvLiOex0I1ODQHzRgJT0fHkrdQhxtp0NFCTS6QAWPkz9PVeg1_nRaWS7dbftAX3t8wFh1tTBQWakoVmZoI8Msg_9Qg52B_4L8zSOjKsJgvdGx_9POfDe73OQOyASF0QMrHaiCyh4ghMwcxg1PYIBG9aK5kRdENDPqggIAA%2526s%253D4c2ebbf8c60adc180553516df2f1f3b14184895db82f30281d86fb9fdea9b7c21715319863%2526ev%253D0.005146466209652459&icons=ERKxRKIjeRhxmPYi7f728sMohmdL4dwr7hMIdUI9ioFuFDx2LsoS4suGOfXaRoj4xH-SkwnnvF5qOGZ1lYxVI3cO8QIgT8DyXvgQxEdzgGnrdWQIwDlr1YSyDGeOWJ6bJT5TnxgTuMg4RY-ltyYg0D52NnwSAGlIW56cGN9T5DK1020tmA&ext_cid=627853&px_id=55418776&min_cpm=0.018063654755487685&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.005869426814158176&cpm=0&verify_hash=b1640749ad82338ce17776ef9fdbfc1c&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=20422f7a-0601-4e5d-9b4a-2428d0012eb0&prev_step_diff=1013
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fe%2FuJ3Rj9WxJVG&refdom=poop.com.co&auction_time=1715319863&subid=388464194&sid=116553444&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=63.519729905953874&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fe%252FuJ3Rj9WxJVG%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=3713652&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fr-eu.tsyndicate.com%252Fdo2%252Fdirect%253Fc%253DAPeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYbOcTcMGODxpgWOGDgyNGCBo4xZFrkoBFDRgsxNXLEIGNGTJgcZWzUEOFwjBuFOmLkUOkwTJ0xGGfUwEGDhg0YLnXGoDEjxw0cN2IQFSEmDZmoU6tezRpja9evYccatLNQxgyrOBzCqSNmogyrNprCuahjxlcZDUXMgSNRB9ecNqg6LIOHzpfFjUXUqEET7A0bY8e0IWwDMY4aM5ryXJhYjBs3Cw3HmCFUhsM2bjw6pqHSdkbcusPCuOqwjlgdA-lYnKPjxYszb1zgDrO4jYsxb9q8mNMmjByLG1-UGVNDDEiSY2CEDTNjjBkydsPQMLM1zI0ZZVLaGENDjNUw7wF1XxjDGeRfGTLYUNJmZJBxQ1hmmPFDHXMglAQZPdwAQw4AjjEDDmWgZkYZON2Hgww52GAGVzjgYMYYN9Rwg0gynjhTDWTYEEYNZbw3Yn5i5LfZGDjYAB8ZMMTARR0wwJBgG2W0EaQcF_bghgxUJGFFDHPgQQYSMNGAxhJGIFGHEmLYEYQZa8wgFWBVSZUiVXd9ZkMMZdRBBVg1tKAHEXMgccYaQWiRxhtMkDEHG3GMccQRedBhRBFqsJHHGjCoYcMVTZgBgxtEPGGFE2jIcUMYTEQhRRowPJHHEzPcIQMeMUBxgxE2uGEGFWboMQYbTtAghxFLnIGVEojRIYUdbEBRRBKIQvGEEkWMMYQSNlTBRhhGiOoEFkIEYccVNhAhBgxfnFFFEkRIUUUaSzaZ4Bxv1CHHGGVU-dicNMTrpA1wyNDDSi165W-CcMTQgxNPHAzwDD2MRUZ2GNmhBh4YX0dxUWE0tsUMMXSh170LweBCk8MVBUcbX8BBsg4m0-aQHHYQxttkY6xcsguBiVBHHWlg1JZQqFVFw1hpECaCTi4s5QINMrgQA2dj1REGRk28oUcabGz7Qg0ng4ACFm3tAAITabhRBx4g4FHkFyWZTbMOKZ6cAghHjLfGGy_IkGSTMSQJghFpyNHjG3i8UDcMoUGFHMNjvSHHF2M4LgLkDrFheRFOSFyGHV8YzsZEMn5FW0owzHwGbDrIMFViB4EuhhwLtehQ7F-08cZZrRdJkQhkyPFGbA69gZRvLiOex0I1ODQHzRgJT0fHkrdQhxtp0NFCTS6QAWPkz9PVeg1_nRaWS7dbftAX3t8wFh1tTBQWakoVmZoI8Msg_9Qg52B_4L8zSOjKsJgvdGx_9POfDe73OQOyASF0QMrHaiCyh4ghMwcxg1PYIBG9aK5kRdENDPqggIAA%2526s%253D4c2ebbf8c60adc180553516df2f1f3b14184895db82f30281d86fb9fdea9b7c21715319863%2526ev%253D0.005146466209652459&icons=ERKxRKIjeRhxmPYi7f728sMohmdL4dwr7hMIdUI9ioFuFDx2LsoS4suGOfXaRoj4xH-SkwnnvF5qOGZ1lYxVI3cO8QIgT8DyXvgQxEdzgGnrdWQIwDlr1YSyDGeOWJ6bJT5TnxgTuMg4RY-ltyYg0D52NnwSAGlIW56cGN9T5DK1020tmA&ext_cid=627853&px_id=55418776&min_cpm=0.018063654755487685&out_id=1&campaign_type=lq-pop&aid=142&cid=14340&uniq=&mid=3584460489114397871&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.005869426814158176&cpm=0&verify_hash=b1640749ad82338ce17776ef9fdbfc1c&is_native=2&real_bid=0.0002497679901123048&original_bid_usd=0.00035999999999999997&original_bid=0.00035999999999999997&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00035999999999999997&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000035999999999999994&ext_campaign_id_str=627853&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=20422f7a-0601-4e5d-9b4a-2428d0012eb0&prev_step_diff=1013 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 05:44:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js

45.133.44.52

200 OK

101 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type

Size
101 kB (100855 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d0b44a3b286234a6547fbc3559b62bad.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Fri, 10 May 2024 05:49:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

meenetiy.com/?rb=8HWB_naMWAXDQKCOzdE0TW8GiUf-KsZFW4ommZqSSmL6ivB3DzI_1iSFqZ-o1SuxMDHzEtxsLiO1WYzE-POQEwPEh3jG05KhQLHNdnGDadBo_5sM1_pLRWzUEFfS2vDEIvqveYXSOK1GC9fvV0LYFr9QJbkKVv2uZmKcZAdq5WsoGz8sHOqhLq3ElLKF5vhIvhapTGhhX-GEZX1XQkAO3cJhM3B9EduiDestxYIoabhL1RPXQAuWH-CgtYdt-FQjYUH0GTO53gg%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DZgLlabyz7oY&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F47564a7857396a52334a75&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=2102b2d2-5f6b-4b97-8e6a-bb0748473354&userId=080058c1e50941ddf5546c075be8ce81&m=link

139.45.197.245

200 OK

2.8 kB

URL GET HTTP/2
meenetiy.com/?rb=8HWB_naMWAXDQKCOzdE0TW8GiUf-KsZFW4ommZqSSmL6ivB3DzI_1iSFqZ-o1SuxMDHzEtxsLiO1WYzE-POQEwPEh3jG05KhQLHNdnGDadBo_5sM1_pLRWzUEFfS2vDEIvqveYXSOK1GC9fvV0LYFr9QJbkKVv2uZmKcZAdq5WsoGz8sHOqhLq3ElLKF5vhIvhapTGhhX-GEZX1XQkAO3cJhM3B9EduiDestxYIoabhL1RPXQAuWH-CgtYdt-FQjYUH0GTO53gg%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DZgLlabyz7oY&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F47564a7857396a52334a75&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=2102b2d2-5f6b-4b97-8e6a-bb0748473354&userId=080058c1e50941ddf5546c075be8ce81&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2872), with no line terminators
Size
2.8 kB (2842 bytes)
Hash
5ca9acb6f1b4bd42e072f41ccd7c7c97
103d8c3353831cbda52ca9374f6c8bb1f9fbc91c
b7b1dc0ed5672dac03fa3065453f04fd3b7f83a86ecfa0d5ac88d0b4ef860664

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=8HWB_naMWAXDQKCOzdE0TW8GiUf-KsZFW4ommZqSSmL6ivB3DzI_1iSFqZ-o1SuxMDHzEtxsLiO1WYzE-POQEwPEh3jG05KhQLHNdnGDadBo_5sM1_pLRWzUEFfS2vDEIvqveYXSOK1GC9fvV0LYFr9QJbkKVv2uZmKcZAdq5WsoGz8sHOqhLq3ElLKF5vhIvhapTGhhX-GEZX1XQkAO3cJhM3B9EduiDestxYIoabhL1RPXQAuWH-CgtYdt-FQjYUH0GTO53gg%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DZgLlabyz7oY&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F47564a7857396a52334a75&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=2102b2d2-5f6b-4b97-8e6a-bb0748473354&userId=080058c1e50941ddf5546c075be8ce81&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=080058c1e50941ddf5546c075be8ce81; oaidts=1715319863; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/json
x-trace-id: db0b82d1ffc5ee2b6720b3fd40522eff
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=080058c1e50941ddf5546c075be8ce81; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
oaidts=1715319863; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 05:44:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

storage.multstorage.com/log/count.html

172.67.174.51

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
172.67.174.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 7287d1eb492dabe3e37d61dee4390942
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJlu1cPzemrfv2vaBisXODohD0Wz23zWYxm84DO7fR5GjpJWtXlHEGlAkaqqLJ7388EN%2B%2BVEaYOdXBC6p9wctV8gh%2BFxnrRStf%2ByLpR4NsblTuDQMwTIdxXugVWhU8LzppsbynxgzWjLrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df4aa035695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/embed.css

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Fri, 10 May 2024 06:44:13 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 39610
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zF%2Fw%2BbLQSGMCarQv6jj%2BQRBFIjyeyqf0ffyUs0MFuRLfAws8I54dIQl5YM3Dau80o2ocVLAbeNeW3VEpMVY6m8iKl28QMMI%2BlhkOeNrvBvwC4B6EvLrXpInnPSeAHPGG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179dfa8da30b69-OSL
alt-svc: h3=":443"; ma=86400

metrolagu.cam/play.svg

188.114.96.1

200 OK

633 B

URL GET HTTP/3
metrolagu.cam/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=nanti+kita+seperti+ini
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4678
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kh9mzSjH9Er2KT3%2B13qKimhZEu6bcLsHPQKWEwex00XtD1rwjFRZEpept9BDHBJw4K5WnPW2qG011ciwWnrUlWSxwpiXiXmwZl7a%2FJz10GA%2F7qhvFcxBkkEQbDswvW7c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179dfb4e190b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.25

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 10 May 2025 05:44:23 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzXgwqQp-MXnNwYRtNBvUpcc03E4NsWzWsahIUpn5in-ta0xfDY3WRsrlKVOGi9cI-am5PXDg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-83268489%3A1715319863969426&theme=mn&ddm=0

74.125.131.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzXgwqQp-MXnNwYRtNBvUpcc03E4NsWzWsahIUpn5in-ta0xfDY3WRsrlKVOGi9cI-am5PXDg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-83268489%3A1715319863969426&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A
ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzXgwqQp-MXnNwYRtNBvUpcc03E4NsWzWsahIUpn5in-ta0xfDY3WRsrlKVOGi9cI-am5PXDg&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-83268489%3A1715319863969426&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 05:44:24 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-gRXwWGuOqHkB4A6VHU0w8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

meenetiy.com/5/6678850

139.45.197.245

200 OK

90 kB

URL GET HTTP/2
meenetiy.com/5/6678850
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (90456 bytes)
Hash
d9532df08ddaf40b95ead2db288554d2
70f5f8b1ed47a3bf0a51c152c55a6e0bb308942a
54b064820fe14f703b0c5d578c57e1d99686ed1992d980b1a3561b5e307faf00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:44:23 GMT
content-type: application/javascript
x-trace-id: ec24e3344f9818baf8a1c8a39c80b397
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805826bf064789ef5f2ae5de3dbc17; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
oaidts=1715319863; expires=Sat, 10 May 2025 05:44:23 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

metrolagu.cam/video?q=nanti+kita+seperti+ini

188.114.96.1

200 OK

6.9 kB

URL POST HTTP/3
metrolagu.cam/video?q=nanti+kita+seperti+ini
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=ZgLlabyz7oY
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with very long lines (7006), with no line terminators
Size
6.9 kB (6917 bytes)
Hash
733ece549036eaf30b658ccdfa88c023
2bf283a2a93e185c40eae66c0bed4cfcc51b7821
07d337620037ccbe4b41cf62dc79ed9e96c98f61f094c51ef8ebd3cf49bde360

HTTP Headers

POST /video?q=nanti+kita+seperti+ini HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/47564a7857396a52334a75
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 05:44:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcO2hu%2FShL7pdZYuTBU%2BhBb45YVB25gbxD46B3C2AoJLxettAx5wAt9afid0ONsVvbcm%2F79tUMQ738lZx2b%2Bv8I6jtUuVsFcG7mLtCldAO3me99MNpyEgcfztgcNKJnO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88179df97d0d0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=a

45.133.44.52

200 OK

3.3 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=a
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators
Size
3.3 kB (3257 bytes)
Hash
4e43ba907ce8b3aba9a64c979561fbab
36bd9da80fa9a461e7c290d739332f043128c9ff
b9642fa97b1450f7acf5724a26d407750419c5be54bf5dabe235558b0ac6da1a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=a HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 10 May 2024 05:49:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /923e52a9407423e98fa8942070686998.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 10 May 2024 05:49:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js

45.133.44.52

200 OK

169 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/e/uJ3Rj9WxJVG
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /224c45cd8fa094f3325f0efdcf8be0b4.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:22 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 10 May 2024 05:49:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML